Booz Allen has decades of experience building and operating mission critical IT systems at scale. We know incidents are inevitable, and fast resolution is essential. We've lived through 3 AM server crashes  and cascading failures from seemingly minor issues. When things break, engineers spend precious time piecing together clues across dozens of different systems. Even the most experienced operations team can struggle with this complexity. At Booz Allen, we're investing in Agentic AI technology that cuts through the complexity for IT operations. We developed a multiagent system that autonomously triages, validates, investigates, and provides resolution steps the moment an incident ticket is filed.

Let's take a look at an incident where an AWS node hosting an application goes down,  taking down our application. What you're going to see is a multiagent system consisting of a supervisor agent and four more-specialized agents. Our supervisor is going to formulate a plan for addressing the reported failure, task the specialized agents to investigate, and ultimately create an assessment to share with the engineering team. Now, in production, all of this would occur under the hood, but we've created a front-end to observe how the agents are working. The first thing that happens is our supervisor agent sees that a ticket has been filed. It immediately formulates a plan and moves out by tasking a contextualization agent to provide more details about the issue and affected system. Our contextualization agent retrieves the requested information using a suite of tools.

The result is a contextually rich report with key information about the affected app and the issue reported. That information is handed back to our supervisor agent, which continues with its plan. The next step is to task a network investigation agent to perform a technical investigation of the affected app, beginning with network checks. The agent reaches out to our application, verifies that it's unreachable, and reports back to the supervisor. After checking network connectivity, the supervisor tasks an observability agent to investigate application logs and figure out what went wrong. As it parses the logs, the observability agent constructs a timeline of events and determines the root cause of the incident. As part of its investigation, the observability agent may access separate data stores to search for similar incidents.

If it finds one, it could leverage details of the past incident to inform its current investigation. This memory of past events means our agents can grow more intelligent over time. The supervisor agent sees this information and then invokes an evaluation agent to assess the impact of the incident and assign a priority. Finally, the supervisor summarizes all of the key findings for the engineering team and adds it all as a comment to the original ticket that kicked off the process. With Booz Allen's multiagent incident triage system, we can easily cut through system complexity and give engineers the information they need in a clear and concise format.

Our agents kick into action the moment an incident ticket hits the system, greatly accelerating response time, and with it, our mean time to resolution. It autonomously triages the issue, validates what's happening, investigates the root cause, and hands the team concrete resolution steps. Maybe the most exciting part of this is that our agents can learn. They get smarter with every incident – so engineers don't need to play detective anymore and can focus entirely on resolving issues. Users can be sure that their reported issues are getting attention immediately, and the enterprise can benefit from faster resolutions. 

Hi, I'm Andrew Savala, a software engineer specializing in agentic AI. Booz Allen has decades of experience and deep expertise supporting security and counterintelligence teams that keep our nation's institutions safe. When sensitive data shows up in public due to insider incidents, it's critical to identify the insider responsible and prevent any further exfiltration. Speed is of the essence. Security teams spend precious time tracking digital breadcrumbs across countless systems. Investigators have to manually correlate evidence from HR databases, access logs,  email systems, and web traffic data.

At Booz Allen, we've developed a  Multiagent Insider Threat Investigation solution  to speed through the toil for security investigation teams. The system responds to natural language prompts from investigators, automatically executes complex workflows to correlate data, and uncovers critical insights within minutes rather than hours or days. Let's take a look at a scenario where we're investigating a leak of sensitive documents that the security team has traced back to a secure facility. What you're going to see is a multiagent system consisting of specialized agents that work together. I'll begin at our dashboard, which shows several live data sources, including HR databases, access control systems, web traffic logs, and email communications. We have multiple agents in our system, including a planner, investigator, reporter, along with MCP servers for data integration. I'll start by looking at the last two months of access logs to Lab 4 where the leak originated. Our agents get right to work, querying access control databases, and in seconds provide the answer. 55 employees accessed Lab 4 during that time frame.

