Weave Network Topology Agent from Articul8 ingests network logs, configuration files, and traffic data and transforms it into semantic knowledge graphs. Credit: Shutterstock One of the most basic and yet difficult tasks that network admins have to do is network discovery. Modern network infrastructure can include thousands of switches and routers, and configuration changes occur dynamically. It’s a challenge that Articul8 is aiming to solve with its Weave Network Topology Agent. Articul8 was spun out of Intel in January 2024 and has been building domain-specific AI tools. Weave addresses what the company calls “autonomous topology intelligence” rather than traditional network monitoring. It transforms logs, configuration files, and network traffic data into real-time, autonomous semantic knowledge graphs. “Every day organizations have hundreds of switches changing, they have configuration changing,” Arun Subramaniyan, founder and CEO of Articul8, told Network World. “And if you just purely look at data from an observability standpoint, a lot of these will look like anomalies and rightfully so, because they’re different from what they used to be. But they’re not really anomalies. They’re just changes.” How Weave works: passive topology analysis Weave operates through passive analysis of existing network data. It requires no additional agents or active network probing. The system ingests standard network logs, including WAF logs, configuration files and time-series data. Organizations already collect this data through existing infrastructure. “It is basically designed for any networking group; they already have all of these logs in the raw format,” Subramaniyan explained. “It can ingest, and then it can immediately give you the topology of the network that generated these logs, which is not an easy thing to do. It’s an inverse problem.” The agent runs in cloud environments behind customer firewalls. It does not require on-premises deployment. This approach eliminates security review cycles typically associated with introducing new network monitoring tools. Technical architecture: beyond traditional monitoring Weave’s technical foundation relies on a hybrid knowledge graph architecture. It processes different data types through specialized analytical engines. It does not attempt to force all network data through large language models (LLM). This design choice addresses accuracy concerns inherent in applying generative AI to precise networking data. “There’s actually a massive risk of hallucination if you’re processing time series data through LLMs,” Subramaniyan said. “So we actually are very specific and careful not to process any time series data through LLMs.” The system uses graph analytics for relationship modeling between network entities. It maintains vector databases for similarity searches. All components feed into a unified knowledge graph. This captures both logical relationships (physical connections) and semantic relationships (functional dependencies) within the network infrastructure. Distinguishing state changes from anomalies The core differentiator in Weave’s approach lies in its ability to distinguish between legitimate state changes and genuine anomalies in real-time. Traditional monitoring tools treat both scenarios as deviations from baseline. Both require manual investigation to determine appropriate responses. Weave addresses this through temporal analysis. It considers change patterns over time. This capability becomes critical in large-scale networks. Hundreds or thousands of configuration changes may occur daily. The system learns from network engineer feedback. It builds institutional knowledge about what constitutes normal operational changes versus issues requiring intervention. Integration and deployment model Weave does not replace existing network monitoring infrastructure. It positions itself as a topology intelligence layer that enhances existing tools. The agent identifies specific network segments or nodes requiring attention. This allows traditional monitoring tools to focus their analysis efforts more effectively. “Our agent would actually help the engineer go exactly pinpoint which two nodes they need to look at, or which portion of the large network they need to be looking at,” Subramaniyan said. He added that Articul8 doesn’t have its own specific network monitoring tools, rather the core assumption is that organizations already have existing tools. “There are enough tools out there. What our agent does is knowing when to call those tools,” Subramaniyan noted. Performance and results Initial deployment results demonstrate measurable improvements in both accuracy and operational efficiency. In one enterprise deployment, the system improved anomaly detection accuracy from 80% to 94%. It also added state change detection capabilities that previously did not exist. The system also demonstrated reliability in test scenarios. It successfully identified synthetic state changes that were artificially introduced to validate detection capabilities. Looking forward, Articul8 plans to expand the agent-based approach beyond individual network topology analysis. The goal is collaborative agent systems that can address complex multi-domain infrastructure challenges. This evolution reflects broader industry trends toward autonomous operations in enterprise IT environments. “Where we are seeing this going is actually deploying more of these kinds of agents that can do different things, but also work together collaboratively,” Subramaniyan said. Data CenterNetwork Management SoftwareNetwork MonitoringNetworking SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below.