AI Findings Intelligence

Kindling. The AI layer MSPs sell to clients.

Deterministic scoring plus LLM investigation. Autonomous resolution on the majority of findings. Blumira's 24/7 SecOps team on the rest. The AI story your clients already want to hear, backed by 8 years of detection data.

Get Your NFR License Talk to MSP Team

Kindling is Blumira's AI findings intelligence engine. It combines deterministic math scoring with LLM-based investigation to autonomously resolve security findings where the evidence is clear and to escalate findings that require human judgment to Blumira's 24/7 SecOps team. The autonomous resolution rate is held to a 90% standard. Kindling is included in standard MSP pricing at no additional charge. For MSP partners, Kindling is both an operational improvement (less triage work, fewer false alarms in client environments) and a sales differentiator. Read How MSPs Win Security Deals They Couldn't Before for the full pitch structure built around AI-powered threat detection as the lead message.

The two-stage architecture

Deterministic scoring and LLM investigation work in sequence. The combination is what makes autonomous resolution reliable.

1

Deterministic scoring

Math-based scoring runs against every finding: correlation across sources, severity weighting, organizational signature matching, and a 14-day behavioral baseline per client environment.

This is the first filter. It's fast, deterministic, and reproducible. Findings that score clearly benign resolve here. Findings that score clearly malicious promote to the investigation stage.

2

LLM investigation

Ambiguous findings go to the LLM investigation layer, where context is gathered across related events, endpoint telemetry, identity activity, and 8 years of Blumira detection corpus for comparable cases.

The LLM produces an explainable verdict with reasoning, recommended actions, and escalation notes for the SecOps team if human judgment is required.

What Kindling changes for MSPs

Less triage work for your techs

The 90% autonomous resolution rate means your team sees the findings that need human attention, rather than drowning in the ones that didn't.

🎯

Sellable AI story in client meetings

Clients want to hear about AI-powered threat detection. Kindling is the capability you can describe honestly, with specific architecture and specific outcomes.

🎓

Better retention through trust

Clients experience fewer false alarms and faster response on real threats. That experience compounds over renewal cycles.

Reasoning against 8 years of detection data

Blumira has been running detection engineering since 2018. Kindling reasons against that 8-year detection corpus plus a 14-day behavioral baseline per client environment. Context is what makes autonomous resolution reliable instead of reckless.

Competing AI-SOC vendors with newer detection stacks do not have equivalent historical context yet. The data depth is time-locked. It cannot be acquired quickly.

Kindling frequently asked questions

What is Kindling?
Kindling is Blumira's AI findings intelligence engine. It combines deterministic math scoring with LLM-based investigation to resolve security findings autonomously where the evidence is clear, and to escalate findings that require human judgment to Blumira's 24/7 SecOps team. Kindling is included in the Blumira platform at no additional charge.
How does Kindling differ from a traditional SIEM alerting model?
Traditional SIEM produces alerts. Teams then triage those alerts manually, which is where most of the labor and most of the alert fatigue lives. Kindling produces investigated findings. Each finding comes with scoring, correlation across sources, and a recommended action. Work left for the human is the 10% that genuinely needs human judgment, not the 90% that was noise.
What's the autonomous resolution rate Kindling delivers?
Blumira holds Kindling to a 90% autonomous noise reduction standard, methodology-documented internally. For MSPs, that means your techs see the findings that matter and do not drown in the ones that don't.
How does Kindling change what MSPs can offer to clients?
Three things change. First, your techs spend less time on triage. Second, you can truthfully pitch AI-powered threat detection as part of your offering without overclaiming. Third, your clients experience fewer false alarms and faster response on real threats, which shows up in renewal conversations as a trust-building signal.
Does Kindling replace the 24/7 SecOps team?
No. Kindling handles the bulk of the triage work autonomously. The 10% of findings that require human judgment escalate to Blumira's 24/7 SecOps analysts, who investigate, recommend response actions, and coordinate with your MSP team. The architecture keeps human expertise in the loop for the cases where it matters.
How does Kindling compare to what Huntress, ConnectWise, or Sophos are shipping in 2026?
Huntress, ConnectWise, Sophos, Todyl, and others have all shipped AI-related security capabilities that differ in scope. Huntress focuses on posture management and auto-rollback. ConnectWise Agentic Response focuses on triage and response workflow. Sophos MDR AI Agents focus on enrichment and triage. Kindling's distinguishing structure is the combination of deterministic scoring, LLM investigation, 8 years of Blumira detection corpus for context, and integration across cloud SIEM, XDR, EDR, and ITDR in one platform.
How does Kindling use Blumira's 8-year detection data?
The detection corpus is the context Kindling reasons against. Instead of evaluating each new finding in isolation, Kindling scores it against historical patterns, known-benign baselines, and organizational signatures. That context is what lets autonomous resolution happen without over-triggering false positives, and it's something competitors with younger detection data cannot fully match yet.
Is Kindling an MDR service?
No. Kindling is the AI findings intelligence capability inside the Blumira platform. The managed service layer, where Blumira analysts provide 24/7 SecOps support on top of Kindling, is separate. The product is Kindling. The service is the managed SecOps offering. MSPs typically sell the combined platform-plus-service bundle to their clients.

Keep reading

How MSPs win security deals they couldn't before

The pitch, economics, and platform story for MSPs building a security practice in 2026.

MSP pricing

Kindling is included in the standard platform price. No separate AI tier, no add-on billing.

See Kindling in your own environment

Start with a Free NFR license. Deploy in hours. Watch autonomous findings resolution on real telemetry.

Get Your NFR License Talk to MSP Team