AI AI SOC News & Events

Torq’s New Security Milestones: BSI C5 & ISO 42001 Certifications

By Aner Izraeli

December 4, 2025

3 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Aner Izraeli is the Chief Information Security Officer (CISO) at Torq. He leads Torq’s cybersecurity strategy with a focus on innovation and resilience. Aner’s career spans over two decades in the cybersecurity field, where he has consistently demonstrated expertise in SIEM/SOC, incident response, and network security.

We’re proud to announce that Torq has recently completed two important milestones in our security and AI governance journey: German BSI C5 certification and ISO 42001:2023 certification.

These achievements reflect the same principle that guides our platform development every day — pairing cutting-edge AI innovation with the operational rigor enterprises expect. As our capabilities expand across Hyperautomation, agentic AI, and multi-tenant SOC operations, we continue to invest heavily in the foundations that keep the platform resilient, secure, and dependable at scale.

These new certifications join our existing SOC 2 Type 2, HIPAA, and ISO 27001 compliance frameworks, and reflect our ongoing commitment to delivering a platform that stays secure, governed, and dependable as customers scale.

Raising the Bar for Secure, Enterprise-Ready AI

Our customers rely on Torq for mission-critical security operations, and they expect a platform that stays resilient under pressure.

These certifications help us show — independently and transparently — that we meet rigorous standards for security, reliability, and responsible AI practices. These certifications validate not only the strength of our architecture but also our ongoing commitment to continually improve every aspect of the platform, enabling customers to trust Torq with their most sensitive workflows.

Why Do These Certifications Matter for Modern Security Operations?

German BSI C5: Proving Operational Security at Enterprise Scale

BSI C5 verifies the strength of our operational security foundation. It assesses how we secure and manage the infrastructure that supports Torq HyperSOC™, including:

Secure system configuration and hardened environments
Access control and identity management
Continuous monitoring of systems and workloads
Robust vulnerability and patch management
Structured incident detection and response processes
Strong data protection and privacy safeguards

For customers running large, distributed, or highly regulated environments, BSI C5 signals that Torq is built to operate securely at scale — and engineered to stay that way.

ISO 42001: The Global Standard for Responsible, Well-Governed AI

ISO 42001 is the first global standard for responsible AI operations. It confirms that Torq’s AI capabilities operate within a tightly governed lifecycle, covering:

AI risk management and accountability
Transparent and explainable AI practices
Model lifecycle governance (design → development → deployment → review)
Protections against bias and unfair outcomes
Data quality controls for AI systems
Human oversight of automated deBSIions

It reflects our commitment to building AI that is not only powerful, but safe, reliable, and aligned with the expectations of modern enterprises.

What This Means for Torq Customers

Becoming an ISO 42001 and BSI C5 certified company is an important step forward, and we’re not stopping here. As Torq continues to expand capabilities across AI SOC operations, we remain committed to:

Delivering innovation without compromising stability
Building AI systems that are explainable, governed, and secure
Maintaining a platform foundation that is resilient, mature, and ready for enterprise scale
Following the industry’s strongest operational and compliance standards

Our mission is to give customers technology that moves fast — on top of an operational backbone built to last.

Torq’s new certifications strengthen the same foundation highlighted in the latest GigaOm SecOps Automation Report, where Torq is recognized as a market Leader. See why our secure, multi-agent, enterprise-grade platform outperforms legacy SOAR.

Get the Radar

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI AI SOC Hyperautomation Integrations

Reco + Torq: Dynamic SaaS Security, Fully Automated

By Bob Boyle

December 2, 2025

5 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Torq AMP spotlights the partners redefining what’s possible in security operations. Each partner brings a unique strength that seamlessly extends Torq’s autonomous SOC platform. Together, these partnerships help SOC teams achieve speed, accuracy, and scale that were once out of reach. Explore the future of SOC in the AMP’d Sessions video series.

Modern security teams are wrestling with a new kind of sprawl — one built not on endpoints or networks, but on SaaS. Identity drift, over-permissioned apps, AI tools, and unchecked data access create thousands of risks every day. Most incidents now start with who has access to what, not malware on a machine. And with SaaS adoption surging across every department, the attack surface expands faster than any manual control can keep up.

In Episode 6 of the AMP’d Sessions, we sat down with Todd Wilson, Head of Global Channels and Alliances at Reco, to show how organizations are tackling one of the hardest problems in security today: SaaS access risk. From shadow AI tools to over-permissioned apps to sensitive data movement inside platforms, the attack surface has shifted from endpoints to identities.

Through this integration, Reco maps the movement and Torq fixes it. Together, they turn messy SaaS environments into precise, governed, autonomous workflows.

Reco: Identity-Driven SaaS Visibility for the Modern SOC

SaaS is now the largest attack surface most companies have — and usually the least monitored. AI tools accelerate adoption even further, stacking identity drift, risky permissions, and shadow AI usage faster than humans can track.

Reco solves this by giving security teams deep, identity-first visibility across every SaaS app in use. That includes:

Full discovery of all sanctioned and unsanctioned SaaS and AI apps
Mapping who has access to what and whether that access is justified
Identifying risky permission sets, API scopes, and OAuth grants
Tracking data movement inside platforms like Google Drive and Microsoft 365

Enterprises often have more than 2,000 AI apps in active use, many granted through social logins, with wide-open access to sensitive data. That visibility alone changes the conversation — but visibility without action just moves the problem.

That’s where Torq comes in.

How the Reco + Torq Workflow Works

When Reco detects a high-risk SaaS access event — a suspicious AI app connection, abnormal permission grant, or data exposure — it sends that signal straight into Torq HyperSOC™. From there, agentic AI takes over.

Here’s the full flow as demonstrated in the AMP’d episode.

1. Reco Flags a Risky SaaS Access Event

In the demo, Reco identifies a user connecting Claude.ai to their corporate Google Drive — a risky action depending on the user’s role, data access, and organizational policy.

Reco enriches the event with identity context:

Who the user is
What they attempted to connect
What data the app is requesting
Whether the app is sanctioned, unsanctioned, or unknown
The user’s data exposure profile (PII, sensitive files, etc.)

Reco surfaces shadow AI usage and unsanctioned app connections instantly, giving security teams clear, identity-level visibility into who is using what and with what permissions.

2. HyperSOC Takes Over with Automated Validation and Policy Checks

Torq receives the Reco alert and triggers a Hyperautomated workflow that:

Pulls Google Workspace identity and group data
Checks for pre-approved AI app
Looks for personally identifiable information (PII) exposure tied to the user
Evaluates the request against business policy
Automatically revokes the connection if it violates policy

When Reco flags a high-risk SaaS event, Torq automatically pulls app details, sets context, and initializes an approval workflow without analyst intervention.

3. Socrates Investigates

If the case requires deeper investigation, Socrates, Torq’s AI SOC Analyst, steps in and:

Queries Reco for additional identity and permission detail
Summarizes risk in natural language
Writes a full AI-generated case summary
Suggests next-best actions aligned with internal policy

Torq turns the Reco signal into a structured case, mapping context, indicators, and risk so analysts see a complete, ready-to-act picture in seconds.

4. Autonomous Remediation

If the access request isn’t inherently malicious but needs validation, Torq handles it with a workflow that:

Opens a case
Notifies the user’s manager in Slack
Summarizes the risk and context
Asks for approval or denial
Logs all decisions in an immutable timeline

Once a decision is made:

If denied: Torq revokes the connection, restricts the user, and sends a notification.
If approved: Torq removes restrictions and allows the app connection automatically.

Torq loops the stakeholders into the decision, enriches the case with identity context from Reco, and documents every step for a fully audited SaaS access approval process.

Every step is consistent, policy-aligned, and documented. What once took hours of email back-and-forth now happens in minutes — or, in some cases, no time at all, if autonomous closure is enabled.

“What could have taken 8 hours of research is now 15 minutes. So if an analyst has to get involved — which most likely they don’t have to — it’s 15 minutes or zero.”

– Todd Wilson, Head of Global Channels and Alliances at Reco

Better Together: Torq + Reco

The Reco + Torq partnership gives security teams something they’ve never had before: identity-driven SaaS visibility and instant, autonomous control.

Together, we deliver:

Identity-driven context on every access risk
AI-to-AI triage and investigation across Reco and Torq
Autonomous remediation that enforces policy at scale
Repeatable business workflows for approvals, restrictions, and access requests
End-to-end auditability of all decisions and automated actions

Watch the full Reco + Torq AMP’d Session to see it in action.

Watch Now

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI SOC Hyperautomation Use Cases

Torq HyperAgents: The Next Evolution of Agentic SecOps

By Tal Benyunes

December 1, 2025

9 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Tal Benyunes was one of the first engineers at Torq and now leads Product for HyperAgents, Torq’s agentic AI initiative. Shaped by early career roles in mission-critical cybersecurity environments and leading companies, Tal brings deep technical expertise and strategic insight to the development of AI Agents. Today, Tal combines that engineering background with product strategy to shape the future of intelligent automation for Torq customers.

