7 Real Ways to Modernize NetOps with Kentik AI Advisor

Subscribe

Summary

Kentik’s AI Advisor acts as a virtual network engineer, helping teams of all skill levels troubleshoot, manage, and optimize their infrastructure with unprecedented speed and context. We explore seven practical NetOps use cases, from rapid incident triage and capacity planning to upcoming live-device command support, that demonstrate how using AI as a collaborative teammate dramatically reduces manual investigative work.

In late 2025, we launched Kentik AI Advisor, an AI agent that deeply understands your network, thinks critically, and advises how to design, operate, and protect network infrastructure at scale. It’s like a network engineer always at your side that thinks and reasons like you do, and stands ready to jump in on whatever networking challenge du jour just landed on your desk.

Our vision for AI Advisor has always been to make network operations faster, easier, and more efficient for anyone who needs to understand their network. This might be seasoned network veterans, junior network engineers, IT operations generalists, SOC specialists, or even non-network business stakeholders.

To that end, we want to share some of the top use cases we’ve seen from our customers for AI Advisor to date. Some of the patterns are exactly what we expected. Others surprised us in a good way. Ranging from simple questions about traffic to complex, multi-step troubleshooting scenarios, AI Advisor helps you find the answers you are looking for faster, with greater efficiency and confidence, especially under pressure.

Here are seven great ways to use AI Advisor.

Use 1: Rapid incident/alert triage, troubleshooting, and RCA for lower MTTR

When an alert fires, the first few minutes matter a lot. You want to know if it’s real, what it impacts, and where to look next, without burning time getting oriented.

This is where AI Advisor really shines. Operators normally kick off a series of mental questions to rapidly triage the situation. Is this a real problem or just noise? How do I tell? What data do I need to confirm it? Where do I get it? Ok… let’s go looking through the data. The best engineers can do this in their sleep, but it still takes time. Newer engineers might take a few wrong turns before getting to where they need to go, especially when operating in a network they aren’t familiar with or didn’t build. If it’s a real outage, the business clock is already running, and every extra minute you spend getting oriented is a minute customers feel.

AI Advisor automates and accelerates that whole process. Because it uses advanced reasoning models that understand how networks work, as well as custom network context and user-prescribed runbooks, AI Advisor knows which evidence to pull and how to sequence the investigation when an alert fires. Most often, people start by using the “troubleshoot this alert” capability. This pre-loads the alert context into the prompt so AI Advisor knows exactly what you’re looking at, then it starts doing the triage work you would have done anyway.

The difference shows up fast in reduced escalations, faster troubleshooting, and more consistent outcomes across the team.

Routing and BGP incidents are a great example of why this matters. Routing problems rarely announce themselves in an obvious way. They show up as bizarre, unexpected paths, traffic flapping, performance issues, or other hard-to-pinpoint issues, and finding the answer almost always requires multi-step contextual reasoning.

In our BGP demo, we intentionally misconfigured a prefix limit so a peering session would establish and then immediately drop, creating a classic flap. Kentik detects it instantly via a BGP down SNMP trap and fires an alert – pretty standard stuff. But the cool part is what happens next when you ask AI Advisor to investigate it.

AI Advisor starts triaging like a senior engineer would. It identifies which BGP session is dropping, grabs context from the interface inventory to understand which port and subinterface it’s actually on, and then evaluates the impact. It checks what applications were using that interface and whether traffic was rerouted to other external interfaces or devices. It rules out a physical flap by checking the interface state, scans syslog around the incident window for reset reasons or policy violations, and surfaces the clue that points to the root cause – in this case, a prefix limit. It stitches together control-plane signals and traffic reality into a coherent narrative by taking the same investigative path an engineer would, but doing so automatically and much faster.

This is also where Runbooks become a force multiplier. Once you’ve defined the steps needed to troubleshoot an incident, you can document them in natural language like you’d advise a colleague so that every future BGP incident gets that same treatment, including vendor-aware guidance and escalation context.

Use 2: Understand hybrid and multi-cloud connectivity to optimize cloud performance and costs

Hybrid and multi-cloud environments bring greater complexity and more opportunities for traffic to take an expensive or unintended path. Traditional network engineers and cloud architects tend to stick to their own disciplines, and even when collaboration across teams is strong, it’s rare for either side to be fully bilingual in the other’s language.

So it’s not surprising that answering questions about hybrid and multi-cloud networks is another great way to use AI Advisor. We’ve seen customers ask simple questions like “How many transit gateways are currently deployed in my AWS environment and are they attached to one another?”, “Give me the inbound amount of traffic from GCP in the last month – breakdown by ASN”, and “Show me a list of all my VPC endpoints and how much data they are using.”