Our orchestrator agent analyzed the prompt and organized a team of specialized agents, our planner decomposed the requests into actionable subtasks, our investigator identified and queried the right database, and our reporter compiled the results. But we need more than just a number. Let's create detailed profiles for each of these employees and add them to our watchlist. Now our system showcases its real power. It pulls data from HR databases, security clearance systems, and department records. In minutes, we have detailed profiles for all suspects, something that would traditionally require analysts to visit multiple legacy systems individually and manually compile the information across hours of work. But here's where the investigation gets interesting. The leaked images were posted to a specific tech blog. Since our organization logs web traffic, I can cross-reference our suspects with their browsing history. Our agents uncover a critical insight. Several employees visited that exact site, with one employee who visited multiple times standing out from the rest.

With our primary suspect identified. I'll now conduct a comprehensive email analysis. Our system analyzes thousands of emails and provides a comprehensive threat assessment with specific examples, and recommended actions. With that, we've completed an investigation of many potential suspects and created actionable intelligence on a specific threat in minutes – all through natural language prompts. And throughout the investigation, the system kept an audit trail, ensuring that all required logging and compliance documentation is captured. With Booz Allen's Multiagent Insider Threat Investigation solution, investigators are equipped with a team of agents that automatically pull data from disparate data sources and rapidly deliver comprehensive assessments. Whether casting a wide net to identify a large set of suspects or diving deep into a specific investigation target, our agents cut through complexity and toil. Investigators remain in full control, and organizations benefit from faster threat insights, all powered by AI. 

Booz Allen has been supporting national security and defense missions that safeguard our nation's interests for decades. We understand the high stakes, the complex workflows, and the need for precision and mission execution to meet the needs of these missions. We're developing Agentic AI solutions that cut through complexity for our Defense and National Security customers. At Booz Allen, we've developed  a high impact, Agenetic AI solution  to transform mission management  for intelligence collection. The way intel collection is done today involves a lot of manual steps to correlate data from multiple sources, coordinate physical resources and assets, and consider competing requirements to ensure  timely and accurate information delivery. Our agentic mission management solution alleviates these burdens. What you're going to see is a multi-agent system that rapidly provides context to analysts, creates and modifies new collection plans based on sensor availability, and tasks sensors based on finalized plans. Humans are in the loop each step, interacting with the system in natural language. Let's take a look. Our analyst received a requirement to monitor a supply route. The analyst has several sensors already aligned to that task. If the analyst wants more context on the ask and available sensors, she can chat with the system agent to learn more. The system agent is able to ingest the chat, as well as all the information that analyst is seeing in the user interface. Each sensor is represented by an agent that understand that sensor’s capabilities, configuration, availability, and suitability to a particular task. The system agent queries all the different sensor agents to understand their status and relationship to this specific task. It provides a summary of the surveillance plan highlighting availability and active sensors. Now, the analyst is ready to dive more deeply into the surveillance plan and work with the system agent to optimize it. The analyst asks for the recommendation on which sensors would make most sense to add to this surveillance plan. The system works with a sensor management agent to query each individual sensor agent. The agents work together to determine which sensors are available for this task, and identify the value they provide to the plan. This step is key to unlocking scalability and speed. Rather than having to remember details about each sensor or manually refer to a catalog of sensors, a single analyst can work through agents to manage the exponentially increasing numbers of sensors and satellites. After the agents confer, the system agent recommends a collection plan for monitoring the supply route. Now the analyst has reviewed the recommendation, made any necessary adjustments, and is ready to finalize the plan. She asks the assistant agent to task the relevant sensors with the collection plan. The system agent coordinates with the sensor agents to schedule the tasks, ensuring the existing priorities and tasks are accounted for. Booz Allen’s agentic AI solution for mission management equips analysts with a powerful multi-agent tool that automates data integration from diverse sources and swiftly delivers actionable insights. Whether optimizing satellite tasking operations or diving deep into detailed surveillance activities, our solutions cut through complexity, enhances efficiency, and gives defense and intelligence analysts the tools they need to stay ahead in an increasingly complex mission space.