Security teams are drowning in alerts, processes, and telemetry coming from tool sprawl. Every SOC leader knows the pain: repetitive triage, endless enrichment steps, communication loops with employees and stakeholders, and constant ticket-handling overhead. Humans are left acting as interpreters between tools instead of focusing on real threat investigation.

The result: bottlenecks, burnout, missed alerts… and massive inefficiency.

AI is now shifting this paradigm. Instead of static workflows that only follow deterministic logic, we are entering the era of agentic security operations driven by adaptive AI Agents, working alongside your staff, and capable of reasoning, communicating, and taking action.

This is where Torq HyperAgents come in.

Our Solution: Torq HyperAgents

Since announcing a private preview of Torq HyperAgents at Black Hat USA 2025, we have worked closely with key design partners at Fortune 500 enterprises, including CISOs, SOC leads, and security engineers, to forge and refine a new approach to SecOps automation.

The result is a breakthrough capability that moves security automation beyond painstaking workflow assembly into thinking, adaptive operations — no more wiring workflows for every edge case. Instead, HyperAgents operate like a skilled analyst working alongside your staff.

Purpose-built for security operations, HyperAgents are transparent, autonomous, customizable AI Agents that transform SecOps workflows. They reason, make decisions, and take action. They execute security tasks end-to-end, not as scripted steps but as reasoned operations that understand context and adapt to diverse use cases and evolving conditions.

Each HyperAgent is composed of three main components:

Instruction and guidance define the agent’s mission, boundaries, and goals.
- Instruction: What the agent must accomplish
- Guidance: How it should behave, escalate, and prioritize
The AI model: The intelligence powering the agent — interpreting instructions, applying context, and generating actions or decisions based on patterns and real-world data.
The AI agent toolbox: A set of tools, APIs, actions, and integrations the agent can use to execute tasks across your security stack.

The IOC Enricher HyperAgent uses its toolbox of integrations like VirusTotal to gather context and deliver structured intelligence.

What Makes a HyperAgent Different?

HyperAgents are described by the following characteristics and are designed to operate within multi-agent architectures where several coordinated agents reason, communicate, and take action together:

Customizable to match the customer’s specific environment and security policies
Security-oriented with guardrails, audits, and reasoning baked in
Easy to use with natural language configuration and tools management
Transparent and accountable so you see how and why decisions are made, with full audit trails and guardrails that keep HyperAgents reliable in enterprise environments

HyperAgents extract and enrich every IOC automatically, mapping each indicator to the right tool for investigation.

Why HyperAgents Matter

HyperAgents represent the next evolution of Torq’s vision for the AI SOC, a world where humans and AI collaborate seamlessly, infusing intelligence into traditionally static workflows.

As the number of detection tools grows, so do the flood of events and alerts. With increasing complexity and volume, security operations teams struggle to keep pace, often constrained by limited time and talent.

HyperAgents change that narrative altogether, equipping SOC teams with cutting-edge tech that delivers SecOps at scale. They work alongside your human experts, taking on repetitive tasks, analyzing context, and pivoting at machine speed. As such, Torq HyperAgents are a force multiplier that redefines how modern SOCs operate.

By automating the repetitive and mundane tasks traditionally handled by Tier 1 analysts – such as enrichment, normalization, correlation, and triage — HyperAgents give your SOC analysts the time they need to focus on what really matters: deep investigations, threat hunting, and advanced detection engineering.

How HyperAgents Work

A HyperAgent orchestrates intelligent security operations through an iterative loop. Here’s how.

Tool Interaction

As shown on the left side of the diagram above, the HyperAgent interacts with various SOC tools and platforms, including identity systems, messaging platforms, and security products, to gather the necessary information. It then processes and normalizes the data so that it can be used in a clear, structured manner. This ensures that every step is based on up-to-date contextual information rather than static, predefined logic.

LLM-Driven Reasoning

As shown on the right side of the diagram above, the HyperAgent collaborates with an LLM to inform its reasoning. The HyperAgent generates a constructed query that incorporates the situation, available tools, and relevant prior context. The LLM returns an execution plan detailing what to do next, which tool to call, and what parameters to use. The HyperAgent then carries out those actions, evaluates results, and loops as needed until the task is complete.

Core Elements of Torq HyperAgents

Multi-Stage Reasoning

HyperAgents break down their mission into deliberate steps. Analyzing signals, weighing options, and determining the best next move at each stage. They use short-term memory to retain context and learn from prior actions, ensuring every decision builds on the last and drives consistent, goal-oriented outcomes.

The execution flow shows HyperAgents chaining reasoning and tool calls to investigate alerts end-to-end without manual intervention.

Total Customizability and Bring Your Own AI Models

We’ve seen tremendous demand for a wide variety of AI model options — from providers like OpenAI, Google Vertex, Anthropic, and AWS Bedrock, to models such as GPT, Claude Sonnet, and Gemini — enabling users to leverage the best model for each specific task. There’s also a growing need to use internal AI model subscriptions. Customers want to utilize their own AI models to gain greater flexibility and ensure security. HyperAgents are designed to support exactly that level of flexibility.

Templates Library

Torq’s template library provides ready-to-use HyperAgents that accelerate deployment of intelligent, security workflows.

Torq offers a collection of ready-to-use HyperAgents designed to deliver immediate value for security operations teams. These templates provide a strong starting point for customization, allowing teams to operationalize HyperAgents while learning from proven best practices quickly. They help users accelerate adoption, adapt workflows to their needs, and draw inspiration when tailoring HyperAgents to their specific needs.

What Makes Torq HyperAgents Unique?

While other “AI automations” in the market still rely on static workflows dressed up with LLM prompts, Torq HyperAgents are autonomous operational entities, each with:

Contextual reasoning
The ability to communicate and gather information in real time
Built-in transparency mechanisms and compliance guardrails
Its own memory and state logic

This is adaptive security operations, not linear automation.

HyperAgent in Action: EDR Alert Triage

Use Case: Automated security alert triage and decisioning

Triage is one of the team’s core missions, to rapidly make high-quality conclusions about whether an alert is malicious or not. It is also known all too well to be a manual and repetitive task.

One of the most common use cases for HyperAgents is to automate triage missions. Below, we outline how HyperAgents can help.

Processes that are traditionally manual and repetitive — such as enriching IOCs related to an alert, collecting and exchanging data about the alert, and opening a case with all relevant details — can now be done effortlessly using just three easy-to-use and easy-to-maintain HyperAgents.

This workflow shows how a CrowdStrike alert triggers a multi-agent sequence across Torq HyperAgents, moving from enrichment to communication to SOC decisioning, then completing the case automatically.

Step 1: Enrichment HyperAgent

The EDR triage agentic workflow shown above includes a source (EDR) trigger, in this case from CrowdStrike. The Enrichment HyperAgent is provided instructions on its role, objective, and available tools at its disposal. Its job is to:

Identify device logs, network traces, historical alerts, and IOCs
Normalize and correlate the data
Interpret suspicious activity
Pass structured intelligence to the next HyperAgent

The Enrichment HyperAgent reviews raw alert data, pulls user, device, and IOC details from integrated tools, and produces a structured summary that sets the foundation for downstream triage.

Step 2: Communication HyperAgent

The Communication HyperAgent takes input from the Enrichment HyperAgent, and then:

Reaches out to the relevant employee for clarification
Provides structured questions and response validation
Handles back-and-forth messaging without analyst involvement

Any SOC analyst reading this blog may already be rejoicing. With this mundane data collection taken off their plate, they can work on other tasks that they otherwise would not have time to address. The end result? HyperAgents expand the bandwidth and productivity of your existing staff.

Once the Communication HyperAgent has gathered the information required according to its instructions and role, it passes the data along to the HyperAgent in the next step, Decisioning & Ticketing.

The Communication HyperAgent sends contextual Slack messages to users, validates their responses, and feeds structured answers back into the investigation without analyst involvement.

Step 3: Decisioning & Ticketing HyperAgent

With full context, this Decisioning & Ticketing HyperAgent:

Determines severity and recommended next steps
Creates an incident ticket with complete evidence
Attaches enriched observables and artifacts
Closes benign alerts automatically with clear reasoning

The Decisioning & Ticketing HyperAgent analyzes all enriched evidence, assigns severity, creates a case with observables, and closes low-risk events while notifying the SOC with the full audit trail.

The result: The EDR alert triage completes in minutes, not hours, with complete explanatory detail readily available.

The IOC Enrichment HyperAgent extracts file hashes, IPs, domains, and URLs, selects the right tools, and generates a structured IOC report used in downstream decisioning.

We place strong emphasis on logging and auditing to create a trusted AI experience. Every action, including the reason, timing, and details, is recorded, allowing for review and export on demand.

The execution log captures the HyperAgent’s final reasoning, tool calls, and case actions, providing a complete audit trail for an alert resolved as a false positive.

HyperAgents: The Operational Core of Torq HyperSOC™

Torq HyperAgents represent the next evolution of security automation — security workflows that don’t just execute, but reason. By infusing agentic intelligence directly into SecOps’ daily work, HyperAgents drive operational efficiency, simplifying workflows and transforming manual processes to scalable, adaptive, AI-driven operations. Bottlenecks are eliminated, and human judgment and oversight remain intact.

