SOC puppets: How Torq wants to automate security

Welcome to Runtime! Today: Torq's CEO explains how agents are ready to take over security operations centers, Anthropic hooks up with a who's who of enterprise SaaS, and the latest funding rounds in enterprise tech.

Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.

Alert and response

Software developers' eager embrace of AI coding agents (for the most part) has gotten most of the attention over the last several months, but cybersecurity professionals are also starting to put agents into key parts of their workflow. Torq just raised $140 million in new funding to help automate the venerable security operations center with AI agents, and some big companies are getting on board.

"The whole SOC is being changed completely; the way that teams are working today, and the way that you are streamlining data through pipeline," Torq CEO Ofer Smadari said in a recent interview with Runtime. He's referring to the security operations center, which is a collection of people and threat-detection systems that help enterprises detect and triage threats to their networks.

• Torq was co-founded in 2020 by Smdari, Leonid Belkind (CTO), and Eldad Livni (chief innovation officer) after the trio sold Luminate Security to Symantec in 2019.
• The company started out working on infrastructure automation tools, but pivoted to SOAR (security orchestration, automation, and response) after the company realized it didn't have a lot of experience selling directly to developers, Smadari said.
• After ChatGPT was released in late 2022, Torq launched its first AI agent called Socrates about ten months later and subsequently added tools that let customers build their own agents customized to their workflows.

Traditionally, the people working in SOCs have had to wade through piles of alerts — some of which are signs of legit intrusions and others that are false positives — in order to decide where and how to respond, and that's a painstaking job. Reliable AI agents (and "reliable" is load-bearing here) could eliminate a great deal of that work and allow teams to spend more time dealing with actual problems and less time chasing ghosts.

• Alert fatigue was already a problem before generative AI came around, and while most security experts believe defenders still have the upper hand in dealing with AI-generated attacks, that might not last forever.
• "The economics are getting close to zero on how fast you can build new things and enterprises need to get the right equipment to face those machine-speed, new attack rates," Smadari said.
• During a recent panel discussion with the head of J.P. Morgan's SOC, Smadari said the storied investment bank reported that the number of alerts its security team currently deals with is up 25% to 1 billion events per day.
• And while a recent report from ISC2 suggested that cybersecurity teams face less of a budget crunch these days than in previous years, the long-running shortage of qualified professionals remains a problem.

Torq calls its SOC agent platform "Hyperautomation," which allows security teams to analyze all the incoming data pipelines the business needs to run smoothly and automate responses based on custom guardrails and the company's previous history of incidents, Smadari said. This is getting to be a crowded space, following Palo Alto Networks' acquisition of observability platform Chronosphere last year and previous launches from CrowdStrike and Splunk.

• The platform summarizes the actions it has taken and packages them in a report for the security team to take further action.
• If needed, it can "shut down servers" or "isolate workstations" that show signs of compromise until those teams can respond, he said.
• Until recently, enterprises dealing with a barrage of incoming alerts would need to build their own custom workflows or software tools to understand what's happening and take action, but Torq's no-code approach allows security teams to do that on their own without tapping the developers, Smadari said.
• "We are providing results, not just engineering tools," he said, and should this approach catch on more widely, it will mark one of the more successful deployments of AI agents in enterprise tech.

Model citizen, zero discipline

While every enterprise SaaS company with a pulse is racing to put agents in their products, there's no question that Anthropic's Claude tool is enjoying a surge of enterprise users over the last several months thanks to new features in Claude Code. On Monday Anthropic announced that Claude users will be able to tap into those popular SaaS tools with new integrations that allow users to interact with third-party apps directly within Claude.

The list of participating companies includes Asana, Box, Figma, Canva, and Slack, with a connection to Salesforce's Agentforce 360 "coming soon." MCP Apps, a new extension to the widely adopted MCP standard, is the connective tissue for those integrations, and it will allow other software companies to make their services available in Claude over time.

But developers got a reminder of the inherent security issues linked to MCP after the Moltbot (née Clawdbot) tool went viral over the weekend. "Running UI from MCP servers means running code you didn’t write within your MCP host," the MCP project reminded developers Monday, and although there are some security guardrails built into MCP Apps end users are still responsible for making sure they're not doing anything insecure, and that could be hard to scale in the enterprise.

Enterprise funding

Baseten raised $300 million in Series E funding, valuing the AI inference platform at $5 billion.

Upwind Security scored $250 million in Series B funding for its cloud security platform, which is a take on the CNAPP (cloud-native application protection platform) concept.

Upscale AI landed $200 million in Series A funding as it builds out its AI networking technology, designed to service clusters rather than racks.

Inferact launched with $150 million in new funding to build a commercial company around the vLLM open-source inference project.

Claroty raised $150 million in Series F funding for its critical infrastructure security platform, which monitors threats to physical infrastructure like pipelines and data centers.

Railway landed $100 million in Series B funding as it builds out an application-deployment platform for software developers.

The Runtime roundup

TikTok had a rocky transition to its new ownership group over the weekend after a power outage took out one of its data centers, according to Business Insider.

Microsoft rolled out the Maia 200, the second-generation of its homegrown AI inference processor that it compared favorably to AWS's Trainium and Google Cloud's TPUs.

Cisco launched a new version of its partner program that CRN said was designed to "help customers reach transformative AI outcomes faster through their trusted channel partners," who actually sell a large percentage of enterprise products and services directly to end users across the industry.

Thanks for reading — see you Thursday!