Introducing CyberProof’s Agentic AI-Framework for the Next Generation SOC

Contributors: Edy Almer, Product Manager and Jonathan Maresky, Head of Product Marketing

Introduction: The Rising Need for Agentic Security

In today’s Security Operations Centers (SOCs), the volume, velocity, and variability of data have reached a tipping point. Security teams are inundated with alerts, struggling to prioritize the signals that matter, and contending with increasingly complex threats that evolve faster than humans alone can respond. Even the most mature organizations are finding that conventional automation (while helpful) can only go so far. Deterministic playbooks, fixed rules, and rigid workflows cannot keep pace with dynamic threat adversaries, especially those that are also using AI capabilities.

At the same time, generative AI has sparked a revolution in how we approach knowledge work. In cybersecurity, we have now entered a new phase—one where intelligent agents can mimic (and sometimes improve) the investigative and analytical processes of human experts, but at machine speed and scale. This is the promise of agentic AI: an architecture in which autonomous, collaborative AI agents work alongside human analysts to deliver faster, deeper, and more consistent security outcomes.

At CyberProof, we see this evolution not as a distant future, but as a present imperative. Over the past year, we’ve been actively building and operationalizing a team of custom-built AI Agents and integrating with the leading hyperscaler ecosystems. As a follow-up to our recent announcement, in this blog post we’ll share what that looks like today, how it benefits our clients, and where we’re headed next.

What We’re Announcing: CyberProof’s Agentic AI Framework

CyberProof is proud to announce the launch of its Agentic AI Framework, a foundational advancement that brings intelligent, autonomous agents into production across our core security operations services. This marks a significant milestone in the evolution of our Threat-led Defense strategy, representing a shift from basic automation to scalable, context-aware Agentic Security.

Unlike traditional automation, which relies on static rules and linear workflows, CyberProof’s Agentic AI Framework enables a dynamic system of interconnected AI agents, each designed to mirror the behavior and reasoning of a domain expert. These agents analyze data, collaborate across workflows, and take action in real time, with human oversight (Human-in-the-Loop) built in at key decision points.

Our first production agents are already operational, including agents for:

• Threat Intelligence Profiling – continuously scanning for relevant threat campaigns and linking findings to specific client environments.
• Threat Hunting – automating the generation and execution of proactive hypotheses across multiple data sources.
• Detection Engineering – accelerating the creation, testing, and deployment of new detection rules based on real-time threat actor behavior.
• Automation & Orchestration – enabling rapid, orchestrated response actions and contextual enrichment at scale.
• Documentation & Reporting – generating structured, transparent documentation for every agent-driven decision, ensuring full auditability.
• Estate Management Discovery – continuously identifying, classifying, and inventorying known and unknown assets across your environment to close visibility gaps and improve defensive coverage.

These agents are deployed and orchestrated within leading cloud-native frameworks (Microsoft and Google) and are designed to integrate seamlessly with your existing environment. Our goal is not to replace the platforms our clients rely on, but to complement and extend them through intelligent, federated automation.

At this stage, the Agentic AI Framework operates primarily within CyberProof’s own SOC environment, powering our managed services for the benefit of our clients. However, this announcement also signals the beginning of a broader rollout strategy that includes customer-facing interfaces, support for client-developed agents, and even co-development of bespoke agents tailored to your business needs.

This is not a product in isolation. It’s an evolution of our core service model, Agentic MDR, in which AI and human analysts collaborate to deliver faster, deeper, and more consistent security outcomes.

How It Works: Inside CyberProof’s Agentic AI Architecture

CyberProof’s Agentic AI Framework is built around a collaborative network of intelligent agents, each designed to perform specific roles across the security operations lifecycle. These agents don’t just automate repetitive tasks. They reason, adapt, and coordinate like expert analysts, bringing both speed and context to complex processes.

