AI responsible use limits
To ensure fair and responsible use of AI features, we manage daily usage through a rolling 24-hour limit. This means usage resets continuously based on when you make requests, helping to provide a consistent experience for all users.
If your usage reaches the daily limit, the system temporarily pauses access to the AI feature you're using and shows an HTTP 429 status code, along with the following message:
"You have hit your daily usage limit. See feature documentation for more details."
This approach is designed to maintain system performance and reliability, while supporting your continued use of AI features.
This page tells you the limits set per tenant and per user for each AI feature.
Note
In the limits shown in the sections below, "per day" means within any 24-hour period.
Command line analysis
This feature analyzes the command line run by threats to discover their intention and possible impact. If necessary, it de-obfuscates code, minimizing the effort needed to assess a detection.
- Tenant limit: 250 per day
- User limit: 50 per day
AI search
This feature lets you search detections or endpoint data in the Sophos Data Lake. You can use our suggested searches or write your own natural-language queries.
- Tenant limit: 100 per day
- User limit: 20 per day
Case summary
This feature analyses detections in a case to summarize what's happened, the devices and users involved, the MITRE ATT&CK tactics detected, and possible next steps.
- Tenant limit: 50 per day
- User limit: 10 per day
AI assistant
This feature lets you investigate threat cases by using queries and prompts in a natural-language chat format. See AI assistant.
There are limits on conversational threads and individual messages.
Conversational threads
- Tenant limit: 100 per day
- User limit: 20 per day
Individual Messages
- Tenant limit: 1000 per day
- User limit: 200 per day