At Splunk .conf25, leaders highlighted a significant shift toward artificial intelligence (AI) agent-assisted operations, emphasizing how machine data and observability are becoming critical control planes for faster, safer decision-making across public sector SecOps, ITOps, and broader mission objectives.
Cisco President and Chief Product Officer Jeetu Patel positioned Splunk as “the machine data fabric for the AI era,” integrating Cisco’s new Data Fabric, an upcoming time-series foundation model, and an AI Canvas workspace to enable cross-domain response and more trustworthy AI. Splunk executives and users underscored a unified message: Implement robust oversight for AI, bring Splunk’s capabilities directly to where data resides, and leverage intelligent agents to reduce operational burden while maintaining human control.
Key insights for public sector leaders:
- Moving from chatbots to intelligent agents: The “second era of AI” focuses on automating complex workflows beyond individual productivity, Patel said. Cisco and Splunk address infrastructure limitations, trust concerns, and data gaps by providing networking and data-center infrastructure, AI observability, and a platform that enables AI to interpret machine data. This includes federating data from sources like Amazon S3 to Snowflake (with an alpha in February 2026), allowing agencies to enrich business context with Splunk telemetry without massive data migrations. A live demonstration showcased AI Canvas orchestrating an end-to-end insider threat investigation, generating a comprehensive report – an example of agentic operations spanning ITOps, SecOps, and NetOps, Splunk emphasized.
- Elevating critical signals over noise: Real-time visibility and risk-based analytics are transforming operational outcomes. The U.K. Royal Air Force, for instance, integrated network data into Splunk and deployed IT Service Intelligence (ITSI), replacing static daily reports with a live dashboard. This resulted in a five-fold acceleration in mean time to detection, consolidation of seven systems into one, and a significant reduction in tickets and calls as faults were resolved proactively. Insider threat discussions at .conf25 emphasized the importance of early detection of weak signals, with Splunk’s Enterprise Security solution proving effective in identifying subtle behavioral deviations. In addition, user behavior analytics (UBA) also extends to addressing safety risks, as demonstrated by its role in preventing a potential self-harm incident.
- Empowering state, local, and education operations: Public sector leaders showcased tangible successes in fraud prevention and cybersecurity workforce development. New Jersey’s Labor Department implemented a Splunk-based fraud dashboard, automating mainframe checks and utilizing risk-based alerting, leading to initial daily savings in the “tens, probably hundreds of thousands” and nearly $8 billion to date, according to department CIO Joe Beck. Furthermore, institutions such as Louisiana State University (LSU) and the New Jersey Institute of Technology (NJIT) successfully integrated students into 24/7 Security Operations Centers (SOCs), providing invaluable real-world experience, lowering operational costs, and building a skilled cybersecurity pipeline. Alaska Airlines’ justification for Splunk’s observability platform, which directly linked outages to lost revenue and safety risks, offered a valuable lesson for any agency delivering critical services.
Next steps for agencies and partners include:
- Federate, don’t migrate: Prioritize high-value questions by joining business context with telemetry through distributed queries, preparing for Snowflake federation testing in early 2026
- Instrument AI as a critical service: Integrate agent observability – including quality, drift, and token economics – into service level objectives and incident response processes
- Operationalize risk-based narratives: Combine live service health data with UBA-driven indicators to ensure leadership identifies minor anomalies before they escalate into major incidents
- Cultivate the talent pipeline: Explore student-professional staffing models for SOCs to optimize budgets and accelerate hiring
By establishing robust AI guardrails, bringing search capabilities directly to data sources, and effectively translating data noise into actionable decisions, public sector agencies can significantly accelerate incident detection, demonstrate clear business value, and enhance overall resilience for greater mission impact.