IDC, Gartner, and Cyber Research Analyst Francis Odum validate Torq HyperSOC-2o for establishing the important building blocks for achieving the autonomous SOC.

The autonomous SOC is here. It is no longer a distant reality, it’s not a pipe dream, and it’s certainly not just another cybersecurity buzzword. According to IDC’s latest report exploring the evolution from generative AI to agentic AI in cybersecurity, the autonomous SOC is “heaven on earth…everyone should want it.” 

And with the release of Torq HyperSOC-2o, now everyone can have it.  

WTF is HyperSOC-2o? 

HyperSOC-2o is the latest release of Torq HyperSOC™ — our most autonomous model to date and the first truly agentic SecOps platform. 

Torq HyperSOC™ was first released in April 2024 as a purpose-built solution that harnesses the power of the AI-driven Torq Hyperautomation™ platform to automate, manage, and monitor critical SOC responses at machine speed. At the time of initial launch, IDC had this to say: 

“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams.

Torq HyperSOC is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

Chris Kissel, Vice President, Security & Trust Products, IDC Research, Achieving Machine Speed Detection and Response  

A lot has changed since HyperSOC was first released, but SOC challenges remain the same. In a recent Emerging Techscape for Detection and Response Startups report, Gartner notes that as cybersecurity threats grow in volume and complexity, SOC teams continue to experience increasingly heavy workloads. While the surge in AI-supported threats demands more resources, more attention, and puts significant pressure on SOC teams to respond to threats effectively, Gartner says “AI agents are emerging as a critical solution to enhance efficiency, reduce burnout, and enable teams to focus on strategic initiatives.” 

SOC teams are still struggling to keep up with increasingly complex threats, utilizing the limited resources available to them. According to IDC’s report, “Agentic AI is the next step toward a more autonomous SOC, but there must also be a bridge where local decisions have to become extensible to the greater network.” That bridge is HyperSOC-2o. 

The Need for the Autonomous SOC

SOCs have been using AI, machine learning (ML), and large language models (LLMs) to collect information, assess risk, and prioritize alerts for some time now. These common GenAI use cases perform the first stages of security event triage, enabling security teams to interact and guide investigations through a natural language interface — significantly reducing the detection and response time to alerts. So why do we need the autonomous SOC?

An AI-influenced SOC, supported by a GenAI digital assistant, is still reliant on the ability and capacity of a human analyst to instruct and guide remediation actions. While security automation plays a significant role in the real-time response to these threats at machine speed — certainly faster than a human analyst could triage, investigate, and respond without GenAI augmentation — the truth is that GenAI and automation alone is still a reactive security posture. 

What good are AI-driven, triaged, enriched, and prioritized comprehensive security cases that sit there waiting for a human to press the big red remediate button, if SOC analysts are still drowning in so-called “high priority” alerts? AI is supposed to reduce a SOC analyst’s workload, not create more manual tasks to watch over and approve. 

Moving from the Aspirational to the Inspirational in SOC Processes

Agentic AI is different. The IDC report explains that “[agentic AI] can solve problems, adapt to its environment, and make complex decisions based on goals and available information. It does this in real time without constant human supervision. Agentic AI is self acting and self deterministic.” The promise is that agentic AI will become as effective on the prevention side as its GenAI predecessor has become in detection and response.

“By 2026, AI will increase SOC efficiency by 40% compared with 2024 efficiency, beginning a shift in SOC expertise toward AI development, maintenance and protection. AI and ML are revolutionizing proactive defense security by adding preemption and enhancing detection and response capabilities.”

Gartner, Emerging Tech: Techscape for Detection and Response Startups, March 2025

IDC goes on to state that the next leap towards the autonomous SOC is fusing the MTTD and MTTR improvements of GenAI with the human-like decision making of agentic AI to produce the following improved SOC outcomes:

• Agentic AI becomes the mastermind of every incident: AI agents will handle over 95% of manual case triage, investigation, and enrichment without requiring constant human intervention — shifting from human-in-the-loop to human-on-the-loop. This supervisory model means humans will get involved much later in the case management lifecycle, if at all — likely only when the AI agent deems a case critical enough to require human oversight. 

• The incident detection and response life cycle will have embedded compliance and governance: Blackbox decision making from AI solutions does not suffice. Agentic AI records the deterministic logic and reasoning behind its decision-making in real-time for a security case, reducing the manual burden and risk of human error associated with case management documentation today. 

• The threat detection and response life cycle greatly improves a company’s proactive cybersecurity posture: The three key pillars that define agentic AI and allow it to solve complex problems and make human-like decisions are semantic memory, episodic memory, and procedural memory. As a result, agentic AI can apply what it’s learned from managing similar incidents in the past to improve future response processes and adapt to the latest emerging threats.

• Fully automated responses will be nearly ubiquitous in the SOC: AKA… achieving the autonomous SOC. Together, GenAI and agentic AI will eliminate 95% of Tier-1 security tasks as most SOC processes become fully automated. 