Agentic SecOps combines the best of human expertise with AI-augmented, agentic workflows. This amplifies productivity and reduces risk at scale. Torq HyperAgents are the foundation on which this future SOC is being brought to life today.

For more on Torq’s HyperSOC platform, explore the 2025 GigaOm Autonomous SOC Radar Report.

Get the Report

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI AI SOC Hyperautomation Security Automation 101

How Agentic AI Security Is Shaping the Future of Cybersecurity

By Torq

November 24, 2025

11 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

The modern Security Operations Center (SOC) is no longer just busy; it is also increasingly complex. There is exponentially more data, more tools, and more attack surfaces than any human team can reasonably cover. The initial industry response — hiring more analysts to stare at more dashboards — doesn’t cut it anymore.

The first wave of AI adoption offered promise, but most deployments simply filled the SOC with chatbots and co-pilots. These tools explain alerts and summarize logs, but they do not act. They wait and assist only when prompted.

The future of the SOC isn’t about AI that talks; it’s about AI that independently acts, decides, plans, and executes security operations with minimal human intervention. This is the era of agentic AI security, and we’re only getting started.

Understanding Agentic Security in Modern Cybersecurity

What is Agentic AI Security?

Agentic AI refers to security solutions that utilize autonomous or semi-autonomous AI Agents to perform security operations tasks with minimal human intervention. AI agents can often independently reason, make decisions, plan multi-step workflows, and take actions to triage, investigate, and respond to security threats without constant human intervention. These systems behave more like digital analysts than scripted playbooks: they pursue goals, adapt when conditions change, and complete missions without requiring step-by-step instructions.

Unlike a standard automation script that follows a linear if/then logic path, or a GenAI chatbot that generates text based on a prompt, an agentic AI system functions as a digital worker. When given an objective — such as “Triage all phishing alerts” or “Contain compromised endpoints” — it determines the best sequence of steps to achieve that goal, adapting its approach if it encounters obstacles using a combination of deterministic and non-deterministic approaches.

Non-Deterministic vs. Deterministic AI

To understand agentic AI, you must understand the shift in security automation philosophy from deterministic to agentic:

Legacy SOAR (Deterministic): Rigid. If the log format changes, the playbook breaks. It requires a human to pre-program every single step.
Agentic AI security (Non-deterministic and reasoning): Adaptive. The system understands the task’s intent. If one tool fails, it reasons; for example: The EDR API timed out. I will try querying the firewall logs instead to verify the IP. This ability to reason and adapt — instead of simply follow pre-written instructions — is the core of agentic AI.

Defining Characteristics of Agentic AI Security

In security operations, agentic AI matters when it has these properties:

Goal orientation: Agents are given outcomes, not just steps. For example, reduce phishing backlog to zero while preserving business email uptime, or verify all high-risk logins within five minutes.
Autonomy with guardrails: Agents can decide and act without human approval on every step, but within clear boundaries, policies, and human-in-the-loop checkpoints for high-risk actions.
Perception and environment interaction: Agents ingest and interpret signals across your environment, including SIEM, EDR, IAM, cloud, SaaS, email, and more, and act back on those systems via APIs, tickets, and notifications.
Reasoning and planning: Agents break down complex incidents into multi-step plans, track progress, and adapt when new evidence appears or tools fail.
Tool use: Agents call tools the way a human analyst would: query an EDR, look up identity data, open or update a case, disable an account, adjust a firewall rule.
Learning and behavior adaptation: Agents improve over time based on feedback, outcomes, and updated policies.
Memory: Agents retain both short-term context for a case and long-term context across users, assets, and previous incidents, so decisions do not happen in isolation.

When these characteristics come together inside a security platform, you get agentic AI security rather than yet another assistant.

How Agentic AI Works in Autonomous Security Operations

Agentic AI systems operate through four architectural pillars. These allow the AI to move beyond text generation and take meaningful action inside the SOC.

1. Planning

Before an agentic system can act, it must sense and understand. In cybersecurity, this means ingesting real-time telemetry from the entire security stack, including SIEM, EDR, IAM, cloud, and email gateways. Unlike a SIEM that just stores logs, agentic AI actively listens for anomalies, parsing unstructured data into structured evidence. From there, it builds a plan: which tools to call, in what order, and what success looks like.

2. Memory

A chatbot has a short attention span. An agentic AI cybersecurity system requires persistent memory to understand both the immediate situation and the broader context, which includes:

Short-term memory: The context of the current incident (User X just failed 2FA).
Long-term memory: Historical context (User X travels to France often or This IP was flagged as benign last week). This memory enables the agentic system to make informed decisions based on the complete picture, rather than just the current alert.

This memory lets the agent interpret each alert in the context of user behavior, asset criticality, and previous outcomes, not as an isolated log line.

3. Reasoning

Reasoning is where the Large Language Model (LLM) shines. Using frameworks like ReAct (Reason + Act) or Chain of Thought, the agentic system breaks down a complex problem into steps.

Observation: “I see a suspicious PowerShell script.”
Thought: “I need to decode this script to understand its intent.”
Plan: “I will use a decoding tool, then check the domain against Threat Intel.”

4. Tool Use

Agentic AI is useless if it is trapped in a chat box. Agentic security systems need “hands” to interact with the real world, and in security operations, that translates into direct integrations with your entire technology stack via APIs, webhooks, and shells. The agent not only knows that CrowdStrike or Sentinel or Wiz exists, it knows which commands it is allowed to execute, and when:

Isolate a host
Search for a process hash
Look up a user in your identity provider
Open or update a case in ServiceNow
Purge emails from all inboxes

This combination of planning, memory, reasoning, and tool use is what turns agentic AI security into a working digital SOC analyst.

The Evolution from Manual Security to Agentic AI

The journey to the autonomous SOC has been paved with technologies that promised to solve the efficiency gap but fell short.

Stage 1: Legacy SOAR

Legacy SOAR promised relief but delivered complexity. These tools relied on brittle, linear playbooks. Building them required heavy coding, and maintaining them became a full-time job. They handled the “easy” automation but failed at anything requiring nuance.

Stage 2: GenAI Co-Pilots

The arrival of ChatGPT brought AI into the SOC, but largely as a sidekick. Analysts could ask, “What does this error code mean?” or “Draft a report.” While GenAI accelerated understanding, it didn’t reduce the volume of work. The analyst still had to click the buttons.

Stage 3: The Agentic Security Era

We are now in the phase of AI-driven Hyperautomation. Agentic AI combines the flexibility of GenAI with execution power far beyond SOAR. Built on elastic cloud infrastructure, Torq scales dynamically to handle virtually any event storm volume, processing hundreds of thousands to millions of events, while maintaining the same depth and quality of investigation for each one.

How Torq Powers the Agentic SOC

While traditional platforms rely on pre-defined playbooks, Torq’s architecture introduces a flexible model essential for agentic behavior.

Built for Adaptability

Legacy systems require heavy coding to handle complexity. Torq workflows are built using reusable steps, modular integrations, and dynamic data mapping, making them easier to adjust as tools and formats evolve.

Instead of forcing teams to hand-code logic or maintain rigid scripts, Torq lets analysts build automations through a no-code workflow builder backed by hundreds of integrations. This structure makes it possible for agentic AI to orchestrate complex multi-tool actions, drive escalations, enrich alerts, and interact with identity, cloud, and ticketing systems reliably and transparently.

Execution Through Transparent Workflows

Agentic AI in Torq doesn’t replace the underlying automation engine — it operates through it. Every autonomous action ultimately runs as a documented workflow built in the Torq platform. Workflows in Torq are constructed from triggers, steps, conditions, and integrations, all of which remain fully visible and editable. This ensures that even advanced, AI-driven actions stay grounded in a transparent automation framework.

The Intelligence Layer

To drive this autonomy, Torq leverages enterprise-grade foundation models, including OpenAI’s GPT-4 and Anthropic’s Claude 4.5, within its AI-native security architecture. This combination provides the system with persistent memory, contextual reasoning, and the full orchestration capabilities required to solve problems, not just summarize them.

Agentic AI Cybersecurity Use Cases

Agentic AI cybersecurity is not a theoretical concept for the future. Torq’s agentic AI is currently running in production environments — including at Fortune 500s — handling high-volume, high-noise workflows.

1. Autonomous Triage

Tier-1 triage is one of the most common workflow patterns documented in Torq. Using workflow triggers, enrichment steps, and case actions, AI agents automate the high-volume data gathering that normally overwhelms analysts.

Trigger: A SIEM or EDR sends an alert via webhook.
Enrichment: Workflows query threat intelligence and internal HR systems.
Decision: The AI agent classifies the alert (False Positive vs. True Positive).
Action: It auto-closes false positives or escalates true threats to specific teams.

Everything is visible in workflow logs, allowing teams to audit how each step was executed.