Here’s a closer look at how these agents work together:

1. XProfiler: Threat Profiler Agent
   This agent harmonizes threat intelligence from various threat intelligence sources and feeds, creating structured threat actor profiles tailored to the customer’s industry, geography, and technology stack. Using advanced entity extraction and correlation, it identifies relevant TTPs, IOCs, and campaigns, then delivers actionable insights directly to SOC teams, dashboards, and GenAI surfaces.
   Why it matters: It replaces hours of manual research with dynamic, contextual threat profiles—driving more targeted detection and faster response.
2. ThreatX: Threat Hunting Agent
   Working from the Threat Profiler’s output, the Threat Hunting Agent aggregates and optimizes detection rules from multiple sources, correlates data across systems (EDR, email, identity, firewall, etc.), and converts them into actionable queries for relevant platforms. It enables customized threat hunts and reduces false positives through intelligent fine-tuning.
   Why it matters: It empowers analysts to launch deeper, more effective threat hunts in minutes, not hours.
3. GapGuard: MITRE Mapping Agent
   This agent validates and enriches MITRE ATT&CK mappings for existing and new detection rules. It suggests improvements, identifies gaps, and ensures full alignment between the threat landscape and your detection logic.
   Why it matters: It improves detection fidelity and coverage while standardizing your threat defense posture.
4. CyberForge: Solution Design Agent
   Given a list of existing security controls, this agent generates High-Level Architecture Designs for onboarding those tools into a SIEM or new destination platform. It ensures comprehensive visibility and alignment with SOC workflows during platform migrations or expansions.
   Why it matters: It accelerates onboarding and optimizes architectural decisions, especially in multi-platform environments.
5. ReMEDRion: MEDR Health Agent
   This agent automates weekly health checks across multiple EDR platforms, such as CrowdStrike and Microsoft Defender. It assesses sensor coverage, policy status, and detection gaps, delivering structured reports that help teams maintain readiness and compliance.
   Why it matters: It keeps your EDR layer healthy and your visibility complete, without adding to your team’s workload.
6. Spectra: Estate Management Discovery Agent
   This agent continuously scans and catalogs your enterprise estate to uncover unknown, unmanaged, or suspicious assets — whether on‑premises, cloud, SaaS or hybrid. It identifies asset owners, tags and classifies assets, updates inventory in real time, and prioritises these assets for exposure assessment and protection via relevant defence controls.
   Why it matters: Untracked assets are often the blind spots that adversaries exploit. By continuously discovering and managing your asset estate, Spectra eliminates visibility gaps, reduces unmanaged risk, and ensures your detection and response agents operate on a complete, up‑to‑date asset foundation.

Together, these agents form the foundation of a highly adaptive, human-in-the-loop system. Analysts oversee the agents’ decisions, provide feedback, and tune behavior, while the agents handle high-volume, time-consuming work. Over time, this model will evolve toward human oversight, where agents manage core detection and response tasks autonomously, and humans step in only when needed.

CyberProof’s architecture is federated, open, and extensible, designed to integrate hyperscaler agents (like Microsoft Security Copilot), partner technologies (like Simbian.ai or Tencyle), and even client-developed agents through standard APIs. Whether you’re using our MDR services or building your own, we provide the framework and operational model to enable and optimize your agentic security.

Agent Spotlight: Threat Profiler Deep Dive

To illustrate how CyberProof’s Agentic AI Framework works in practice, let’s take a deeper look at one of our most impactful agents: the Threat Profiler Agent.

In large enterprise environments, connecting the dots between global threat intelligence and specific organizational risk is a slow, manual, and error-prone process. The Threat Profiler Agent automates and accelerates this by generating contextualized threat actor profiles, tailored to the customer’s industry, geography, and technology stack.