Agentic AI has enormous potential in security operations because of its ability to process and solve problems like a human SOC analyst. Alone, however, agentic AI still isn’t enough to achieve autonomy — Hyperautomation becomes the key to holding it all together. To truly achieve the autonomous SOC, security teams must use agentic AI to combine and contextualize relevant security event data in an instant, then leverage Hyperautomation to take remediation action as quickly as possible, without the delay of human intervention. 

“Torq’s Hyperautomation capabilities can help improve the efficacy of security teams now and with an eye to the future. Hyperautomation is a type of glue logic that binds static entities, such as logs, directories, and applications, creating usable correlations for observation, detection and response, and remediation. Torq is working on all SOC fronts while improving MTTD, MTTR, threat hunting, and remediation actions impactfully. The agentic AI architecture is disruptive.”

Chris Kissel, Vice President, Security & Trust Products, IDC Research

The unique combination of GenAI, agentic AI, and Hyperautomation is why IDC recognizes Torq alone to have established the most important building blocks needed to achieve the autonomous SOC. 

HyperSOC-2o: Achieving the Autonomous SOC

Last week Torq announced HyperSOC-2o — the world’s first truly autonomous SOC. 

This latest version of Torq HyperSOC™ expands Torq’s Multi-Agent System (MAS) by incorporating cutting-edge Retrieval Augmented Generation (RAG) technology into existing agentic AI functionality. RAG allows Torq AI Agents to reference massive amounts of data and produce extremely specific outputs that are highly contextual, continuously improving in accuracy and enabling game-changing deep research capabilities. 

Socrates, the agentic AI SOC Analyst, sits at the helm of HyperSOC-2o, acting as an OmniAgent responsible for controlling and collaborating with four new RAG-enabled micro-agents. These agents are trained in specific areas of expertise and capable of using sophisticated iterative planning and reasoning to solve complex, multi-step problems autonomously. The four micro-agents are:

• Runbook Agent: Plans highly customized agentic threat investigations and responses based on its ability to learn from past incident outcomes, recognize similar attack patterns, and adapt to emerging threat vectors.
• Investigation Agent: Uncovers hidden attack patterns across disparate data sources, performs detailed root cause analysis, and accurately assesses threat impact to help HyperSOC-2o effectively prioritize responses.
• Remediation Agent: Takes action across the security stack either completely autonomously, or by intelligently escalating critical cases for human-in-the-loop remediation, reducing MTTR and enabling SOC analysts to trigger complex actions at machine speed.
• Case Management Agent: Delivers faster access to real-time and historical data through AI-generated case summaries, enabling more accurate threat identification, dynamic case prioritization, and streamlined decision-making by eliminating irrelevant noise.

Think of Socrates like the head coach of a football team. The head coach is surrounded by specialists — an offensive coordinator, a defensive coordinator, a special teams coordinator, assistant coaches, and so on. While it is the head coach’s responsibility to make the final play calls on game day, they rely heavily on their specialists to study the opponent’s game film, design the plays, and make real-time adjustments on the fly. 

This is exactly how Socrates operates. When a case is assigned to Socrates for auto-remediation — Socrates calls on the Runbook Agent to formulate the most efficient investigation and response strategy. When a SOC analyst asks Socrates to analyze the observables of a case — Socrates employs the Investigation Agent to correlate third-party threat intelligence and find the relevant event data.

And when a threat needs immediate containment, Socrates works through the Remediation Agent to trigger the appropriate hyperautomation workflow — whether that is using Crowdstrike to isolate an endpoint, Okta to reset a password, or Abnormal to remove a phishing attack from an end user inbox.

“Torq HyperSOC makes the potential of AI in a SOC attainable and sustainable by connecting AI with the SOC’s full range of tools and processes. With Torq HyperSOC, you can automate more than 95% of Tier-1 analyst tasks and significantly reduce the burden on existing SOC teams. Torq HyperSOC is a huge game-changer for enterprises.”

Francis Odum, Software Analyst, Cyber Research

Don’t Just Change the Game — Flip the Gameboard

In security, the odds are always stacked against the defender. The attacker has the element of surprise, access to the same AI and security tooling, and room to fail over and over and over again — biding their time until that one successful breach. 

To stay ahead, we need to empower SOC teams to act as quickly, accurately, and proactively as they possibly can. HyperSOC-2o gives teams that fighting chance — leveraging AI agents and Hyperautomation to reduce investigation times by up to 90%, increasing the SOC’s capacity to handle 3-5x more alerts with no added headcount, and remediating over 95% of security threats — completely autonomously. 

Dive deeper into IDC’s exploration of agentic AI as the next leap in the autonomous SOC.

The era of static playbooks and reactive security is over. A new generation of AI-driven security operations is emerging — one that combines cloud-native scale with intelligent, agentic automation to redefine how Security Operations Centers (SOCs) work. 