2. End-to-End Phishing Remediation

Phishing is dynamic; static playbooks struggle to catch up. An agentic approach mimics a human investigator.

Analysis: The agentic system parses headers, decodes URLs, and runs sandbox analysis.
Context: It checks user identity and history.
Remediation: If malicious, Torq searches the environment for the email, removes it from all inboxes, blocks the sender, and updates firewall rules, all while maintaining a full audit trail.

3. Cloud Security Auto-Remediation

In the cloud, risks appear and disappear in seconds. An agentic AI system acts as a 24/7 guardian of security posture.

Validation: When a misconfiguration alert fires, the workflow queries cloud APIs (AWS, Azure, GCP) to confirm the exposure.
Verification: The system messages the resource owner via Slack/Teams for verification.
Action: If no approval is received, the agentic AI applies conditional logic to revoke public access or modify configurations to restore compliance.

Risks, Challenges, and Governance in Agentic AI Security

The biggest barrier to adopting agentic AI is fear. What if the AI goes rogue? What if it shuts off the CEO’s laptop access?

Trust in AI can only be achieved through rigorous governance and architecture. This is where the distinction between human-in-the-loop and human-on-the-loop becomes vital.

Human-in-the-loop: The AI recommends actions but needs explicit approval for high-impact steps.
Human-on-the-loop: The AI executes within defined guardrails, with humans monitoring and able to intervene or override.

Transparency Through Execution Logs and Case Records

A black box is unacceptable in security. An agentic system must expose its reasoning and actions.

Torq provides detailed execution logs and case histories for every AI-driven workflow, including:

Inputs and outputs
Tools called and parameters used
Timestamps and outcomes

This makes it possible to answer the question, Why did the AI do that? with concrete evidence.

Enforcing Guardrails With RBAC, Permissions, and Approvals

Agentic security requires controls. Torq enforces Role-Based Access Control (RBAC) to limit which users (human or machine) can execute workflows. Critical actions — like account lockouts or network isolation — can be designed with human-in-the-loop approval steps. This ensures that high-impact remediations always require human validation, creating predictable boundaries for the AI.

Getting Started: Building Your First Agent-Ready Workflow

The Torq Knowledgebase outlines exactly how teams can create workflows for agentic AI to operate end-to-end. Start with a high-volume or high-noise process, such as phishing triage or endpoint alert enrichment, and define your desired outcome. In Torq, workflows begin with a trigger (an alert, API call, or scheduled event), followed by a sequence of steps that query systems, enrich data, create cases, or notify users.

Once you build and test the workflow, you can incorporate human approvals, connect additional integrations, and refine logic using execution logs. This documented structure makes workflows dependable, transparent, and ready for agentic AI to orchestrate at scale.

The Future is Autonomous

The shift to agentic AI security is inevitable. The math of the modern threat landscape simply doesn’t support a human-only defense strategy. Attackers are using AI to scale their assaults, which means defenders must use AI to scale their response.

Agentic AI allows organizations to move from a posture of coping to a posture of control. It frees human analysts to focus on threat hunting, strategy, and architecture, while the agentic system handles the noise.

Don’t settle for an AI that just chats. Demand an AI that works. Learn more about how to strategically approach agentic AI in the SOC in our AI or Die Manifesto.

Get the Manifesto

FAQs

How is agentic AI different from generative AI in cybersecurity?

Generative AI (like ChatGPT) is designed as assistants to answer questions, provide recommendations, and create content or summarize text based on prompts. Agentic AI is generative AI embedded within an autonomous execution framework, which uses the same LLM reasoning capabilities but adds persistent memory, tool integration with contextual understanding, and orchestration to execute multi-step security workflows independently. In cybersecurity, this means an agentic system can autonomously investigate alerts, query multiple tools, reason through complex threats, and take remedial actions (such as blocking an IP) without human intervention. GenAI talks; agentic AI acts.

How can organizations effectively govern and monitor agentic AI security systems?

Safe adoption relies on three pillars: transparency (logging the AI’s “chain of thought”), guardrails (restricting high-risk actions, such as locking C-level accounts), and human-in-the-loop checkpoints (requiring approval for sensitive remediations). Platforms like Torq HyperSOC™ build these controls directly into the workflow engine.

Will agentic AI replace human security analysts?

No. Agentic AI replaces grunt work, not people. It handles the high-volume, repetitive work — such as initial triage, data enrichment, and false positive dismissal — that leads to analyst burnout. This enables human analysts to shift their focus to high-value tasks, such as strategic threat hunting, complex incident response, and security architecture.

What are the best use cases for agentic AI security?

Agentic AI delivers the highest ROI when deployed in high-volume, repetitive workflows. The top use cases include autonomous triage (investigating and resolving false positives), phishing remediation (analyzing emails and removing malicious messages), identity protection (verifying suspicious logins via Slack/Teams), and cloud security (automatically remediating misconfigurations, such as public S3 buckets).

What industries are seeing the biggest impact from agentic security adoption?

Industries with high-volume data and strict compliance requirements — such as Finance, Healthcare, and SaaS — are experiencing the most significant impact. The ability to autonomously triage thousands of alerts and enforce cloud posture in real-time is critical for these sectors.

How do I get started with agentic AI in my SOC?

Start by automating Tier-1 triage. Use a platform like Torq to build a workflow that ingests alerts, enriches them with threat intel, and classifies them. Once you trust the AI’s decision-making on low-risk alerts, you can gradually expand its autonomy to include remediation actions, adding human approval steps where necessary.

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI SOC Integrations

Expel + Torq: Smarter Investigations, Automation, and AI-Powered SOC Workflows

By Dylan Jensen

November 19, 2025

6 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Dylan Jensen is the Manager of Sales Engineering at Torq, where he leads presales execution and supports customers in adopting security automation and AI-driven SOC operations. Dylan brings over a decade of experience in cybersecurity, encompassing security operations, automation platforms, and incident response. He combines deep technical expertise with a strong customer-facing approach to help teams navigate complex security challenges.

Security teams love Expel for its transparent Managed Detection and Response (MDR) and powerful investigative platform that brings clarity to alerts and incidents. Expel’s Workbench API gives you deep access into alerts, investigations, findings, comments, remediation actions, and much more — making it ideal for automation and orchestration.

But what if you could go beyond reporting and dashboards? What if your security operations platform could investigate, triage, and respond autonomously, driven by deterministic logic and AI?

That’s where Torq and Expel come together.

What Torq Adds to Your Expel MDR Workflows

Traditional workflow builders help teams automate tasks. Torq goes further — enabling AI workflows that can reason, decide, and act without waiting on human input. With deterministic guardrails and agentic AI, Torq doesn’t just move data between tools; it investigates alerts, prioritizes risk, and executes response actions at machine speed. This is the difference between connecting tools and running security operations.

Torq gives you a powerful way to automate Expel’s API-accessible capabilities using:

Deterministic playbooks: Clearly defined steps that follow your SOC processes.
Copy-paste curl integrations: Every action can be triggered via REST with ready-to-use curl commands.
AI Agents that act on your behalf: Triage, investigate, and update Expel data with natural language guidance and context.
Bidirectional sync: Change Expel investigations, comments, findings, and more from Torq and reflect changes back in Expel automatically.

Core Expel Actions You Can Automate with Torq

Instead of starting from a blank canvas, Torq delivers production-ready playbooks. These playbooks include: built-in escalation logic and SLAs, AI governance and guardrails for approvals, and safety checks.

Below are the key Expel resources and interactions that Torq can orchestrate, pulling from both the Workbench API documentation and your existing set of Torq actions.

Investigation Lifecycle

Retrieve investigations for analysis and routing.
Pull findings to understand what Expel SOC has determined.
Review actions tied to investigations.

Torq playbooks can create new findings or update investigation fields using POST/PATCH calls via Expel’s API. These investigation-related resources give Torq the ability to see what’s happening in Expel and take action.

Alert Data and Comments

Fetch alerts from Expel’s Workbench, filter by severity or source.
Retrieve discussion threads on investigations.
Log analyst notes programmatically or via AI Agent decisions.

Remediation Actions

Understand the available actions for a given investigation or alert.
Get detailed context around specific actions.
Kick off remediation directly from Torq using curl-based API calls.

These actions let Torq trigger containment, cleanup, or other security responses in sync with Expel’s recommended workflows.

How We Implement This in Torq

1. Deterministic Steps You Control

Torq playbooks execute step-by-step logic that maps to how your SOC works.

Step 1: Retrieve new Expel alerts
Step 2: Enrich context (SIEM, Endpoint, Threat Intel)
Step 3: Evaluate alert severity + indicators
Step 4: If criteria met → create investigation or escalate
Step 5: Write back comments, findings, remediation actions

2. Curl-Ready Integrations

Every API call Torq performs can be surfaced as a simple curl command for reuse or embedding.

curl 'https://workbench.expel.io/api/v2/expel_alerts?filter[status]=OPEN' \
-H "Authorization: Bearer $EXP_KEY"

3. AI Agents That Investigate Like Analysts

Torq’s AI Agents can:

Query Expel for alert details
Enrich with context from other systems
Triage and suggest next steps
Write back decisions as comments, tags, or remediation tasks

For example, an AI Agent can analyze five related Expel investigations, identify shared indicators, determine likely root cause, and update every case automatically — saving hours of analyst time.

