Contents
Get a Personalized Demo
See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.
Security teams are being asked to move faster and handle more complexity, while the threats they defend against are increasingly AI-assisted. When I wrote about VoidLink in January, my point was simple: you cannot fight machine-speed threats with human-speed defense. Attackers are using AI to code, adapt, and scale attacks while humans are still grinding away doing the heavy lifting in the SOC.
Earlier this year, Torq raised our $140M Series D to build the agentic SOC, where machines fight machines. This requires AI that goes far beyond just triaging alerts or summarizing threats. The agentic SOC must cover the complete SecOps lifecycle — from triage to fix, from Tier 1 to Tier 3, from builder to responder.
Simply better automation isn’t enough. Agentic automation is.
Today, we’re announcing Agentic Builder — a critical extension of the Torq AI SOC Platform, and the most significant step we’ve taken toward making the agentic SOC a practical reality for every security team.
The Problem Hasn’t Changed
The SOC’s struggle isn’t a people problem. The security teams I speak to every day are sharp, dedicated, and deeply skilled. The problem is legacy security models that expect human beings to act like machines, doing repetitive work at a pace and scale that human beings will never be able to sustain.
We’ve spent the last few years solving the first half of that problem, deploying agentic AI to handle the triage, investigation, and response that was drowning analysts. That’s working. Our customers are closing over 90% of security cases autonomously. Carvana is handling 100% of their Tier 1 alerts with Torq AI Agents. The average tenure of a security analyst using Torq is increasing, and teams are handling more work without adding headcount.
After successfully delivering AI capabilities that have freed SOC analysts from overwhelming alerts, false positives, and fatigue, Torq now liberates SecOps engineers and architects from the manual tedium that delays value realization. Torq is ensuring defenders move faster than attackers — autonomously, intelligently, and without limits.”
But there’s a second major constraint to address: the engineering bottleneck. Building and maintaining the agents that do this work still requires human effort. It requires skilled engineers to create and maintain workflows as new threat categories emerge, format security cases, and write the logic for custom AI agents.
Hyperautomation’s no-code automation and drag-and-drop building solved a lot of the pain surrounding security engineering caused by legacy SOAR, but there is still a baseline of work hours that need to be dedicated to the maintenance overtime.
And if VoidLink taught us anything it is that “agentic coding” is accelerating threat engineering. Malware that once took months to create can now be produced in less than a 2-week agile sprint. It is not fair to expect humans to fight back against that level of machine-speed engineering. The agentic SOC must address every source of SecOps fatigue across the full threat lifecycle, not just a single piece of the larger puzzle.
That’s the problem Torq’s Agentic Builder solves.
What is Agentic Coding, and Why Does It Matter?
If you work in software development, you’ve watched what Cursor has done to engineering productivity. It didn’t just autocomplete code or create a chatbot that would discuss what code might look like. It moved to autonomous, multi-file execution — reading the full codebase, understanding dependencies, writing orchestration logic, and producing working output.
The shift wasn’t incremental. It was categorical.
Agentic coding is when an AI autonomously plans, writes, executes, and iterates on code to complete multi-step development tasks. The same categorical shift is now possible in security operations, which is exactly what we built here at Torq.
Within SecOps, agentic coding means ingesting a high-level security objective, planning, building across available security tools, running validation tests, and iterating until operationally correct in a production SOC environment. The AI operates with full system context, breaks down complex intent-based goals, executes independently, iterates against real feedback, and produces production-ready outputs.
This shift the cognitive load of engineering security automation from humans to machines, taking SecOps from “here’s a workflow template for you to start with” to “here’s a fully working security agent that is already integrated across your stack”
From Intent to Working Agent
Torq Agentic Builder builds production-grade AI agents from natural language prompts through contextual analysis, planning, and testing — effectively turning human intent into agentic outcomes in minutes.
Here’s what Agentic Builder actually does:
- A SOC engineer or security architect describes what they need. Something like: “Correlate EDR alerts with suspicious login attempts and known malicious IPs, map to MITRE ATT&CK, and escalate based on severity.”
- From that intent, Agentic Builder — part of Torq Socrates, the core orchestrator of the Torq AI SOC Platform — takes over to:
- Read your integrations, available APIs, existing workflows, runbooks, and case schemas
- Plan the assignment, selects the right tools, and defines guardrails
- Write the orchestration logic
- Build a deployable Torq HyperAgents™
- Test it against real scenarios before anything goes live — showing you every step, tool call, and output so you can refine behavior until it matches how your SOC actually runs
Nothing deploys without your explicit approval so humans remain the on-the-loop reviewers while the machine handles the execution, and heavy lifting, at machine speed. The output isn’t a template or a suggestion — it’s a working security agent, already integrated across your stack, ready to manage alerts 24/7.
What Agentic Coding Means for Security Teams
The historic tradeoff in security automation has been speed versus control. You could move fast and accept the risk or move carefully and fall behind the threat, but neither option was good enough. Agentic Builder eliminates that tradeoff.
With agentic coding, security engineers and architects can now design and operationalize sophisticated, agentic security workflows in minutes — without sacrificing governance, transparency, or control. Each agent is tested against real data before deployment, surfacing every decision for review, and continuously monitoring and auto-calibrating the SecOps workflow in production to eliminate the risk of drift.
That frees your best people to do what they do best: threat hunting, strategic risk decisions, and high-stakes incident response.
Where We’re Headed: Security Engineering at Machine Speed
Torq raised our Series D because we believe that the future of security operations is agentic, and we are uniquely positioned to deliver that reality. Not AI as a feature bolted on or another point solution, but full threat lifecycle management — from alert through remediation — with humans in control and machines doing the work.
Agentic Builder is the next chapter in that story. It means the Torq AI SOC Platform doesn’t just run your SOC, it helps you build it, scale it, and continuously improve it while keeping pace with an adversary that never slows down.
Torq is providing exclusive demos of Agentic Builder for qualified RSAC attendees, March 23-26, at Booth #527, South Expo Hall, Moscone Center in San Francisco.
