95% Faster: How CyberArk Used Iceberg & AI Agents to Crush Support Bottlenecks

About this episode

CyberArk's support team was drowning in logs. With 40+ products across SaaS and self-hosted environments, each generating logs in different formats, support engineers were spending days just preparing data before they could even start investigating a customer issue. Complex cases took up to 15 days to resolve. Moshiko Ben Abu, a Software Engineer at CyberArk — now part of Palo Alto Networks — built an AI-powered system that changed all of that. In this episode, he walks us through the full architecture: replacing manual regex parsers with AI-generated grok patterns using Amazon Bedrock and Claude, storing structured data in Apache Iceberg tables via PyIceberg with automatic schema evolution, and querying everything through Athena — all while keeping PII masked and data encrypted in S3. But the real breakthrough came with agents. Moshiko describes how he moved from single-product Bedrock agents to a swarm of specialized AI agents built with the Strands framework, where agents investigating product A can autonomously call agents for product B and C to trace root causes across the entire stack. Cases that took 15 days now resolve in hours. Simple cases drop from 4-6 hours to 15-30 minutes. Engineers handle 4x more cases per day. We also dig into the security layer — Cedar policies and Amazon Verified Permissions for agent authorization, the identity integration with AgentCore, and what's coming next: S3 Tables, AgentCore in production, and cross-platform agent collaboration with Palo Alto. Moshiko's advice for developers getting started? Learn IAM first, then compute, then databases — and write everything in CDK.

Links

Here are the links to the tools, technologies, or articles we mentioned in this episode.