4. Bidirectional Sync

Changes in Expel MDR — like an updated investigation status or new remediation details — can be reflected back to Torq playbooks, dashboards, and downstream tools automatically.

Real-World Use Cases: Torq + Expel

Automated Triage Pipeline

When a new alert arrives from Expel, Torq triggers a workflow. The workflow automatically enriches the alert by querying additional systems such as SIEMs, endpoint tools, or identity providers using predefined steps.

How Torq handles it:

Enrichment steps gather context (related alerts, user attributes, or asset details).
Conditional logic evaluates alert fields and enrichment results to determine the next action.
Based on these conditions, the workflow can create or update a Torq case, add findings or comments, and route the case to the appropriate queue or team.

All actions occur immediately as part of the workflow execution, without requiring an analyst to collect or enter data manually.

Remediation Acceleration

When alert severity or defined conditions meet response criteria, Torq workflows can initiate containment or remediation actions through supported integrations.

How Torq handles it:

Workflow steps invoke remediation actions via REST API calls or native integration actions.
Actions include isolating a host, disabling an account, blocking an IP address, or triggering response actions exposed by Expel or other security platforms.
These steps are executed automatically based on workflow logic, not manual intervention.

Because predefined workflow conditions drive remediation, response actions occur consistently and quickly, while still remaining fully visible in execution logs and case records.

Investigation Orchestration

Torq workflows can be triggered by events or on a scheduled basis to coordinate investigation activity across multiple alerts, cases, or teams.

How Torq handles it:

Scheduled workflows can query systems for open cases, active alerts, or unresolved findings.
Aggregated results can be summarized into case updates, notifications, or reports.
Additional workflows can be triggered to collect deeper context, request analyst review, or assign follow-up tasks.

This approach allows teams to standardize investigation processes, maintain visibility across concurrent incidents, and ensure no cases are missed.

Why Torq + Expel Is a Game-Changer for Security Operations

Combining Expel MDR and Torq turns great investigations into fast, repeatable outcomes. With the Expel + Torq integration, you can automate the full lifecycle — from alert intake and enrichment to investigation updates and remediation — using deterministic playbooks, AI-driven SOC workflows, and bidirectional sync.

Ready to operationalize it? Get started with our Don’t Die, Get Torq manifesto.

Get the Manifesto

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI AI SOC Hyperautomation

Survive the Holiday SOC Nightmare with Automation

By Torq

November 17, 2025

5 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

If you’re a CISO, your holiday season is probably defined by two things: family time and anxiety. Cybercriminals don’t celebrate the holidays. They know your SOC staff is running on fumes, paid-time-off accruals, and maybe checking 3am Slack messages from a ski slope. They strike when you are weakest.

The numbers aren’t entirely surprising: 86% of ransomware victims were targeted on a holiday or weekend, exploiting the fact that most organizations cut SOC coverage by half — and some leave their operations unstaffed altogether.

Security models that rely on human speed, human availability, and human judgment for Tier-1 and Tier-2 triage are the biggest, most unmanaged risk on your books. This holiday season, stop compensating for the human element and start building a defense that runs autonomously.

Four Holiday “Gifts” Hackers Leave for Understaffed SOCs

If you rely on traditional SOAR or any other legacy solution, you are exposing your business to four critical failures the moment your senior staff goes on PTO.

Your analysts are drowning in noise. The few running the skeleton crew during the holidays now have to triage a spike in “suspicious activity” from employees logging in from exotic vacation spots — the VPN alert paradox. It’s not just a workload issue; it’s a trust issue. Can that analyst, stressed and alone, tell the difference between a legitimate login from an employee in Thailand and an attacker in the same time zone?

The Autonomous Fix: Torq Hyperautomation™ doesn’t care if an alert comes in at 10am on a Tuesday or 11pm on Christmas Eve. Agentic AI handles all Tier-1/Tier-2 triage, enrichment, and context correlation instantaneously, ensuring only validated, high-priority incidents wake the on-call analyst.

2. The Silent Night Breach

The cost of a breach is directly tied to the Mean Time to Contain (MTTC). Attackers move laterally in minutes; if your containment relies on a single, sleepy analyst on-call, your MTTC goes from hours to days. Relying on a human to wake up, log in, and manually coordinate remediation is a financial and compliance liability. Human-led containment is simply a vulnerability during peak-risk times.

The Autonomous Fix: The autonomous SOC guarantees machine-speed containment (e.g., firewall block, identity lock, endpoint quarantine) for common and known threats, regardless of who is in the chair.

3. The Broken Playbook Fruitcake

Your legacy SOAR workflows are brittle, coded flows that rely on institutional knowledge to run. The moment the senior analyst who wrote the custom Python glue code is on a beach, that playbook is effectively dead — and so is your defense. A dependency on custom code is a dependency on the individual. You can’t afford to have your security posture tied to a single person’s vacation schedule.

The Autonomous Fix: Our no-code, API-first approach and multi-agent system architecture ensure all automated workflows are visible, centrally governed, and runnable by anyone.

4. The Compliance Ghost of Christmas Past

Regulations like SOC2, DORA, and the SEC’s disclosure rules don’t pause in December. Missing a critical incident due to understaffing is still a compliance failure, carrying massive potential fines and career risk. You need an audit trail that can prove, without human intervention, that an incident was detected, investigated, and contained according to policy.

The Autonomous Fix: Torq’s team of AI Agents automatically documents every detection, decision, and remediation step — creating a real-time audit trail you can present to auditors, not apologies to the board.

How Torq HyperSOC™ Saves the Holiday SOC

The CISO’s job isn’t to perfectly staff the SOC 24/7/365; it’s to build a defense that doesn’t require perfect staffing. You need to offload the reliability problem from your people to a platform designed for autonomy: Torq HyperSOC™.

Here’s how to stop staffing the gap and start automating the vulnerability, ensuring 24/7/365 coverage whether your team is full-stack or on skeleton crew.

Guaranteed Coverage with AI-Driven Response

Implement HyperSOC to handle all high-volume, low-fidelity incidents autonomously. Our agentic AI reasons, plans, and executes containment actions across your environment in milliseconds. The autonomous SOC guarantees the highest standard of defense when your analysts are away, ensuring only validated, high-severity incidents require human judgment.

No-Code Resilience for Any Team

Your defense shouldn’t depend on whoever wrote that Python script three holidays ago. Migrate all your fragile, code-based SOAR logic to our AI Workflow Builder. Our no-code architecture ensures all automated workflows are visible, centrally governed, and executable by anyone (or anything) — guaranteeing operational continuity.

Automated Compliance and Audit Trails

Use agentic AI not just to respond, but to generate the auditable reasoning trail for every autonomous action. This ensures compliance, even when no human was involved. You can confidently report to the board that containment was machine-speed, policy-driven, and thoroughly documented.

Give Analysts the Gift of Time Back

Every minute you automate is a minute your analysts get back — for strategy, for innovation, or for an actual holiday. Torq customers routinely save hundreds of analyst hours per quarter while improving MTTR, coverage, and team morale.

This holiday, trade burnout for balance and let Torq keep watch while your team finally gets a silent night.

Sleep Peacefully This Holiday Season — We’ll Leave the Torq On

This holiday season, give your team the gift of a break — and give your board the gift of guaranteed security. The autonomous SOC is the only system that truly operates 24/7/365. Stop settling for a security posture that is only as strong as the one analyst pulling the graveyard shift.

Don’t wait until the New Year to fix last year’s biggest problem.

Escape the Nightmare

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI AI SOC Hyperautomation Integrations

Panther + Torq: Closing the Loop on Detection & Response

By Bob Boyle

November 17, 2025

6 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Torq AMP spotlights the partners redefining what’s possible in security operations. Each partner brings a unique strength that seamlessly extends Torq’s autonomous SOC platform. Together, these partnerships help SOC teams achieve speed, accuracy, and scale that were once out of reach. Explore the future of SOC in the AMP’d Sessions video series.

For years, security teams have been trapped by legacy SIEM and SOAR solutions. They’re forced to make compromises — slashing data retention to 30 days to control costs, spending more time tuning brittle tools than hunting threats, and manually bridging the gap between a noisy alert and a meaningful response.

In the latest episode of Torq’s AMP’d Sessions, we sat down with Mike Olsen, Director of Partner Solutions Engineering at Panther, to discuss how customers are moving on from this broken model. They’re modernizing their SecOps data pipeline with Panther’s cloud-native data lake and Torq’s autonomous response.

Together, Torq and Panther deliver a closed-loop system that moves from detection to remediation at machine speed. Here’s how.

Panther’s Cloud-Native Data Lake: Built for the Modern SOC

The core problem with legacy SIEMs is their architecture. They weren’t built for the cloud era, forcing teams to choose between cost and visibility. Panther takes a different approach.

