Southwest Airlines Picks Up Resolution Speed by 50% with GreyMatter Agentic AI
With 70,000 employees and handling nearly a trillion quarterly security events, Southwest Airlines faced a challenge familiar to many enterprise security teams: curbing fatigue amid an overwhelming torrent of alerts.
reduction in alert noise
faster resolution (MTTR)
MITRE ATT&CK coverage
Security Operations Reaches New Heights
The constant noise threatened to slow response times and steal focus from protecting its passengers and crew. By adopting the GreyMatter agentic AI security operations platform, Southwest Airlines achieved results that reshaped its team’s approach to security operations:
97% reduction in alert noise – Analysts now focus only on priority threats.
50% faster resolution (MTTR) – Incidents are resolved in half the time.
80% MITRE ATT&CK coverage – Reduced SIEM dependency while maintaining comprehensive visibility.
Driving Business Outcomes
“Leveraging GreyMatter agentic AI, we’ve been able to reduce noise in our environment by 97%. And I think that speaks for itself. It’s getting to the alerts quicker. We’ve also reduced our mean time to resolve by 50%,” Mills explained. “It’s freeing up our analysts to do the work that really protects our airline.”
Southwest also deployed detection at source, giving its team faster alerts, richer context, and lower costs by keeping unnecessary data out of SIEM storage.
As Mills added:
“At the end of the day, Southwest Airlines is just connecting people to what’s important in their lives… It’s exciting that the security operations center is enabling our business—helping us moving faster and allowing us to do more than ever before.”
Some of the challenges that we face are just how many alerts we’re getting and really trying to stay away from that alert fatigue, adversaries are using AI, so we’re going to have to use AI and automation as much as we can.Carrie Mills Chief Information Security Officer (CISO) at Southwest Airlines
Explore Other Resources
Learn How GreyMatter Measures and Improves Your Security Operations
The GreyMatter security operations platform removes duplicates and delivers unified detection content and coverage for high-fidelity, enriched alerts. GreyMatter enables your team to boost its efficiency, reduce burnout, and better manage risk.
