Today we are launching Plixer 19.8. If you spend your day in a NOC or a SOC, you have noticed the same thing we have: your team has standardized on an AI tool it trusts, and that tool has never been able to see the network. Now it can. Plixer 19.8 is available now to all Plixer Scrutinizer and Plixer One customers at no additional charge.
The Gap That Has Been Slowing Teams Down
Most network and security teams are in the same spot: they have an AI assistant they rely on, and a platform like Plixer sitting on top of the richest operational record they have. The flow record holds every conversation, every host pair, every timing anomaly. But getting the AI to that record has meant leaving one tool, logging into another, pulling a report by hand, and carrying the answer back.
That gap, between the AI the team trusts and the data that would answer the question, is where investigations slow down. It is where threats have room to move while analysts switch contexts.
19.8 closes that gap. It does it in three places worth walking through.
Point Your Own AI at the Flow Record
The headline feature in 19.8 is the Scrutinizer MCP server. MCP is the open standard Anthropic introduced and the broader ecosystem adopted. Any MCP-compatible AI tool, such as Claude, ChatGPT, or your agentic SOC or NOC platform, can now point directly at Plixer's full investigative engine, with no separate data pipeline and no additional probes.
Through that connection, an external agent can run flow reports, resolve plain-language names to the interfaces behind them, pivot to top talkers, browse and acknowledge alarms, tune detections, trigger targeted packet captures, and open Collections, all under the team's existing Plixer permissions and all governed: authenticated, logged, rate-limited, and scoped to data the user is already authorized to see.
The answers come from the actual flow record, not from a model's best guess about what might be happening on the network.
This is hard for anyone else to copy. A closed-AI NDR structurally cannot ship this capability. Their value proposition is the proprietary AI. That means they cannot offer "bring your own model and point it at our record" without dismantling their core differentiation. We can ship it because Plixer's value has always been the record itself and the investigative engine on top of it, not a locked AI layer. That is a deliberate architectural choice, and 19.8 is where it becomes a concrete capability.
For Teams That Want Plixer to Run the Investigation
Not every team wants to pipe data to an external tool. Some prefer to stay in the platform. 19.8 ships Plixer AI for those teams: investigation agents that do the same work inside Plixer directly.
AI Insights handles the daily alarm triage that consumes so much analyst time in both SOC and NOC environments. It watches the day's alarms, correlates the related flows, builds the attack or incident timeline, names the likely cause, and ranks incidents by observed risk and impact. Analysts start with the investigation already run and the evidence already attached, rather than a raw alarm list that needs to be interpreted from scratch.
The AI Assistant extends that capability on demand. Direct it at an alarm in plain English and it pulls historical activity, correlates related hosts and interfaces, builds the incident brief and timeline, and runs the response playbook from the team's own runbooks and policies. It holds context across follow-up questions, which matters when an investigation needs to go somewhere unexpected.
Under Plixer's governance controls, Plixer AI can take an allowlisted action the analyst approves, never an autonomous one. Every recommendation traces back to the flows behind it, which means analysts confirm the call instead of trusting it. That traceability also matters when a board or an auditor asks how you know what you know.
Forensic Reach That Matches the Threat Environment
19.8 also adds extended flow history: multi-tier flow storage with configurable retention set at the individual exporter level, combined with host indexing (one year by default, extendable for longer retention) that keeps the record searchable long after flows would have aged out of other tools.
The investigative reach this opens up is not abstract. Trace a performance regression back to the night the route changed. Scope an incident to the hosts involved before the alarm ever fired. Pull a host's first-and-last-seen and every peer it communicated with across months of history, without needing a SIEM export. Plixer monitors storage health continuously and runs data expiration automatically, so teams do not manage this manually.
An investigation is only as good as the history behind it. This gives analysts the depth to ask questions that used to require a separate archive or a long wait on a data team.
Why This Release, Why Now
We have watched AI tooling move fast over the past two years. Most network and security teams have found an AI tool they trust and built a workflow around it. Those workflows still hit a wall the moment the question is about the network specifically.
19.8 is built to remove that wall. The flow data your network already produces from routers, switches, firewalls, and cloud connectors is the most complete record of what is happening on the infrastructure. It should be accessible to whatever AI your team is running, not siloed behind a separate login in a separate platform.
We also have customers operating in environments where the threat timeline has compressed. The window between a vulnerability disclosure and active exploitation used to be weeks. In many cases today it is minutes. Investigations that relied on manual report-pulling and context-switching between tools were already slow relative to what the threat environment required. They are slower still now. The combination of MCP integration and in-platform AI agents in 19.8 is directly aimed at that problem.
If you are thinking about how agentic AI workloads affect your network visibility posture, our post on monitoring and investigating agentic network traffic covers what makes agent-generated flows behaviorally different from human traffic and where conventional monitoring approaches break down: How to Monitor and Investigate Agentic Network Traffic
Available Now
Plixer 19.8 is generally available now to all Plixer Scrutinizer and Plixer One customers at no additional charge. You can access it through the standard platform update process.
If you want to see the MCP connection and the investigation agents in action against real flow data, we have a product tour that walks through how an investigation runs from start to finish in the new environment.
Key Takeaways
Three capabilities in 19.8 address the gap between where AI tools operate and where the network data lives:
- The Scrutinizer MCP server lets any MCP-compatible AI tool point directly at Plixer's investigative engine, running flow reports, pivoting on alarms, and triggering captures without leaving the AI environment the team already uses.
- Plixer AI ships two in-platform agents: AI Insights for daily alarm triage with ranked incidents and evidence attached, and the AI Assistant for on-demand investigation in plain English. Every recommendation traces back to the flows behind it.
- Extended flow history adds multi-tier storage with configurable retention by exporter and host indexing that runs one year or more, giving investigations the forensic depth to reach back before an alarm fired.
- All of this runs on the flow data your network already produces. No new sensors, no separate data pipelines, no additional charge for existing customers.
- The governance model keeps analysts in control: Plixer AI can act on an allowlisted action the analyst approves, and every output is explainable to an analyst, a board, or an auditor.