The foundation to the Panther platform is leveraging a cloud-native, modern data lake architecture. This serverless approach provides four key benefits:

Limitless scale: “We have a customer that’s ingesting 40 terabytes daily,” Olsen noted. Teams no longer have to make compromises on what security logs to keep.
Long-term retention: Instead of 30 days, Panther customers can retain data for at least a year in hot storage, enabling threat hunting and long-tail investigations without requiring rehydration.
Data ownership: Your data stays in your cloud. Panther supports a “bring your own data lake” model, avoiding the vendor lock-in of traditional SIEM.
Separation of compute and storage: This allows teams to “query petabytes of data at peak performance” without bogging down the system.

On top of this data lake, Panther employs a “Detection-as-Code” model. This gives teams the flexibility to write, tune, and deploy detections using Python, a low-code builder, or even AI-assisted creation, all managed in a CI/CD pipeline.

How Torq Turns Detection into Autonomous Response

Panther provides the high-fidelity detection and AI-driven triage; Torq provides the autonomous action. When Panther generates a high-confidence alert, it doesn’t just send a raw log. It sends a rich, AI-triaged case summary. Torq HyperSOC™ ingests this data and hands it to Socrates, Torq’s AI SOC Analyst. This initiates an AI-to-AI communication that is fully explainable and auditable.

Socrates reasons through Panther’s findings, orchestrates the necessary response actions through Hyperautomated workflows, and documents every step — transforming Panther’s T1-to-T2 analyst elevation into a T3 strategic “analyst-as-validator” model.

“Panther identifies what is happening, and then Torq decides what to do about it next.”

– Bob Boyle, Product Marketing Manager, Torq

Inside the Demo: From Data Lake to Autonomous Remediation

The AMP’d session demo showcased this closed-loop system in action, remediating a sophisticated identity-based threat from start to finish.

1. The Detection (Panther)

A high-fidelity correlation rule fired in Panther, combining two separate events:

Event 1: An Okta login from a “watch list” country (France).
Event 2: An M365 enumeration activity (like Get Users or List Admins) from the same user within 30 minutes.

Individually, these might be noise. Together, they could be something more. Panther’s AI Triage autonomously analyzed the events, generated a summary: “This is an anomalous login. The user, Timothy, is based in the U.S., not France,” and exposed its thinking steps for human validation.

Panther and Torq integration powering autonomous SecOps — Panther identifies suspicious login activity from a watchlist country and correlates it with Azure AD enumeration to elevate signal fidelity.

2. The AI-to-AI Handoff (Torq)

Torq ingested the correlated alert and Panther’s AI triage summary.

AI-to-AI: A Torq AI Agent evaluated Panther’s findings: “Based on Panther’s analysis, is this showing signs of persistence?”
The verdict: The Torq Agent confirmed “Recurrence: True,” mapped the attack to the MITRE Initial Access tactic, and automatically escalated the new case in Torq’s Case Management platform to ‘Critical’ priority.

3. The Autonomous Response (Socrates)

The critical case was automatically assigned to Socrates, Torq’s AI SOC Analyst, which followed its autonomous remediation runbook:

Investigation: Socrates reached back into Panther, querying the data lake for more user activity logs to broaden the investigation.
User verification: Torq’s communication agent autonomously interviewed the user, Timothy, directly in Slack: “Hey, Timothy, did you log in from France recently?” Timothy’s reply: “No.”
Containment: Based on that “No,” Socrates immediately executed its containment plan: it disabled the user’s Okta account and added the malicious IP address to a company-wide blocklist.
Notification: For business continuity, Socrates identified Timothy’s manager and sent them a Slack message: “Hey, there’s an active SOC incident… Timothy’s account is locked, and he won’t be able to respond.”

4. The Closed-Loop SecOps Pipeline

The entire cybersecurity lifecycle — from initial detection to full containment — happened in seconds. Every AI thought process, query, and action was logged in an immutable audit trail. The case was then escalated to a human analyst, not to work the alert, but to simply validate the autonomous actions already taken and close the case.

This partnership fundamentally changes the SecOps paradigm. It’s no longer a linear, manual handoff from a legacy SIEM to a brittle SOAR. It’s a single, intelligent, and closed-loop system, or what we like to call an autonomous SOC.

“What I’m most amped about is the combination of Panther’s AI-driven context from detection, and then combining that with Torq’s Hyperautomation for response. It’s really closing that loop and eliminating the manual gap between detection and action.”

– Mike Olsen, Director of Partner Solutions Engineering, Panther

Better Together: Torq + Panther

For security teams, the Torq and Panther partnership means:

Limitless scale: Ingest and retain all your security data in Panther’s data lake.
AI-triaged detections: Eliminate noise with Panther’s high-fidelity, AI-analyzed alerts.
AI-to-AI communication: Let Panther’s detection agents talk directly to Torq’s response agents for autonomous escalation.
Autonomous remediation: Go beyond simple automation to fully remediate threats — from investigation to containment and user verification — without human intervention.
End-to-end auditability: Maintain full, explainable audit logs of every AI decision and action, from detection to response.

Watch this workflow unfold in real time in the Torq + Panther AMP’d Session.

Watch Now

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

Customers Hyperautomation

Kenvue Turns Security Operations into a Strategic + Data-Driven Function

By Torq

November 12, 2025

6 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

The pace, complexity, and stakes of cybersecurity have changed — and most organizations are struggling to keep up. Every day, security operations centers (SOCs) are buried under thousands of security alerts from dozens of tools, each requiring validation, triage, and response. Meanwhile, attackers are using AI and automation to move faster and exploit every gap.

Most organizations struggle to keep up because their SOCs run on fragmented systems and manual processes. Too many tools, too little visibility, and not enough consistency to scale. What used to be a technical challenge has become a strategic business risk.

When every alert affects uptime, reputation, and compliance, SOC performance isn’t just an IT metric — it’s a business imperative. That’s why enterprises are embracing automated security workflows and security Hyperautomation — the foundation for modern, scalable security operations that defend at machine speed.

The Modern SOC Challenge

Across industries — from healthcare and retail to finance and tech — SOC teams face the same systemic challenges:

Inconsistent processes: Manual, siloed workflows lead to gaps in coverage and unpredictable results.
Limited visibility: Fragmented data across EDR, SIEM, IAM, and cloud tools makes it hard to see what’s actually happening.
Alert fatigue and burnout: Analysts spend most of their day validating false positives instead of investigating real threats.
Lack of measurable impact: Many SOCs can’t easily demonstrate performance, efficiency, or risk reduction to business stakeholders.

As a result, even well-staffed SOCs often operate reactively, always chasing incidents instead of improving resilience. To break this cycle, organizations need automated security workflows that standardize response, unify tools, and provide real-time visibility into performance and risk. That’s where Torq Hyperautomation™ comes in.

Hyperautomation: The Foundation for a Modern SOC

Hyperautomation transforms security operations from fragmented security workflows into a coordinated, self-improving system. It uses AI-driven security automation to connect every tool, process, and analyst decision, building the foundation for a continually improving SOC.

The benefits of implementing automated workflows extend far beyond speed:

Standardization: Every incident follows the same consistent, repeatable process.
Visibility: Unified context across tools ensures no critical alerts are missed.
Efficiency: AI-driven correlation eliminates manual triage and data entry.
Resilience: Automated responses scale effortlessly across hybrid and cloud environments.
Accountability: Built-in reporting and audit trails strengthen compliance and prove SOC value.

Inside Kenvue’s SOC Transformation with Torq

Global consumer health leader Kenvue — home to trusted brands like BAND-AID®, Listerine®, and Neutrogena® — faced these same challenges on an enterprise scale. Their outsourced “black box” SOC delivered coverage but not transparency. The team lacked visibility into how incidents were handled, and there was no consistent process to measure or improve performance.

When Kenvue brought operations in-house, they aimed to modernize security operations with automated security workflows that delivered consistency, visibility, and measurable value.

Their objectives:

Replace black-box operations with transparency
Establish consistent, standardized workflows across global teams
Prove quantifiable business value through data and visibility

They chose Torq Hyperautomation as their foundation to automate tasks and transform the SOC’s operation.

“It’s clear Torq was built for security operations functions — and it’s head and shoulders above any other automation tool I’ve used before.”

– Dustin Nowak, Cyber Threat Manager, Kenvue

How Kenvue Implemented Automated Security Workflows with Torq

Kenvue used Torq to implement automated security workflows that brought consistency, structure, and insight to every aspect of incident response.

Advanced Case Management Purpose-Built for SecOps

Torq provided Kenvue with mature case management, capturing observables, notes, and evidence in structured, repeatable formats. Every incident followed the same process, eliminating ambiguity and making investigations defensible and auditable by design.

“It wasn’t just about speed,” Dustin explained. “It was about consistency — and being able to prove we’re doing the right things the right way.”

Standardized Workflows for Consistency

Torq’s automated security workflows helped Kenvue normalize response procedures across dozens of incident types. Each case contained the same level of context, structured the same way, and followed the same escalation path.