At a high level, the agent performs five critical functions:

1. Context Setup – Using key client parameters (e.g., industry, location, asset types, technology stack), the agent defines a focused scope for intelligence correlation.
2. Threat Intelligence Enrichment – Ingests structured and unstructured data from sources like Microsoft Defender Threat Intelligence, Google Threat Intelligence, CTI feeds, and industry reports. Natural language processing and AI-powered entity extraction harmonize this input into structured data objects.
3. Data Correlation & Analysis – Aligns TTPs, IOCs, IOAs, and attribution data with the client’s profile. Uses graph analytics to match threats to likely attack surfaces and business impact.
4. Profile Generation – Produces a detailed threat actor profile using the diamond model—mapping adversary, capability, infrastructure, and victim attributes. Outputs include CVEs, malware, tooling, and a consolidated MITRE matrix.
5. Enablement & Response – Feeds directly into other agents and SOC tools, automating threat hunting queries, driving rule creation in Use Case Management, and informing mitigation efforts in Vulnerability Management.

^{Fig. 1: Threat Profiler architecture in an Azure environment}

As visualized in the architecture diagram (in this example, in an Azure environment), the Threat Profiler integrates deeply with the client’s ecosystem, which in this example includes Defender Threat Intelligence, Sentinel, and Security Copilot. It delivers results across Teams, dashboards, and other operational surfaces—ensuring SOC teams and CISOs get real-time, actionable insights.

What makes this agent powerful isn’t just its speed, but its specificity. It bridges the gap between global CTI and individual risk posture, helping enterprises move from reactive alerting to proactive threat anticipation. It’s one of the clearest examples of how agentic AI can augment human decision-making and drive measurable security outcomes.

The Value to Enterprise Clients

For enterprise security leaders, especially in complex, regulated industries like financial services, healthcare, and retail, the pressure to reduce risk, respond faster, and scale operations is higher than ever. CyberProof’s Agentic AI Framework is purpose-built to meet these demands by delivering tangible improvements across operational efficiency, threat coverage, and security posture. Here’s how it provides value:

1. Faster Detection, Investigation, and Response

By automating key tasks like threat profiling, rule development, and hunting query generation, CyberProof agents dramatically reduce mean time to detect (MTTD) and mean time to respond (MTTR). Early production-level deployments show:

• Up to 84% faster detection of relevant threats
• Reduction in triage bottlenecks and manual investigation cycles
• Real-time delivery of detection rules and response actions

Outcome: Security teams stay ahead of threats—without adding headcount.

2. Greater Consistency and Fewer Errors

Agentic AI ensures structured, repeatable execution of high-value tasks. Detection rules are mapped to MITRE standards, threat actor profiles are automatically enriched, and documentation is consistently generated.

• 91% reduction in human error across detection and triage processes
• Standardization across multi-regional or multi-tenant environments
• Consistent audit trails and explainability for compliance and oversight

Outcome: High-fidelity security operations that are resilient, auditable, and enterprise-grade.

3. Proactive Defense, Tailored to Your Threat Landscape

With agents continuously updating your threat profiles, aligning them with your industry, geography, and tech stack, detection rules stay relevant and focused on the real risks to your business.

• Dynamic prioritization of CVEs, attack paths, and threat actor activity
• Alignment with business-critical assets and controls
• Real-time campaign awareness and auto-hunting

Outcome: A proactive, intelligence-led defense posture—not just reactive security.

4. Scalable Co-Managed Operations

Whether you’re running your own stack or leveraging CyberProof’s MDR and CTEM services, the Agentic AI Framework is designed to augment your team, not replace it. You can:

• Use our agents within our SOC
• Implement our recommended and tested 3^rd-party agents
• Co-develop agents for specific use cases
• Integrate your own agents into our orchestration framework

Outcome: Flexibility to scale expertise and automation, with control and transparency.

5. Future-Proof Your SOC Strategy

Agentic AI is not just a performance booster, it’s a strategic enabler for the modern SOC. By adopting agentic models today, enterprise teams position themselves to:

• Evolve toward agent oversight operating models
• Tap into partner and hyperscaler agent ecosystems
• Transition from reactive playbooks to adaptive, learning systems

Outcome: A future-ready SOC that continuously improves and scales with your business.

