Torq HyperSOC™ is the First Autonomous SOC Platform with Native Model-Context Protocol (MCP) Support

Innovation in cybersecurity technology, particularly in security operations, is advancing at an incredible pace. The past few months have seen a surge in announcements of Agentic AI solutions and SOC Analyst AI Agents, transforming the landscape rapidly. At BlackHat USA 2023, Torq pioneered this space by introducing Socrates, the first AI Agent SOC Analyst. This highlights the remarkable acceleration of AI adoption in cybersecurity and the significant advancements made in a relatively short period.

Socrates, our Agentic AI SOC Analyst, has been up and running for a solid year and a half, which is pretty impressive for this kind of tech. It’s dealing with thousands of real security issues every hour for major companies. Since the initial release of Socrates, Torq has expanded our agentic AI portfolio by launching a comprehensive Multi-Agent System (MAS), as well as the latest version of Torq HyperSOC™ powered by Retrieval-Augmented Generation (RAG) technology.  

Even as new entrants jump on the AI-in-SOC bandwagon, Torq continues to push the envelope — Socrates keeps learning and evolving, and Torq remains steps ahead in the Autonomous SOC space.

Today, Torq is proud to announce another ‘first’ in the Autonomous Security Operations field: the first platform to support a Model-Context Protocol (MCP) natively in its architecture. This groundbreaking advancement unlocks a new realm of possibilities in security operations, enabling powerful and exciting outcomes that were previously unattainable. By integrating MCP into its core framework, Torq is paving the way for more intelligent, adaptive, and efficient security solutions, setting a new standard for the industry. 

Torq as a Model-Context Protocol Host: Endless Extensibility

Torq HyperSOC-2o acts as an Model-Context Protocol Host, meaning it can natively interface with MCP servers to both fetch context and execute actions. The flexibility of MCP makes integrations with corporate systems and cloud services more agile than ever. 

Your AI agent isn’t operating with a fixed toolbox — it can seamlessly tap into real-time data sources, internal databases, SaaS applications, cloud workloads, and more, all through standardized MCP connections. This extensibility ensures your autonomous SOC is always armed with the most up-to-date information and capabilities, leading to more intelligent and effective security operations.

Today, during the early days of Model-Context Protocol adoption, most MCP Servers available for use require self-hosting, making it extremely important to provide an enterprise-grade security for the transport and access layers in order to benefit from the capabilities without compromising the underlying data or operations.

Torq provides unique benefits by leveraging its secure communications infrastructure used for a scalable Hyperautomation of hybrid cloud environments.

The schematics above depicts how the Torq platform natively extends its automation and orchestration capabilities to become Model-Context Protocol hosts, allowing access to both self-hosted and cloud-hosted MCP servers in an intelligent and secure manner.

Key advantages of Torq’s native MCP Host capability include:

• Real-Time Contextual Awareness: AI-driven investigations can pull in live context (user details, asset data, threat intel, etc.) exactly when needed, rather than relying on stale or predefined inputs. This leads to smarter decisions and fewer false positives.
• Unlimited Extensibility: Thanks to MCP’s open standard, any new tool or data source that supports MCP can be plugged into your SOC workflows instantly. Torq HyperSOC-2o transforms into a plug-and-play powerhouse, adapting as your environment evolves.
• Faster, Smarter Response: Dynamic context enables higher-fidelity alerts and faster root-cause analysis. Early users have seen significant improvements in detection precision and response times, cutting down the investigative workload on analysts.
• Enterprise-Grade Security: All MCP interactions through Torq are encrypted, authenticated, and audited. You can safely connect to self-hosted knowledge bases or third-party MCP services, confident that communications meet your security and compliance standards.
  

Torq as an MCP Server: New Ways to Access Your Processes

Torq’s native Model-Context Protocol architecture opens up an exciting paradigm where Torq workflows, steps, and integrations can be securely utilized as tools and actions within other MCP Hosts. This enables a significant increase in productivity for both security professionals and organizational information employees. 