This consistency built a foundation for speed and trust. Analysts no longer had to guess how to proceed, and leadership could see exactly what was happening, when, and why.

Unified Data for Actionable Insights

Before Torq, pulling meaningful metrics from scattered systems was difficult Now, with rich tagging and categorizations in Torq, Kenvue’s team can slice and dice data with depth and detail, creating a data-driven feedback loop that drives continuous improvement.

Interactive forms even allow other business units to submit issues directly into Torq, ensuring smooth intake for compliance or third-party incidents without extra manual steps.

SOC Transformation: More Than Just Workflow Automation

By adopting Torq, Kenvue achieved transformative outcomes:

Hit their automation goal in six months; automating 89% of cases
Reduced mean time to respond (MTTR) by 60%
Aligned their hybrid team around standardized, measurable processes
Built and adapted complex case workflows without sacrificing control

Even more critically, Torq enabled a deeper level of investigation. Analysts had more time to validate cases, detect anomalies, and trace threats that traditional tools and alert rules would have missed.

Today, Kenvue’s SOC is a measurable, strategic function that delivers real-time insights and value to the business. With Torq, they have the tools to show stakeholders:

Where risk exists and how it’s being addressed
How security posture is improving month over month
Why automated security workflows are the key to scaling without compromise

“We can now go to the business and say, ‘Here’s where the risk is, here’s how we brought that risk down, and we’re getting better at buying that risk down.’”

– Dustin Nowak, Cyber Threat Manager, Kenvue

Transform Your SOC with AI and Hyperautomation

Every enterprise — from startups to global brands — faces the same truth: cyber threats evolve faster than manual teams can react. Automated security workflows are the only way to keep pace. By unifying fragmented security workflows, minimizing human error, and enabling scalability, automation empowers SOCs to instantly and consistently handle every alert — from vulnerability management and phishing detection to cloud incident response.

But true modernization requires more than isolated automation. Hyperautomation creates an intelligent, scalable framework of consistency, visibility, and continuous improvement that protects not just your infrastructure, but your entire business.

Torq Hyperautomation™ empowers security leaders to:

Streamline operations through automated security workflows and unified case management.
Strengthen resilience with real-time insights into risks, trends, and SOC performance.
Elevate security’s role as a strategic business enabler, not a back-office function.

See how you can achieve the same speed, visibility, and operational maturity as Kenvue. Read the full story of how Torq delivered measurable SOC impact through automated security workflows combined with a strategic focus.

Read the Case Study

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI SOC Customers Hyperautomation

How Agoda Scaled Security and IT Operations with Hyperautomation

By Torq

November 6, 2025

7 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

For global digital platforms, speed and trust go hand in hand. Millions of users expect seamless experiences — from instant logins and secure transactions to real-time updates across multiple devices and regions. Behind that simplicity sits a complex ecosystem of cloud services, APIs, and data integrations operating across time zones and compliance frameworks.

As digital ecosystems scale, so does operational complexity. Security and IT automation have become essential for maintaining performance, compliance, and user trust. Security teams must safeguard customer data while IT teams ensure uptime and availability — both responding instantly to incidents and supporting rapid development cycles.

Yet many enterprises still struggle with manual workflows, overlapping tools, and limited visibility into security alerts and service requests. Legacy orchestration platforms and old playbooks can’t keep up. Routine actions like enriching alerts, resetting credentials, or escalating tickets consume hours instead of seconds, slowing teams down and increasing operational risk.

Modern enterprises need unified, automated cybersecurity — a no-code, automation-first approach that connects tools, eliminates handoffs, and delivers real-time visibility across security and IT operations. Only then can organizations scale securely while maintaining the agility their customers expect.

3 SOC Challenges for Global Digital Platforms Solved by Security and IT Automation

For digital service providers, success depends on their ability to move quickly without compromising security. Hyperautomation makes that possible, bringing secure automation to every corner of the enterprise.

1. Alert Triage and Enrichment

With security automation, teams can automatically aggregate, enrich, and prioritize alerts from multiple cloud and endpoint systems, so that analysts focus only on high-fidelity, business-critical threats.

Workflow Steps:

Receive new alerts from SIEM or XDR tools.
Execute parallel enrichment tasks to pull context from EDR, IAM, and cloud telemetry sources.
Extract indicators such as IPs, hashes, and user IDs, correlating them with threat intelligence feeds.
Apply AI-driven risk scoring to classify alerts as benign, suspicious, or critical.
Automatically close low-risk alerts and create cases for confirmed threats.

2. Cloud Misconfiguration Detection and Remediation

Automate the detection and response to misconfigurations or vulnerabilities across multi-cloud environments — ensuring compliance and reducing exposure windows.

Workflow Steps:

Receive configuration or vulnerability findings from a CSPM tool.
Filter for issues marked ‘High’ or ‘Critical.’
Enrich findings with asset metadata (e.g., owner, environment, region).
Trigger auto-remediation workflows — such as adjusting IAM permissions, rotating exposed keys, or enforcing encryption.
Validate the fix and update the case or ticket automatically.

3. Phishing Email Analysis and Response

Eliminate manual review of user-reported phishing emails by automating end-to-end triage, analysis, and containment.

Workflow Steps:

Monitor a dedicated mailbox for user-reported phishing submissions.
Extract and analyze message headers, links, and attachments using multiple security analysis tools.
Cross-check against threat intelligence feeds for known indicators.
If malicious, quarantine the email across all mailboxes, notify affected users, and open a security case.
If benign, notify the user with a safe, templated response and close the case automatically.

Benefits of Security and IT Automation

Connecting tools across cloud, IT, and security operations, security Hyperautomation eliminates manual handoffs and accelerates triage, investigation, and remediation. This brings consistent execution, faster response, and happier teams.

Key benefits for digital platforms include:

End-to-end visibility: Unified data flow across SIEM, ITSM, and identity tools
Consistent workflows: Repeatable, auditable processes across time zones
Faster response: Automation handles repetitive triage and enrichment in seconds
Reduced burnout: Teams focus on analysis, not administration

This shift turned security operations at Agoda from a reactive cost center into a proactive value driver — enabling faster incident response, automated IT support, and improved cross-team collaboration.

How Agoda Transformed Its SOC with Torq Hyperautomation

Agoda, one of the world’s leading online travel platforms, faced a pivotal challenge: modernizing its security operations while operating with a small, globally distributed team. At the same time, the company was migrating from legacy on-prem infrastructure to a modern, cloud-first security stack.

Existing automation tools required extensive custom coding and manual connector maintenance — slowing progress and limiting scalability. Agoda needed a flexible, no-code platform to unify alerts, automate investigations, and streamline IT workflows across its hybrid environment.

In 2020, after a successful proof of concept, Agoda selected Torq Hyperautomation™ to power its next phase of growth. The immediate results showed how quickly security and IT automation could deliver measurable impact.

Rapid time to value: Thanks to Torq’s no-code/low-code interface and extensive integration library, Agoda’s first automations were live within weeks — not months. Even complex workflows connecting SaaS apps to on-prem systems could be built in minutes.
Full-stack integrations: Without manual coding, Agoda connected its core security and IT tools — including cloud providers, endpoint platforms, and communication apps. Even complex SaaS-to-on-prem connections were built in minutes using native integrations and webhooks.
Hands-on partnership: Torq engineers co-built critical early workflows alongside Agoda’s team from proof of concept to production.

“Even Torq’s CTO jumped in to help us build during the early days — it was seamless.”

— Karthick Gopalakrishnan, Senior Security Engineer, Agoda

What Agoda Hyperautomated

When Agoda implemented Torq’s Hyperautomation platform, its goal wasn’t just to automate tasks but to redefine how security and IT operations worked together. In a matter of weeks, the team replaced fragmented, manual processes with intelligent, AI-driven workflows that now operate 24/7 across the organization. From automated phishing response to instant IT service resolutions, Agoda’s automation framework has become the backbone of its global operations.

24/7 Automated Phishing Response

Every phishing report submitted through Outlook now flows directly into Torq. AI-driven enrichment and classification automatically determine whether a message is benign, suspicious, or malicious — and respond accordingly.

30–40 daily submissions handled autonomously
2-minute average response time to reporters
Zero analyst intervention required

Instant IT Service Resolutions

Agoda’s IT service desk now resolves 200–300 password resets per month automatically. App deployment requests that once took a full day are completed in under 10 minutes. This shift freed both IT and security teams from repetitive, low-value tasks and improved employee experience across global offices.

Faster, Smarter Incident Response

Torq now orchestrates Agoda’s incident response, enriching alerts, isolating compromised systems, and even automatically resetting credentials. Response actions that once required analysts to coordinate across multiple tools now run in parallel, with full audit logs and human-in-the-loop control for sensitive cases.

Expanded Impact Across Teams

What began as a SOC initiative has evolved into a company-wide automation initiative. IT, engineering, and security teams now build their own workflows for use cases like proxy whitelisting, onboarding, and even automated threat-model draft generation for developers.

