AI-Assisted Incident Response: HORA at Upperside World Congress 2026
At Upperside World Congress 2026 in Paris, Andrian Visnevschi (CEO and CTO) and Nicolai Moraru (Director of Software Engineering) took the main stage to present what we have been building at ITcare, and what we have learned along the way.
The talk: AI-assisted incident response, and how HORA, our AI network operations platform, changes the way engineers respond to incidents. Not theory. Production results from live ISP networks.
The Numbers We Presented
One month of production operation, human-validated:
- 42,187 AI-driven investigations
- Average response time: 3 minutes 51 seconds
- Median time to root cause: from ~28 minutes down to under 4 minutes
- Accuracy, human-validated: 93.6%
- Engineers required per RCA: from 2 down to 1
Each number has a story behind it, and the median time to root cause is the one that changes shift work the most. Twenty-eight minutes was not engineers being slow; it was engineers collecting context: logs from one system, flows from another, the routing state from a third. That collection step is what HORA compressed. The engineer starts at the hypothesis, not at the gathering.
What AI Root Cause Analysis Looks Like in Practice
HORA’s AI root cause analysis runs the investigation the way a senior engineer would, across the correlated picture we build for every network we operate: metrics, logs, flows, and BGP state together. The difference is that it runs it on every alert, instantly, at 3am with the same attention as at 3pm, and hands the on-shift engineer a hypothesis with the evidence attached. The human validates, decides, and acts. That validation loop is also where the 93.6% figure comes from: every investigation is graded by the engineers who worked the incident, not by the system grading itself.
The Honest Part
We also shared where AI still gets it wrong, why fully autonomous network operations remains a dangerous idea, and why human oversight is a design requirement, not a limitation we plan to remove. HORA was built in our own NOC, supervised, read-only first, and battle-tested on our own operations before any customer deployment. Incident response automation that acts without a human in the loop is a fine demo and a terrifying production system; we said so on stage, and the room’s reaction suggested most operators quietly agree.
The response at the conference confirmed what we have been feeling for a while: this shift in how incidents are investigated is not only needed, it is already expected.
Watch the Full Talk
We are proud of what the team has built, and excited about what comes next. The full talk is on YouTube:






