AI agents for security operations

Alert triage and response — with bounded autonomy.

SOC agents triage alerts and drive response across SIEM/SOAR with bounded autonomy. Containment actions are gated, autonomy can only tighten the risk floor it can never weaken, and every step is replayable — so the agent that fights at machine speed still can't act beyond its leash.

Aligned with MITRE ATT&CK · ISO 27001 · SOC 2 · NIST AI RMF

Oversight Modes
risk floorsuggest_onlydraftexecute_low_riskexecute_with_reviewautonomous
oversight ▸ risk gate is a floor — autonomy can only tighten it
The regulatory pressure

An autonomous responder is only safe if it can't overreach.

Security automation has to move fast, but an agent that can isolate a host, disable an account, or block a range can also take down production if it's wrong. The risk is a powerful actor acting beyond its mandate. Cortex bounds the autonomy: containment is a gated action, the risk floor can only tighten, detection & response watches the agents themselves, and every step is replayable.

MITRE ATT&CKSOARISO 27001SOC 2NIST AI RMFNIST CSF
Regulatory pressure
MITRE ATT&CKSOARISO 27001SOC 2NIST AI RMFNIST CSF
Typed objectsAlert · Incident · Asset · Identity · Containment
Restrictedcredential / secretlocked
frameworks ▸ encoded as policy · gated · sealed
Use cases

Triage at machine speed, response on a leash.

Each agent runs under an oversight mode with a risk floor; containment threads through the Action Fabric, and detection & response watches the agents themselves.

Alert triage agent
  • Correlates SIEM alerts, maps them to MITRE ATT&CK techniques, and prioritizes — every enrichment explained and every step replayable.
  • Observability
Response orchestration (SOAR)
  • Drives SOAR playbooks as Action Fabric actions; high-impact containment (isolate host, disable account) pends for approval before it fires.
  • Action Fabric
Bounded autonomy
  • The oversight mode sets a risk floor the agent can only tighten — autonomy can make a decision stricter, never weaker than the action's own gate.
  • Oversight modes
Agent detection & response
  • Watches the agents themselves for suspicious prompts, tool misuse, cost spikes, and repeated denials — and contains a misbehaving agent automatically.
  • Agent Detection & Response
Replayable incident record
  • Every triage and response step is sealed into a hash-chained record with full lineage — replay the whole incident for the post-mortem or the auditor.
  • Trust Ledger
Autonomy is a floor, not a free hand

The agent can tighten the risk gate — it can never loosen it.

Every action carries its own risk floor; an agent's oversight mode can make the decision stricter but never weaker. So even an autonomous responder can't auto-fire a high-impact containment — that action's floor holds it for approval, and detection & response is watching the agent the whole time.

  • Oversight mode can only tighten the action's risk floor — never weaken it
  • High-impact containment (isolate host, disable account) pends for approval
  • Agent detection & response auto-contains a misbehaving agent
  • Every triage and response step replayable from the sealed lineage
Oversight Modes
risk floorsuggest_onlydraftexecute_low_riskexecute_with_reviewautonomous
oversight ▸ risk gate is a floor — autonomy can only tighten it
Prove it — don't just claim it

The verdicts an incident commander will see.

These are the literal runtime responses — autonomy never lets a high-impact action skip its gate.

runtime · verdicts
Isolate hosthigh-impact · above floorHOLD · approval
Enrich alertlow-risk · auto-execute200 sealed
Rogue agentADR: tool misuse detected403 contained
Secret readagent requests credential403 redacted
fail-closed ▸ challenge it and it denies, on the record
  1. 01

    Model the domain

    Map the work to typed ontology objects — Alert, Incident, Asset, Identity, Containment — with restricted fields like credential / secret locked at the property level.

  2. 02

    Encode the rules

    Translate the obligations above into Policy-as-Code and Action Fabric approvals — the gates fail closed, returning a precise code, not a guess.

  3. 03

    Prove the outcome

    Every run lands in a hash-chained Trust Ledger with signed receipts and 10-hop provenance — a record you can hand the regulator.

5 modesAutonomy levels with a risk floor
10-hopReplayable lineage per incident
6 signalsAgent detection & response triggers
256Chained SHA-256 sealing every step
Security & compliance

Govern the agents that defend you — not just the threats.

Bounded autonomy, agent detection & response, action gating, and replay are shared across triage and response — so the responder that fights at machine speed still can't act beyond its leash. Aligned with, never claiming certification you don't hold.

MITRE ATT&CK · mappingSOAR · orchestrationNIST CSF · RespondNIST AI RMF · ManageISO 27001 · opsSOC 2 · audit
FAQ

AI agents for security operations — questions, answered.

Can an AI security agent isolate a host or disable an account on its own?

Only if the action's risk floor permits it. High-impact containment carries a floor that holds it for human approval; an agent's oversight mode can tighten that gate but never weaken it, so an autonomous responder still can't auto-fire a damaging action.

What is bounded autonomy in Cortex?

Every action has its own risk floor, and an agent's oversight mode can only make decisions stricter than that floor — never weaker. Autonomy speeds up the safe work while the dangerous work stays gated.

How does Cortex protect against a compromised or misbehaving agent?

Agent detection & response watches the agents themselves for suspicious prompts, tool misuse, unusual data access, cost spikes, exfiltration, and repeated denials — and automatically contains the agent by pausing, disabling, or revoking it.

Can we replay an incident for a post-mortem?

Yes. Every triage and response step is sealed into a hash-chained ledger with full 10-hop lineage, so the entire incident can be replayed for a post-mortem or an auditor.

More industries

One governed runtime, every regulated vertical.

The controls are the same — the obligations they satisfy differ. Explore another vertical, or see the full set.

Respond at machine speed — without acting beyond the leash.

See the autonomy dial, the risk floor, and the agent detection & response that bounds every SOC agent.