A version of the following blog post edited for length appears on the AWS Newsroom.
IT security teams are overloaded. Between surging data volumes, an endless stream of cloud security alerts, and rising threats from AI-enabled hacker tools, many IT admins admit to fatigue. Rapid7 is responding by embedding AI into every part of its Command Platform, giving teams a faster way to triage alerts and reduce cyber risk.
Amazon Nova, a new generation of foundation models in Amazon Bedrock, plays a key role in those efforts. Nova models provide fast, efficient AI that is easy to integrate with existing systems, making AI more accessible while keeping cloud environments secure. Nova’s performance and efficiency allow Rapid7 to build and deploy agentic AI workflows, from investigation to response, on infrastructure that supports real-time decisioning at scale. Rapid7’s agentic AI workflows, which were trained by their own SOC and are now part of their product, help teams close benign alerts with 99.93% accuracy and saves 200+ Rapid 7 SOC hours per week.
AWS sat down with Laura Grace Ellis, Vice President of Data and AI at Rapid7, to discuss how her team is leveraging Nova, what they have learned so far, and what is next.
Q: You’ve called yourself a “data nerd.” How does that shape Rapid7 product development?
My team is responsible for the creation and management of all centralized data pipelines, from the initial ingestion of data to its processing and making it available for use within our products. Data is the foundation for everything we build. It’s the lifeblood of our products. Any product we make is going to have its own systems to ingest, store, and make data available for experiences. My team is responsible for delivering the components which make that possible. And we ensure there’s a centralized way of accessing that data, which is critical for cybersecurity. For example, when there’s an active threat, you need to understand the 360-degree view of information associated with an asset, and that starts with having access to centralized data. So, that’s our focus.
Q: How would you describe Rapid7’s overall vision for AI in cybersecurity?
At the highest level, our mission has not changed: We protect our customers’ attack surface. What AI has done is expand that surface in new ways. Models themselves can leak data or be attacked, so there is an entirely new category of risks we need to help customers manage. At the same time, we need to leverage AI to strengthen our own products because threat actors are doing the same. We need to use AI to make our products faster and more effective, while putting in place the guardrails that ensure trust and security.
Q: How do Nova models fit into that strategy?
My team has experimented and deployed a wide range of models, from traditional ML algorithms to LLMs via Amazon Bedrock. We use a variety of models to build AI features across our platform, always going back to our focus on keeping humans at the helm and building the right AI tools to deliver the right impact and value for customers. Our team frequently turns to Nova when building tools because of its accuracy, fast response times and scalability. If a use case fits, we try Nova as one of our first models. Latency, throughput, and cost are critical for our production workloads, and Nova has given us reliability and price predictability without tradeoffs in scale. And because it is within AWS, it is already inside our secure trust boundary, which strengthens how we safeguard the data our customers entrust to us. We can enforce clean boundary controls, maintain auditability, and configure region-specific trust zones without building complex wrappers ourselves.
Q: What have you learned by applying Nova in real workflows for analysts?
One of our priorities is enhancing the analyst experience, whether that is within our SaaS products, such as our next-gen SIEM, Incident Command, or in our managed SOC (Security Operations Center). Analysts face an overwhelming volume of alerts every day. With Nova, we can remove noise, prioritize the most likely malicious alerts, and even launch agentic workflows that begin investigations automatically. For example, our Agentic AI Alert Investigations and AI-powered LEQL query generation help analysts work through threats in real time. We also use AI to draft incident reports or generate queries in plain English, which is a huge time saver for our teams.
Q: How has your partnership with AWS influenced your AI work?
What makes AWS such a strong partner is the combination of cutting-edge technology and the people behind it. On the tech side, AWS has the scale, regions, and secure trust boundaries we need. If there is a LLM we are interested in, it is usually there. On the people side, they are true partners. Ahead of rolling out Nova as part of our testing process, we worked with the Nova team to deploy a custom model specifically suited to our needs. When we rolled out Nova, their team monitored our costs and performance and even helped us secure extra capacity when we needed it. They are proactive with roadmap guidance and quick to jump in when we hit edge cases. That kind of support makes an enormous difference.
Q: How do you prepare your teams for AI adoption?
My team has taken a bold approach. Everyone on my engineering team received licenses for AI coding assistants like GitHub Copilot and AWS CodeWhisperer, with the expectation to incorporate these tools into their work. We tracked adoption and followed up with enablement through resources, open mic sessions, training, and certifications. It was a mix of pushing people into the deep end and then teaching them how to swim.
Just as important, we’ve worked to build an internal AI community, posting regularly in Slack, spotlighting users, and creating spaces for shared learning. Adoption isn’t automatic; you must feed it and nurture it.
Q: Looking ahead, where do you see Rapid7’s AI journey going, especially with agentic AI?
We already have a variety of agentic AI, generative AI and ML experiences in production and widely used by customers today. Our recent release of agentic AI assisted alert triage begins with our agent evaluating the alert, building a plan, executing steps such as pulling in more data or taking an action, and iterating as needed. We clearly show this is an AI-assisted experience, and we expose the data and reasoning behind each step for full transparency and explainability. Our agent reasons through the process and recommends next steps, while bringing the final decision back to the human at the helm. The future is expanding into exposure management and remediation, where agentic AI can automatically patch vulnerabilities or kick off workflows based on real-time analysis. That evolution aligns with what we’ve been hearing from customers. They’ve gone from relying on AI chatbots for research and recommendations to wanting AI agents that will do things for them. That’s where Rapid7 is headed with AI.
