Splunk Launches Hosted Generative AI Models: Native-AI Insights, Zero Setup, Maximum Security

In today's digital landscape, operational data is one of your most critical assets, but only when it can be accessed, understood, and acted upon effectively. The Cisco Data Fabric, powered by the next-gen Splunk Platform, breaks down data silos and connects insights across domains to help you realize the full value of your data, from network telemetry and security events to application performance and user experience.

But a data fabric is only as powerful as the intelligence layer that sits on top of it. That's where Splunk hosted AI models come in. These purpose-built generative AI models transform connected data sources into an intelligent system that moves you from visibility to insight, and from insight to confident, automated action. These purpose-built generative AI models transform connected data sources into an intelligent system that moves you from visibility to insight, and from insight to confident, automated action.

Enterprise AI Without the Obstacles

Generative AI has tremendous potential to transform how you extract value from data, but enterprise adoption has been held back by real challenges: managing infrastructure, handling API credentials, tracking model versions, and concerns about data leakage with third-party providers.

Splunk hosted AI models are now generally available for Splunk Cloud Platform customers. This is a fundamental shift: generative AI that works directly on your machine data, integrated into the workflows your teams use every day with zero infrastructure to manage, and your data never leaves your secure environment.

Why Machine Data Requires Purpose-Built AI

General-purpose LLMs excel at summarizing text and answering questions about documents. But they struggle with machine data—the high-volume, high-cardinality, time-based signals with specialized context, schemas, and rapidly evolving patterns that flow through your environment.

Organizations have faced tough tradeoffs:

• Send sensitive data to third-party AI providers (raising privacy, compliance, and governance concerns)

• Build AI infrastructure themselves (demanding specialized skills, GPUs, and ongoing operational effort)

• Go without (leaving major productivity and resilience gains on the table)

With Splunk Hosted Models, you don’t have to choose. We bring enterprise-grade generative AI models directly into your Splunk Cloud environment—no infrastructure to manage, no API keys to configure, and no data leaving your secure perimeter.

Four Powerful Models for Digital Resilience

1. Foundation AI Security Model: Your AI Security Analyst

Security teams face overwhelming alert volumes and a growing shortage of skilled analysts. Foundation-sec-1.1-8b-instruct is purpose-built to address this challenge.

This 8-billion parameter model, continuously pre-trained on 5B security related tokens and then purposefully post-trained for Splunk use cases, this model understands security terminology, frameworks, and workflows. Use cases include alert prioritization, incident summarization, and attack timeline reconstruction.

Real-world impact: Analysts typically spend 15-30 minutes manually investigating each suspicious file detection. The Foundation AI Security Model automates the entire triage workflow, assessing each alert in under 5 seconds while providing clear reasoning. This reduces analyst workload by 70-80%, ensures consistent 24/7 alert processing, and frees your team to focus on strategic threat hunting instead of repetitive tasks.

2. Cisco Deep Time Series Model: Forecast the Future, Prevent Downtime (Beta)

The Cisco Deep Time Series Model brings zero-shot forecasting to Splunk—predict future operational metrics without training a model, building a data science pipeline, or hiring specialized data scientists. Empower every engineer to move from detecting problems to preventing them.

This generative AI model, designed and pretrained for the unique needs of machine data, identifies anomalies and predicts whether these changes may affect your users. Bring the power of prediction to all the time series data already flowing through Splunk: infrastructure metrics, application performance, network traffic, and resource utilization.

Real-world impact: During a seasonal flash sale, an e-commerce company uses Cisco Deep Time Series Model to forecast how traffic spikes will affect infrastructure capacity so that you scale in advance, while anomaly detection monitors critical business metrics to identify changes that may affect the user experience. When a payment gateway error causes a 30% drop in successful orders, a deviation that escapes static thresholds, the system instantly flags the discrepancy, allowing SREs to resolve the issue immediately and protect business revenue.

3. GPT-OSS Models (120B and 20B): Versatile Intelligence for General Questions

Sometimes you need to explore data across domains, generate code, or ask complex "what if" questions about your environment.

• gpt-oss-120b: A Mixture-of-Experts model (~117B parameters) for complex reasoning, coding tasks, and sophisticated analytical challenges
• gpt-oss-20b: A faster 21B-parameter model optimized for speed while maintaining strong capability

Real-world impact: An IT operations manager asks: "Analyze application performance metrics, server logs, and network data from Tuesday between 2–4 PM and explain what caused the slowdown." The model correlates signals across sources, identifies database connection pool exhaustion coinciding with an unexpected traffic spike, and suggests configuration changes to prevent recurrence.

Why Splunk Hosted Models Change the Game

Zero Configuration, Maximum Value

No GPUs to provision. No model versions to track. No scaling challenges. Focus on outcomes, not infrastructure.

Privacy by Design

Your data never leaves your Splunk Cloud environment. No external API keys. No third-party AI providers. Built-in compliance and governance within your existing security perimeter.

Workflow Integration, Not Just Chatbots

Unlike bolt-on chatbots that feel disconnected from real work, Splunk Hosted Models integrate into your existing workflows. With the native | ai command, you can pipe data directly into these models—AI becomes part of your search language, not an add-on.

Continuous Evolution

Models automatically update and improve without disrupting your workflows. You benefit from ongoing optimization without migration projects or version management overhead.

Getting Started

If you're already using Splunk Cloud Platform, you can start using Splunk Hosted Models immediately through the AI Toolkit and Search and Reporting—no additional infrastructure, no complex setup, no lengthy procurement.

Whether you're investigating security incidents, optimizing IT operations, or predicting operational needs, Splunk Hosted Models bring specialized AI capabilities directly to your data—where insights become action to drive resilience.

The complexity barrier is gone. Data privacy concerns are addressed. The infrastructure burden is eliminated. What remains is pure potential—and it's available today.

Splunk hosted models are generally available now for Splunk Cloud Platform customers through the AI Toolkit app.

Download App

Documentation