In these cases, it is clear that the value lies in the speed of information and in reducing friction to get to insights faster, without bouncing between tools or pulling in three different people to translate. We’ve also seen more advanced uses like “I’m looking for opportunities to optimize traffic flows to reduce cost. Look at my traffic going through the transit gateway and give me the largest data flows over the last month.”

AI Advisor shines here because it can reason through complex, iterative processes and still land on actionable, useful outcomes that show up on your bill.

Use 3: Capacity planning help for staying ahead of usage demands

We all know networks suffer from their own version of Parkinson’s Law. But instead of “work expands to fill the time available for its completion,” though, it’s “the traffic over a network expands to fill the available bandwidth.”

So unsurprisingly, another popular use is for capacity planning and designing network upgrades. For instance, customers ask things like “Which backbone links will exceed 80% utilization in the next three months based on current growth?” Network planners are using AI Advisor to help identify potential future congestion points and justify capital expenses for hardware refreshes to leadership.

What makes AI Advisor a powerful aid in this is its ability to sift through multiple sources and types of telemetry simultaneously. For instance, it can examine traffic across specific links, growth trends, interface utilization, overall device load, traffic to and from specific sites, and more. Manually conducting this exercise could take hours, require engineers to take manual notes along the way, and then draft up reports. AI Advisor does the searching and analysis for you. It keeps the context in mind so you don’t have to take notes, and it provides a draft summary of results you can copy and paste to make your own.

Use 4: Investigate unfamiliar IPs or hosts, and suspicious spikes, for faster security decisions

You see an IP you don’t recognize, a destination that shouldn’t be hot, or a pattern that feels off, and now you have to decide whether it’s normal business behavior or something you should escalate.

Sometimes it starts with a specific host, such as a security request to investigate strange behavior on an endpoint. So you look up traffic to and from the IP, figure out who it’s talking to, check ports and protocols, narrow the timeframe, and try to decide whether this is normal business behavior or not. This is the kind of work that’s easy to start and weirdly time-consuming to finish because there are so many pivots and “wait, one more filter” moments.

Other times, it starts with a pattern, usually a spike in traffic. Many NetOps teams end up doing threat investigation, whether they want to or not, because the first symptom lands on their desk as “why did traffic just jump like that?” Now, not every spike is an attack, but every attack starts as a spike that looks a little wrong, so fast triage to either rule in or out an attack is critical. That judgement is usually based on answers to a variety of questions, such as “Is this concentrated?” “Where is it coming from?” “What targets are involved?” “What’s the protocol mix?” Customers are asking AI Advisor to accelerate these answers in these moments: “Is there an attack happening?” “Top source IPs hitting this target.” “Show me ASN and geo distribution.” “Analyze this IP.”

In both cases, AI Advisor compresses the work into a guided investigation that gets you to contextual decisions faster. You start with “what is this IP doing,” or “what’s driving this spike,” and AI Advisor will pivot into peers, ports and services, ASN and geo distribution, and other relevant information to help you figure out what’s going on. Then it wraps up with a summary of what it found, resulting in way less time spent building and rebuilding queries, and way faster threat awareness and security decisions.

Use 5: Answer peering and transit questions for faster planning analysis

Doing traffic analysis inside your network is one thing. But many customers also care about who’s carrying their traffic and how it’s being routed. This helps you understand where and how to peer traffic to reduce cost, where you might be overpaying for transit, opportunities to improve performance, and how to plan new capacity.

These aren’t questions intended to resolve an incident. They’re business-impact questions about how to better design and optimize network traffic to deliver a better customer experience.

Customers are using AI Advisor to answer these questions much faster than before. They ask for traffic by ASN, or traffic to and from key providers, or how the provider mix compares week over week. We’ve even seen a few customers start with higher-level questions like “suggest potential peering partners to reduce cost” and letting AI Advisor reason about how to get that answer.

And because AI Advisor is conversational and shows you its work, you can keep asking follow-up questions without losing momentum. If one provider stands out, you can immediately ask which destinations are driving it, which sites are affected, and whether the change aligns with a known event.

AI Advisor helps you get to these answers faster and can give you a summary to share with your team without doing the write-up yourself.

Use 6: Faster answers to ad-hoc questions, weird one-offs, and “how does that work?” moments

How often do you get a question from someone on your team about a specific ASN, provider, interface, circuit, or “what is this thing?” topic that you know how to answer, but it still takes time to go get the answer? Maybe you have to re-orient yourself in a part of the network you haven’t looked at in months, build a few queries to find the right slice of data, or refresh your memory on how a particular feature works. It’s these annoying one-off requests that eat time, specifically because they aren’t part of your normal day.