As CEO of Torq, I’ve had a front-row seat to this transformation. In speaking with countless CISOs and analysts, one theme rings loud and clear: We can’t fight modern threats with yesterday’s tools. SOC teams today are wilting under an onslaught of alerts and “busywork,” creating an existential crisis in security operations. It’s time for a bold leap forward.

Leading the Charge: Torq HyperSOC-2o and the Revrod Leap

Earlier this month, we took a decisive step into the future by launching Torq HyperSOC-2o, fresh on the heels of our acquisition of Revrod — a stealth-mode Israeli AI startup with advanced multi-agent AI expertise. This move isn’t just about adding features; it positions Torq at the forefront of the autonomous SOC revolution. 

Torq HyperSOC-2o is built around a comprehensive OmniAgent that can identify, prioritize, and remediate threats across the entire organization. By integrating Revrod’s cutting-edge multi-agent RAG (Retrieval-Augmented Generation) technology, we’ve supercharged our platform’s ability to do deep research, planning, and generative reasoning in the SOC. In plain terms: HyperSOC-2o can analyze threats and coordinate responses with near-human-level insight and precision at machine speed.

This isn’t hype — it’s happening now. Torq was recently named an “AI Startup to Watch” by Business Insider, recognizing the momentum and innovation behind our approach. With Revrod’s team now part of Torq, that momentum accelerates. 

“Torq is at least 18 months ahead of the pack in delivering true autonomy for security operations.”

I can confidently say Torq is at least 18 months ahead of the pack in delivering true autonomy for security operations. Revrod’s technology “fundamentally changes what’s possible in a SOC,” and by weaving it into HyperSOC-2o, we’re giving our customers the ability to operate faster and smarter than ever. In demos at RSA Conference, attendees will see firsthand that the autonomous SOC isn’t a distant vision — it’s here, and Torq is leading it.

Beyond Legacy SOAR: A Generational Leap in SOC Automation

To understand why this leap matters, consider the tools many SOCs have relied on until now: legacy SOAR platforms like Palo Alto’s Cortex XSOAR (Demisto), Splunk Phantom, or Siemplify. These systems were pioneering in their day, but they were built for a different era and a different scale. Traditional SOAR demanded extensive coding and constant maintenance to keep up with new threats and systems. 

In contrast, Torq HyperSOC is built on an agentic architecture where AI agents actively collaborate, reason, and take initiative across the full security stack. We’ve developed an OmniAgent that can orchestrate a team of specialized AI agents, each with its own focus area, dynamically working together like a human SOC team.

Compared to the rigid, one-track automations of legacy SOAR, Torq’s multi-agent brain represents a generational leap. It’s the difference between a scripted assistant and an autonomous colleague. It auto-calibrates its response playbooks and tools on the fly to mitigate threats faster and more accurately than any static playbook could.

Inside Torq HyperSOC-2o: AI Agents on the Front Lines

Rather than a monolithic black box, Torq HyperSOC-2o is an ensemble of intelligent agents working in concert — a “virtual SOC team” that never gets tired. Here’s a closer look at the AI agents powering HyperSOC-2o:

• Investigation Agent — Performs deep-dive investigations in seconds, uncovering hidden patterns across disparate data sources and tools to pinpoint root causes and assess threat impact.
• Case Management Agent — Gathers real-time and historical data, organizes case timelines, highlights key indicators, and reprioritizes incidents based on evolving information.
• Runbook Agent — Autonomously executes and adapts incident response runbooks with institution-specific knowledge built-in.
• Remediation Agent — Executes remediation actions autonomously, closing the loop with verifiable outcomes, operating in orchestrated or human-in-the-loop configurations.

Together, these agents function as an AI-powered SOC unit: ingesting alerts, investigating, collaborating, and remediating as a cohesive intelligence.

Real Results: Faster Responses, Greater Scale, Happier Analysts

Fortune 500 companies have already deployed Torq’s agentic SOC platform. In early deployments, organizations saw:

• Up to 90% reduction in investigation time.
• 3–5× increase in alert handling capacity with no added headcount.
• 95%+ of Tier-1 security tasks automated.
• Significant improvements in key SOC KPIs like MTTR (mean time to respond).

Security leaders can now shift from a reactive stance to a proactive strategy. They can spend more time on strategic initiatives because the AI agents have their backs on the front lines.

The Road Ahead: How AI Agents Will Redefine Cybersecurity Operations

The introduction of intelligent, collaborative AI agents into the SOC is not just an incremental improvement — it’s a tectonic shift. Security operations will never be the same.

Organizations will be able to achieve a level of security posture and responsiveness previously limited to only the most well-staffed enterprises — not by hiring armies of analysts, but by deploying intelligent agents that work like armies of analysts.

The autonomous SOC is here, and it’s here to stay.