A month ago we wrote about attunement: the ability of an AI security analyst to know the environment it works in, reason inside its constraints, and act with the depth that environment demands. The last release gave attunement its four legs (Connectors, Calibrations, Deep Research, Remediation), with Recall and Rerun layered on top.
But what does "the environment it works in" actually mean for an AI security analyst? The answer is data. Its entire environment is the data it can reach. Cloud telemetry, endpoint detections, identity logs, SIEM history, threat intel, tickets. The AI's world ends where its data access ends. Attuning an AI to your environment is giving it access to that data and the ability to reason across it.
This release does two things. It widens what Juno can see, and it makes what Juno does easier to follow.
Expanding Juno’s Reach With Five New Connectors
For most security teams, Splunk is the source of truth for logs and CrowdStrike is the source of truth for endpoint activity. An AI that cannot read from both is operating with a partial view of the same incident the analyst is investigating. Juno now connects to Splunk, CrowdStrike, Google Threat Intelligence, Jira, and Uptycs data itself, now exposed as a connector like the rest. That last point matters more than it sounds. Uptycs is no longer the platform Juno sits inside, querying outward. It is one source of truth among many that Juno reasons across.
You can now ask a single question and Juno will pull from Uptycs telemetry, correlate against Splunk logs, check CrowdStrike detections, enrich with threat intel from Google, and check Jira for prior context, in one investigation thread, with the evidence chain visible at every step.
Helping Juno Understand Its Environment With Ontology
Connecting to Splunk is the easy part. The hard part is that every Splunk instance is its own dialect. Tables have different names, fields follow local conventions, and the relationships between them are local knowledge held by whoever built the environment four years ago. A connector that just opens the door isn't enough, Juno has to know how to read what's on the other side.
This is where ontology comes in. When you connect a SIEM or a data-lake source, Juno examines the schema, identifies what each table represents, maps how the tables relate to each other, and builds a model of the data lake it can reason against. Joins, foreign-key relationships, event-to-asset linkage, the local naming conventions for things every SIEM names slightly differently, all of it becomes part of Juno's working model of your environment. Juno can now investigate inside a Splunk or CrowdStrike instance the way a senior analyst would after a week of learning the schema, except it happens in minutes.
Making what Juno does easier to follow
Attunement runs both ways: the AI knows your environment, and you can read the findings of AI. If you can't read it, you can't trust it. Two more changes in this release make Juno's work easier to follow without breaking your flow.
Task summaries
When Juno runs an investigation, it executes a chain of tasks. Each task in an investigation now shows a short summary beneath its title. Before, you got a title and had to expand the task to see what it was actually doing. Fine for one task, exhausting across the dozen-plus tasks in a real investigation. The summary gives you the gist at a glance. You can scan the reasoning chain and stop only where you want to dig in.
Inline evidence
The other half of trust is evidence. The evidence chain behind a finding has always been available, but it lived in a section you had to navigate to. Now, when Juno states a conclusion in the summary, the evidence is one hover away. A claim like "20+ consent-to-application events" is no longer something you take on faith. Hover the claim and the events that back it appear in place, in the same place you read it.
This is the smallest change in the release and the most important. It is the difference between a report you read and a report you can defend.
Where this is heading
The previous release made Juno attuned to your environment. This one widens what the environment means and makes the work inside it legible. Splunk and CrowdStrike are the start. The direction is general intelligence for security: an AI analyst that can reason across data lakes and other primary sources of telemetry and logs a security team relies on, regardless of who built it.