By providing secure, managed, and monitored organizational processes as context to external LLM applications such as Claude Desktop and various IDEs, Torq facilitates seamless integration and enhances the capabilities of these platforms. This approach ensures that sensitive organizational processes are handled with the utmost security while empowering users with advanced AI-driven functionalities.

Imagine an organization embracing self-service processes for various IT and Security functions as a means for increasing organizational efficiency. Torq Hyperautomation has been the hub for such activities since its inception, and now these processes can be accessed in a completely new way, through the organization’s chosen and adopted AI tools.

The schematics above depict how a Torq MCP Server provides access from the organization’s chosen AI tools to Torq workflows, steps, and integrations, increasing the efficiency of leveraging various organization-approved security operational practices natively.

For example, a security analyst using a chatbot interface like Anthropic’s Claude or a developer working in an IDE with an AI coding assistant can simply ask their AI agent to perform a task, “Hey AI, scan this newly reported IP across our logs and threat intel sources.” Behind the scenes, the AI agent invokes a Torq workflow (exposed via MCP) that conducts a multi-step investigation across all your tools, then returns the result directly into the chat or IDE. The person didn’t need to switch consoles or manually run any script; the AI, powered by Torq, handled it instantly.

Torq HyperSOC-2o makes this scenario a reality by providing a secure, managed, and monitored way for external AI applications (from chatbots to SIEMs to custom AI assistants) to leverage your organization’s existing Torq automations as first-class actions. Importantly, all of this is done with the utmost security and control. 

Torq’s permissioning and audit logs extend into the MCP domain, ensuring that any action an external AI triggers is authorized and tracked. Your sensitive processes remain protected, even as they become more accessible and useful to your teams via AI. 

In short, Torq as an MCP server turns the AI tools your team already uses into powerful gateways for your automated SOC workflows — dramatically increasing efficiency and accessibility without sacrificing security.

Security Operations Data as MCP Resources

The above examples of Torq’s innovation in natively adopting the Model-Context Protocol framework are just the beginning. The potential of MCP resources and prompts opens up an exciting avenue for creating native user experiences for navigating and analyzing security events and case data. By leveraging MCP, any AI tool can be transformed into a powerful threat hunting and digital forensics orchestration environment, providing unparalleled capabilities for security professionals. This advancement allows for deeper insights and more effective responses to security incidents, significantly enhancing an organization’s overall security posture.

Consider what this could mean: Analysts will be able to navigate and analyze security events through natural language via their AI assistants, with Torq feeding the relevant data on demand. An AI agent could correlate an ongoing incident with past cases, highlight patterns, or even suggest remediation steps by drawing from your organization’s entire trove of security knowledge — all in seconds, all within the AI’s conversational or analytical environment. 

This kind of seamless, context-rich interaction provides unparalleled capabilities for security professionals. It leads to deeper insights, more proactive threat hunting, and ultimately more effective responses to incidents. By breaking down data silos and making institutional knowledge available in real time through MCP, Torq HyperSOC-2o significantly enhances an organization’s overall security posture. It’s not just about doing things faster; it’s about empowering humans and AI to collaborate on tasks that were previously impossible.

Stay Tuned: This is Just The Beginning 

“An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense intuitive linear view”, said Ray Kurtzweil in “The law of accelerating returns” in 2021. Almost a quarter of a century later, this statement, which in itself can be seen as a generalization of Moore’s Law from 1965, is being proven as true time after time.

Torq’s journey with AI and automation in security is a testament to this acceleration. We went from conceptualizing an AI SOC analyst to having one in production within months, and now to enabling an open protocol that can fundamentally change how AI systems interact with security tools and data. And we’re far from done. 

Torq HyperSOC-2o’s introduction of native Model-Context Protocol support is just the first chapter in an exciting new era of autonomous security operations. Torq will continue to innovate and lead as technology races forward, ensuring our customers stay ahead of the curve. We are privileged to be part of this revolution – and we’re committed to driving it.

Stay tuned for more updates as we continue to expand what’s possible in the SOC. The future of security operations is unfolding now, and with Torq, you’re not just witnessing it — you’re leading it alongside us. Let’s embrace this future together and redefine what a truly autonomous SOC can achieve.