The Vision: Where CyberProof is Headed

The launch of our Agentic AI Framework is more than a technology milestone—it’s the foundation of a long-term strategic transformation in how security operations are designed, delivered, and optimized for enterprise clients.

At CyberProof, we believe the SOC of the future is not just cloud-native or AI-assisted—it is agentic by design. That means continuously learning, fully integrated, and intelligently orchestrated across the entire threat lifecycle.

Here’s what we’re building toward:

From Human-in-the-Loop to Human Oversight

Today, our agents operate with human analysts embedded in the decision loop (i.e. HITL), ensuring safety, trust, and oversight. But the architecture is already designed for what comes next: a shift to human oversight.

In this model, agents handle most detection, triage, and documentation autonomously, while human experts focus on exceptions, strategic decisions, and system optimization. This evolution reflects how mature teams scale expertise: delegating routine and repetitive tasks to digital counterparts that never fatigue.

An Agentic SDLC for Security Operations

Just as software development relies on a lifecycle of continuous integration and deployment, our vision includes a SDLC built around agentic principles. This includes:

• Agent Lifecycle Management – From training to validation to production deployment
• Performance Benchmarking – Ongoing evaluation of agent accuracy, latency, and impact
• Feedback Loops – Continuous learning from human input and environment changes
• Federated Intelligence Sharing – Learnings from one client environment enhancing others (with strict data governance)

The result is a self-optimizing SecOps engine that gets smarter and faster the longer you use it.

A Federated Ecosystem of Innovation

We don’t believe in monolithic AI platforms. Instead, CyberProof is building a federated agentic ecosystem, where our own agents, hyperscaler-native agents, and third-party innovations can all operate together securely and coherently.

We’re already partnering with clients to co-develop custom agents, tailored to specific security needs, compliance requirements, or vertical challenges, without requiring in-house AI teams. And with standardized APIs, enterprise clients can even plug in their own agents to work alongside ours.

Agentic MDR and Beyond

Agentic AI is already redefining our MDR and SecOps service model. But it’s only the beginning.

Our future roadmap includes agent-powered transformation services, where we help clients:

• Assess and optimize SOC workflows using telemetry and agent output
• Measure the maturity and efficiency of detection pipelines
• Deploy tailored agentic blueprints aligned with business and risk priorities

In time, CyberProof will offer a full Agentic Lifecycle Service: guiding enterprises through the design, development, and operationalization of their own agentic security strategies.

Conclusion and Next Steps

CyberProof’s Agentic AI Framework represents a new chapter in enterprise security operations, one where autonomous agents and human analysts work in tandem to outpace threats, reduce operational friction, and scale expertise across global environments.

We’re not just automating tasks, we’re transforming the security lifecycle. From real-time threat profiling and automated hunting to detection engineering and architectural design, our agents are already improving speed, consistency, and clarity in the SOC. And this is just the beginning.

As enterprise CISOs and SOC leaders look to modernize their defenses and scale without compromise, Agentic Security provides a powerful path forward. Whether you’re migrating to a cloud-native stack, looking to reduce noise and manual overhead, or planning for the future of AI in cybersecurity, CyberProof is ready to partner with you.

Here’s how you can explore CyberProof’s Agentic AI capabilities today:

• See it in action – Join us at the Microsoft Ignite for a live demo and Q&A with our SMEs.
• Attend our launch webinar – Hear Doron Davidson, CyberProof’s Managing Director of Security Operations, explain our vision. Bring your questions!
• Request your organization’s threat profile, as created by the Threat Profiler agent.
• Talk to our experts – Book a strategy session to evaluate how agentic workflows can enhance your SOC.
• Co-develop an agent – Do you have a specific need? Let’s build a custom agent together—no AI team required.
• Read more – Visit the CyberProof website for deeper technical insights and service details.

Agentic AI is here. Let’s build the next generation of security—together.