Results that Scale Across Security and IT

With Torq, Agoda redefined what speed and scale mean in a global enterprise. The adoption of security and IT automation bridged once-disconnected teams, slashed manual workloads, and accelerated both detection and resolution. Every workflow — from phishing triage to password resets — now runs smarter, faster, and more consistently than ever before.

89% of alert actions automated
Response times reduced by 60%
50% of IT tickets resolved automatically

“Torq outshines in MTTR reduction. Even if we’re offline, we know the threat is isolated. That’s a huge stress reliever for the team.”

— Laksh Gudipaty, Security Incident Response Manager, Agoda

Hyperautomation Enables Continuous Innovation

Agoda’s journey demonstrates the transformative power of security and IT automation. By embracing cybersecurity automation, their teams shifted from reactive to proactive, continuous improvement.

Hyperautomation gives modern businesses the same advantage Agoda achieved:

Continuous visibility across security and IT systems
Faster containment and reduced downtime
Proactive operations that scale with global demand

Read the Case Study

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

AI AI SOC Hyperautomation Integrations News & Events

Wizdom 2025: The Future of Cloud Security

By Chris Coburn

November 6, 2025

5 Minute Read

Get a Personalized Demo

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.

Request a Demo

Chris Coburn is the Senior Director of Technology Alliances at Torq, where he leads strategic partnerships that fuel innovation and growth. With experience scaling alliance programs at cybersecurity leaders like Recorded Future, he brings an execution-first mindset to ecosystem development. He’s the architect of Torq’s AMP program, redefining how partners integrate, collaborate, and win together.

This November, New York City and London became the epicenter of modern cloud defense as Wiz hosted its first-ever user conference, Wizdom, bringing together global leaders, builders, and innovators who are redefining how organizations secure the cloud.

Across three days of keynotes, workshops, and hands-on sessions, Wizdom 2025 explored the next frontier of cloud protection — where AI, automation, and human creativity converge to deliver resilience at machine speed. As a featured partner, Torq joined Wiz to showcase how AI-driven Hyperautomation and real-time orchestration empower security teams to move as fast as the environments they defend.

Together, Wiz and Torq shared what’s next: a unified model for autonomous cloud operations, built on visibility, context, and speed.

Key Takeaways from Wizdom 2025

At Wizdom 2025, one message stood out: AI isn’t just another shift in technology; it’s a complete redefinition of how cybersecurity, innovation, and leadership will operate in the next decade. The conversations on stage reflected a new reality for defenders: one where AI accelerates both sides of the battle, innovation demands constant reinvention, and success depends on how fast teams can adapt.

AI transformation: AI is moving faster than any technological revolution before it. Speakers at Wizdom 2025 warned that it’s creating an asymmetric landscape, where attackers rapidly exploit generative models, automation, and data scale — while defenders must evolve their own systems just as quickly. The organizations that thrive will be those that integrate AI into every layer of security, serving as a foundation for informed decision-making and effective response.
Innovation: The next generation of successful founders and leaders will be defined by their willingness to disrupt their own playbooks. Speakers called out the need for decentralized innovation, encouraging teams to run fast-moving “skunkworks” projects that challenge assumptions and test what’s possible. Great founders, they said, are the ones who see what’s next before the market does — and aren’t afraid to break their own models to get there.
The future of technology: AI will evolve through phases: augmenting humans and ultimately enabling autonomous agent-to-agent collaboration. That future introduces a new challenge: trust. As AI systems increasingly act independently, companies will need to collaborate across industries to establish standards, ensure transparency, and implement shared safeguards.
Leadership: The best leaders won’t control every move — they’ll set vision and build infrastructure that allows teams to experiment, fail safely, and learn fast. Empowering entrepreneurial thinking at every level is no longer optional; it’s how organizations will stay relevant when change happens at machine speed.

A Proven Partnership: Wiz + Torq in Action

The Wiz and Torq partnership has become a benchmark for how security operations should function in the cloud era, seamlessly connecting visibility with action, and detection with remediation.

Since becoming an inaugural Wiz Integration (WIN) launch partner, Torq HyperSOC™ has served as the automation and orchestration engine behind Wiz’s unified cloud visibility platform. Together, Wiz and Torq help organizations detect, prioritize, and resolve cloud threats in minutes.

When Wiz finds a misconfiguration, leaked credential, or active threat, Torq HyperSOC™ takes over instantly. Alerts flow directly into AI-driven workflows, where Socrates, Torq’s AI SOC Analyst, correlates findings, enriches telemetry, and automates containment. The result: zero silos, zero lag, and complete visibility across every cloud environment.

From AWS and Azure to GCP and Kubernetes, this integration bridges cloud security and SecOps, giving teams a continuous, autonomous loop between Wiz Defend detections and Torq’s Hyperautomated response.

Over the last few years, the partnership has gone from just an integration to a real SOC impact. Today, customers running Wiz + Torq report measurable results:

90% reduction in manual case handling
3–5x increase in SOC throughput
95%+ of Tier-1 and Tier-2 alerts remediated autonomously
10x faster MTTR, with visibility into zero-day threats within 24 hours

As one of Torq’s featured AMP’d partners, Wiz joined the AMP’d Sessions video series to show how visibility and automation combine to deliver cloud security at machine speed. This partnership is a shared vision for the future of security operations: unified visibility from Wiz, autonomous response from Torq, and a cloud SOC that never sleeps.

“The beauty about this partnership is that Torq was always there, side by side, as one of our design partners as we have evolved.”

– Oron Noah, VP of Product, Wiz

Get AMP’d: Wiz + Torq Demo

This AMP’d session shows exactly what happens when Wiz’s high-fidelity detections meet Torq’s autonomous response engine. AI Agents pick up the alert, triage it, enrich it, and contain the threat — all before a human even logs in.

Watch to learn how to:

Remediate cloud threats instantly
Strip out noise with intelligent triage
Grow your SOC’s impact with no-code automation

Watch Wiz’s Oron Noah and Torq’s Bob Boyle break down the workflow — then see how to bring it into your own SOC.

Watch the AMP’d Session

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO

Get a Demo

Contents

Get a Personalized Demo

Raising the Bar for Secure, Enterprise-Ready AI

Why Do These Certifications Matter for Modern Security Operations?

German BSI C5: Proving Operational Security at Enterprise Scale

ISO 42001: The Global Standard for Responsible, Well-Governed AI

What This Means for Torq Customers

Related Articles

From Security to IT: How Bloomreach Scaled Automation Across the Enterprise

The Future of Security Operations: Automated, Scalable, and Always-On

The Best Incident Response Tools & How to Automate Them with Torq

Ready to automate everything?

Contents

Get a Personalized Demo

Reco: Identity-Driven SaaS Visibility for the Modern SOC

How the Reco + Torq Workflow Works

1. Reco Flags a Risky SaaS Access Event

2. HyperSOC Takes Over with Automated Validation and Policy Checks

3. Socrates Investigates

4. Autonomous Remediation

Better Together: Torq + Reco

Related Articles

Your Security Product’s Favorite Integration Partner

Intezer + Torq: Agent to Agent Communciation

Panther + Torq: Closing the Loop on Detection & Response

Ready to automate everything?

Contents

Get a Personalized Demo

Our Solution: Torq HyperAgents

What Makes a HyperAgent Different?

Why HyperAgents Matter

How HyperAgents Work

Tool Interaction

LLM-Driven Reasoning

Core Elements of Torq HyperAgents

Multi-Stage Reasoning

Total Customizability and Bring Your Own AI Models

Templates Library

What Makes Torq HyperAgents Unique?

HyperAgent in Action: EDR Alert Triage

Step 1: Enrichment HyperAgent

Step 2: Communication HyperAgent

Step 3: Decisioning & Ticketing HyperAgent

HyperAgents: The Operational Core of Torq HyperSOC™

Related Articles

From Security to IT: How Bloomreach Scaled Automation Across the Enterprise

The Future of Security Operations: Automated, Scalable, and Always-On

The Best Incident Response Tools & How to Automate Them with Torq

Ready to automate everything?

Contents

Get a Personalized Demo

Understanding Agentic Security in Modern Cybersecurity

What is Agentic AI Security?

Non-Deterministic vs. Deterministic AI

Defining Characteristics of Agentic AI Security

How Agentic AI Works in Autonomous Security Operations

1. Planning

2. Memory

3. Reasoning

4. Tool Use

The Evolution from Manual Security to Agentic AI

Stage 1: Legacy SOAR

Stage 2: GenAI Co-Pilots

Stage 3: The Agentic Security Era

How Torq Powers the Agentic SOC

Built for Adaptability

Execution Through Transparent Workflows

The Intelligence Layer

Agentic AI Cybersecurity Use Cases

1. Autonomous Triage

2. End-to-End Phishing Remediation

3. Cloud Security Auto-Remediation

Risks, Challenges, and Governance in Agentic AI Security

Transparency Through Execution Logs and Case Records

Enforcing Guardrails With RBAC, Permissions, and Approvals

Getting Started: Building Your First Agent-Ready Workflow

The Future is Autonomous

FAQs

Related Articles

From Security to IT: How Bloomreach Scaled Automation Across the Enterprise