A New Era of Asymmetric Warfare: The Case for the Agentic SOC

For the last decade, the cybersecurity industry has attempted to solve a technology problem with a human solution. We looked at the rising tide of alerts and the complexity of the threat landscape, and our answer was always “hire more people.” That approach has created a dangerous asymmetric warfare dynamic — one where attackers scale infinitely while defenders stay stuck in manual mode.

We recruited brilliant analysts and placed them in SOCs where we essentially forced them to act like robots. We asked them to stare at dashboards, copy-paste data between tools, run repetitive scripts, and manually close tickets. 

It didn’t work. It led to burnout, turnover, and missed threats. And as of this week, that strategy is not just failing, it is officially obsolete. 

You cannot fight machine speed with human speed.

The VoidLink Wake-Up Call

Check Point Research recently published its findings on VoidLink, and it serves as a grim milestone for our industry.

We’ve seen AI-generated scripts before. We’ve seen attackers use LLMs to write better phishing emails. But VoidLink is different. This is one of the first known instances where AI was used to architect, build, and deploy an entire advanced malware framework — complete with rootkits, implants, and modular plugins.

The most terrifying metric from the research isn’t technical; it’s temporal. The researchers found that AI enabled a single actor to condense what used to be months of nation-state-level development into mere days.

The Economics of Cybercrime Have Flipped

This is a turning point. The barrier to entry for sophisticated, high-velocity attacks has collapsed.

In the past, building a complex malware framework required a well-funded team, significant time, and deep expertise. Today, the investment required to build sophisticated threats is dropping near zero.

When the cost of attack creates a floor of near-zero, the volume of attacks will naturally hit a ceiling of infinity. The incentive for attackers has never been higher because the risk and resource requirements have never been lower.

The Asymmetrical Warfare Gap

This creates a velocity gap that human teams can no longer bridge. We are now facing an asymmetry canyon:

• The attackers are using AI to code, adapt, and scale attacks at machine speed.
• The defenders are largely still waiting for a human analyst to wake up, read an alert, interpret the context, and manually run a playbook.

You can’t fight AI speed with human speed. If you try, you will lose every time. The “1-10-60” rule (1 minute to detect, 10 to investigate, 60 to remediate) is dead. In the age of VoidLink, 60 minutes is an eternity.

Enter the Agentic SOC

This reality is exactly why Torq raised our $140M Series D. We recognized that better automation wasn’t the answer. Automation is linear Iteration that follows a script. But AI-driven threats are dynamic. They don’t follow scripts.

We’re building the agentic SOC.

We’re moving the industry away from static, simple playbooks and toward autonomous AI Agents. These agents don’t just follow if/then logic. They possess the reasoning capabilities to investigate alerts, understand context, make decisions, and execute complex remediation autonomously.

We’re building a defense architecture where machines fight machines, freeing our human defenders to do what they do best: strategy, threat hunting, and high-level decision-making.

Machine-vs-Machine Defense: The Only Way to Win Asymmetric Warfare

The era of the Tier 1 analyst as a data-fetcher is over. We have to stop fighting the future with the past. The only way to survive asymmetric warfare in the VoidLink era is to fight fire with fire — or, more accurately, to counter autonomous threats with autonomous defense.

VoidLink is just the first wave of this new reality. And at Torq, we’re just getting started.

Asymmetric warfare demands an asymmetric response. The human-speed SOC can’t win against machine-speed threats — but the agentic SOC can. See how Torq is rewriting the rules of security operations.