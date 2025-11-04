As CISOs face mounting pressures from boards, regulators, and attackers, survey finds that the future of MDR lies in transparency, existing stack fit and hybrid human + AI.

PALO ALTO, CA / ACCESS Newswire / November 4, 2025 / AirMDR today announced findings from a new research report titled "The New MDR Buying Criteria" that reveals Managed Detection & Response (MDR) buyers are moving decisively away from black-box MDR promises toward transparent, measurable results. This research comes at a time when there's a growing gap between AI adoption and confidence. The need for greater visibility, explainability, and control over AI-driven decisions drives this disconnect. CISOs today face mounting pressure: boards demand ROI from AI investments, regulators expect transparency, and attackers are moving at machine speed.

Skills and staffing gaps drive organizations to look for MDR services, but most MDRs still rely on manual approaches or attempts to retrofit AI. That is driving demand for hybrid AI + human MDR services that deliver clear, explainable outcomes - especially in high-stakes environments where decisions must be defensible to boards, auditors, and regulators. AirMDR's findings reflect this shift, with transparency and audit-ready evidence emerging as critical factors in how security leaders evaluate and trust MDR providers.

"Security leaders are done with hearing AI providers blindly asking for trust," said Kumar Saurabh, CEO and co-founder at AirMDR. "They want transparency they can defend to boards and auditors: timelines, citations, approvals - a clear, evidence-backed case for each investigation that's easy to read and verify - delivered in minutes, using the tools they already have."

The survey shows a decisive shift toward audit-ready cases, minutes-fast investigations, and MDR that works with the tools customers already own - all delivered through a hybrid AI + human operating model with governed autonomy.

Key findings

Trust requires evidence. 85% say they're more likely to trust an MDR provider when every decision is documented - from alert and enrichment through actions, approvals, and closure (audit-ready by default).

Keep the stack. 77% want MDR that integrates with existing tools (EDR, SIEM, cloud, identity, ticketing, and collaboration platforms) - no rip-and-replace.

Hybrid AI + human is the desired operating model. 85% prefer AI + human where AI handles routine, high-confidence work; humans govern edge cases and sensitive actions with approvals and policy controls.

Results in minutes, not hours. 71% expect investigations to be completed in under 10 minutes - "minutes-fast" is the new baseline.

Mind the ops gaps. Many teams still investigate fewer than 30% of alerts, report more than 5 unattended hours per day, and track incidents in spreadsheets - evidence, speed, and stack-fit are what's needed to close these gaps.

The research offers a practical checklist for evaluations: sample case evidence, stack compatibility, hybrid governance - including confidence thresholds, approvals, change logs - and clear SLA definitions backed by recent performance data. To view the full research report, visit airmdr.com/mdr-research.

Methodology

AirMDR commissioned an independent survey and responses came from 260 cybersecurity leaders at mid-market (100-5,000 employees; 86%) and large enterprise (5,001+ employees; 14%) organizations. Survey takers spanned 15 industries, including: technology (computer software & hardware), business services, financial services, telecommunications, manufacturing, retail, and healthcare. Survey topics covered MDR selection criteria, operating expectations, and AI's role in scaling investigations.

About AirMDR

AirMDR offers an AI SOC platform and MDR service that combines agentic AI with human expertise to deliver minutes-fast alert investigations and transparent, audit-ready cases - all using the tools customers already have. Our MDR service is designed for lean security teams and provides 24/7 coverage, while our AI SOC platform supports MSSPs and Enterprise SOC teams looking to accelerate response and maintain consistent outcomes at scale. Learn more at https://airmdr.com/

