Kentik has presented today a new agentic feature named AI Advisor that shifts network observability away from question-and-answer assistants and towards genuinely autonomous investigation assistants. Released November 18, the feature expands on the existing natural-language features of Kentik and adds multi-step reasoning and stronger context awareness as well as validation guardrails such that engineers receive actionable, evidence-based advice, not just plausible-sounding text.
Turning Questions into Actionable Network Insights.
The initial genAI product of Kentik , Journeys, converted natural-language queries into single queries against telemetry stores: helpful, but step-based by nature. The engineers were forced to make each follow-up by hand – inquire about traffic, then investigate config changes independently, then compare times.
This transforms the workflow with AI Advisor. As opposed to individual requests, the new agent intends to investigate, execute the needed queries on the sources of telemetry within Kentik, correlate the findings, and present the results in a structured form (JSON) with the evidence and recommendations on what to do. Kentik Nodes Kentik CEO and cofounder Avi Freedman described it as more of a teammate – to reason about the network, plan, and act across telemetry domains to be reported back on what it discovers and what an engineer should do next.
The simplest user prompt like What could be the problem with this customer? now will automatically interrogate the traffic volumes, scan recent changes to the firewall or ACLs, investigate timing and topology as well as detect correlated events (e.g. did a rule change correlate with a drop in traffic?). The findings are accompanied by the underlying information to allow the engineers to confirm the diagnosis.
Extending Kentik’s Data Platform
Independent investigations necessitated the extension of the data model of the platform by Kentik. Correlation requires context beyond flows and metrics, with Kentik Data Engine already ingesting huge amounts of telemetry, on the order of one trillion data points per day of NetFlow, sFlow, device APIs, cloud APIs, and synthetic tests.
The addition of configuration tracking and topology modeling and relationship mapping made Kentik so the agent is able to respond to queries that connect time-series signals to network state. That is, the system can reason on whether a firewall rule had impacts on particular customer IPs or whether change in the values of an IGP metric has the potential to have changed routing decisions. In the background, a columnar store of historical data and a streaming database of real-time analysis are both based on a common query language, so that correlation between time windows of historical data and real-time analysis can be made without transferring data between separate systems.
Learning models, not learning customer data.
Instead of creating foundation models directly, Kentik uses commercial large language models and application engineering it to teach models to run within network workflows. The two training layers are to familiarize Kentik with the capabilities of the platform and its APIs in order that an LLM is aware of what tools it can invoke, and the logic of the workflow, which is the general sequence of investigative steps taken by experienced network engineers.
The customer base of Kentik gives a learning signal of workflow patterns (the company mentions 500 customers and more than 100,000 users as the sources of anonymized behavior patterns). The Kentik platform acquires the structure of the investigation, which questions are likely to proceed to others, which correlations are important in certain situations, and how experienced operators think.
Hybrid guardrails to restrict hallucination and unsafe behaviours.
Generative systems are prone to giving accurate but wrong suggestions. Kentik counters that by a stratified validation strategy. Pre-execution policies constrain the scope of the agent – some are forbidden altogether – and post-generation verification that a proposed remediation corresponds to topology, timing, and statistical limits.
Since recommendations are generated by AI Advisor as structured JSON instead of free text, Kentik is able to verify them algorithmically: does a recommended cause connect to the topology graph, are the temporal relationships supporting causation, and are the correlations stronger than a noise correlation. The validation layer is a combination of AI reasoning with deterministic graphing, feature analysis, and tests of correlation between features and statistics. According to Freedman, this has also non-AI guardrails to avoid dangerous or ill-conceived activities.
Voluntary inquiry, manly intervention.
Kentik deems AI Advisor to provide the opportunity to conduct autonomous inquiries, instead of giving away fully automated control. The system will automatically perform the investigative processes and propose corrections, yet the key alterations are possible only with human intervention – the big red button. In some clearly defined uses like DDoS mitigation, customers can choose to be granted automated authority over particular countermeasures, whereas most operational changes are still in the human-in-the-loop.
The objective that is outlined by the company is practical: eliminate the monotonous nature of investigative work and the engineers will spend fewer hours doing their routine duties and more time on the decisions that add value. Freedman put it in a nutshell: the goal is to open up 50% of the time in networking to allow individuals to be doing the thinking stuff.
The implication of this to network teams.
AI Advisor is the step towards transforming observability platforms into more than mere repositories of telemetry, and controllers of operations. In the case of network teams, that will deliver quicker root cause detection, reproducible patterns of investigation and evidence-based remediation recommendations, and keeping humans within the control of the sensitive and high-impact modifications. The actual validation will be the reliability with which the validation and guardrail systems will prevent false leads and unsafe action in complex, real-life situations, structured outputs and hybrid checks is a clear solution to that problem as suggested by Kentik.
The adoption, practical accuracy, and the decision that organizations will make regarding the balance between automation and human attention will determine the need to become a regular feature of network operation by AI Advisor. But in the meantime, the new feature of Kentik demonstrates the movement of observability vendors beyond query translation to orchestrated and context-aware investigation, a viable future of generative AI in networking.