This is one of the most underrated, highest-value ways teams use AI Advisor, and it shows up in a few flavors.

Sometimes it’s straight-up traffic reporting for something someone asked you about, but you don’t have a dashboard or ready-made query for. Users frequently ask for specific data, such as traffic from a specific ASN or filtered by destination, across various timeframes (e.g., the last 24 hours or seven days). It handles requests for top talkers, applications, ports, and interface ingress/egress – providing instant answers to constant, quick-hit operational questions that users don’t want to permanently instrument.

Other times, it’s not even a question yet. One of the more human patterns we see is people just pasting something into the chat: a hostname, an interface, a circuit ID, with no other context. They’re using AI Advisor like a jumping point into the environment, which makes a ton of sense if you think about how networks actually work. So much of it starts with “what is this thing and where does it sit,” especially during on-call or handoffs, or when you’re newer to an environment, and the naming conventions are still basically a foreign language.

For example, at Kentik, you might see device names include the identifiers IAD or FRA. That’s not particularly helpful unless you know we have two main clusters: one in Herndon, VA, and the other in Frankfurt, Germany. IAD and FRA are the three-letter codes for the two main international airports near them. If you can paste “nyc-core-02” and immediately get context, you’ve shortened the most annoying part of troubleshooting, the part where you’re just trying to orient yourself.

From there, the follow-ups come naturally. “Show me traffic trends for this interface over the last week.” “Now give me top talkers.” “Now break it down by application.” And you stay in the flow of the thread instead of breaking your train of thought to do query construction over and over.

Lastly, we see users asking questions about Kentik or about unfamiliar concepts. Because AI Advisor has access to both Kentik knowledge and general network know-how, AI Advisor works well as a quick wiki-agent, so you don’t have to break your flow to dig through docs or Google something you half remember.

Regardless of which flavor you pick, the result is the same – less time spent trying to recall or figure out something in context and faster answers to the questions that matter in the moment.

Use 7: Command access and configuration support (coming soon)

All right, if you’ve made it this far, congrats. You either really like what AI Advisor can do… or… you’re avoiding a ticket. Either way, you’ve earned a sneak peek at what’s coming next. Our last AI Advisor use case isn’t officially available yet.

Early access customers are testing a new capability where AI Advisor can access, analyze, and interpret device configurations and, with user permission, pull real-time operational data from devices during live investigations using read-only show commands via SSH.

This is extremely powerful and closes the gap between what telemetry and dashboards suggest is happening and what is actually going on with the device right now. Plus, it’s how engineers actually work, which is the vision of AI Advisor. One of the opening moves in a troubleshooting scenario is to pull up a command terminal on a device and start asking it to show you what’s going on using show commands: show me interface state, show me BGP neighbors, show me errors/discards, show me queueing, policy, routing tables, logs, and so on. There are thousands of them. Most engineers memorize a few dozen, then have to look up the rest. AI Advisor knows and can use them all, drawing from the full vendor-specific command set, deciding what evidence it needs based on the problem at hand, and selecting and running the right commands to get it.

The result is an AI agent that doesn’t just explain what might be happening. It can collect straight-from-the-box evidence, connect it to what Kentik already sees, and help you get to the root cause faster, with far less copy/paste along the way.

If this sounds awesome to you and you’re already a Kentik customer, connect with your account manager to join Early Access, or request a demo to learn more.

Unlocking the real value of AI Advisor

If there’s one theme that runs through all of these use cases, it’s that AI Advisor works best when you treat it like an additional assistant or colleague, not just a chat tool. Ask the first question you’d ask anyway, then keep going. Listen as it gathers evidence and reasons, then ask the follow-up you’d normally ask next.

Early adopters are already seeing faster troubleshooting and analysis, but the bigger question is what happens when teams start using it as a normal part of their work, especially under pressure. By using AI Advisor to handle much of the manual labor, like independently collecting and processing information, then presenting its findings for you to review, you enable faster progress and reduced errors. That’s true for senior engineers who already know what to do, and it’s even more true for newer engineers who are still learning the ropes in an unfamiliar network.

As you build out your custom network context and runbooks, AI Advisor becomes more consistent and better tailored to how your team actually operates.

If you’re already using it, try one of the workflows above and push it with follow-ups, as you would with a teammate. If you’re just getting started, pick something simple, like ad hoc reporting or an IP investigation, and go from there. Have a great use case or workflow we haven’t mentioned? We’d love to hear from you.