MSSP, SOC, AI/ML, Security Operations, Data Security, Identity, Endpoint/Device Security

AI SOCs Need More Than Automation. Torq Is Betting on Context

A bigger shift is happening in AI-driven security operations - automation tools are now not just alert handling, they are also carrying out context-aware investigation, prioritization, and response.

Torq has acquired Jit, a cybersecurity startup focused on AI context graph technology, as the company looks to make its AI SOC platform more useful for enterprise security teams that need better context before automating investigations and response. The deal focuses on a common SOC problem: security alerts often do not include enough context. Analysts may know that something happened, but not how serious it is, which systems are affected, or what business risk it creates. Torq says Jit’s technology will help its platform connect that information. That includes users, devices, identities, access rights, sensitive data and business priorities. The goal is to help SOC teams and AI tools make better decisions faster.

A Strategic Acquisition for Torq

Torq already had an AI SOC platform and automation layer before the acquisition. The Jit deal is designed to add more context to how those automated investigations and response actions are executed.

Ofer Smadari, CEO of Torq, told MSSP Alert that Jit brought a layer of intelligence that Torq viewed as necessary for the next stage of autonomous security operations.

“Torq already had the agentic AI execution layer and the operational scale to automate investigations and response across some of the largest enterprise SOCs in the world,” Smadari said. “What Jit added was the missing intelligence layer required to evolve from workflow automation into true organization-aware autonomous security operations.”

Many security automation tools can execute tasks, but the harder problem is deciding which task should happen, why it should happen and whether the action makes sense in the specific business environment.

“Most AI SOC platforms today can automate tasks, but they still reason from fragmented alerts and static relationships,” Smadari said. “Jit’s AI Context Graph continuously models the live state of the enterprise - identities, privileges, sensitive data, operational dependencies, business priorities and procedural patterns - and feeds that contextual understanding directly into every decision the platform makes.”

For SOC teams, that could mean fewer decisions made from narrow alert data and more decisions based on how a threat may affect a specific user, asset, business process or dataset.

From Alert Handling to Context-Aware Response

SOC teams often have the data they need, but that data is spread across endpoint tools, identity systems, cloud platforms, SIEMs, ticketing systems, vulnerability scanners, and business applications. Analysts spend significant time correlating signals before they can decide what matters.

Torq argues that Jit’s context graph can reduce that manual work by giving the AI SOC platform a live understanding of the environment. That includes not only technical relationships, but also patterns based on how security operations are conducted inside the organization.

Smadari said the acquisition was not just about adding more back-end data infrastructure.

“This fundamentally changes the SOC experience itself, not just the underlying infrastructure,” he said. “The contextual intelligence layer becomes deeply integrated into how investigations are surfaced, prioritized, and executed.”

That has practical implications for security teams. Instead of receiving disconnected alerts or generic severity scores, analysts could see investigations enriched with information about the user involved, the systems affected, the sensitivity of exposed data, the business functions at risk, and how similar incidents have been handled before.

“That dramatically improves prioritization because the platform can distinguish between technical noise and meaningful operational risk,” Smadari said. “It also reduces the amount of manual correlation that analysts are forced to do today across dozens of tools and fragmented data sources.”

This is especially relevant for MSSPs. Managed security providers are often responsible for monitoring multiple customer environments, each with different identity structures, data sensitivity, compliance needs, and risk tolerance. Context-aware prioritization could help providers separate routine noise from issues that create real business exposure for a specific client.

What It Could Mean for Autonomous Security Actions

The big question for Torq is whether this added context will make teams more comfortable with automated responses. Security leaders are still careful about giving AI too much control. One wrong action could disrupt the business, lock out the wrong user, or shut down the wrong system. Better context can lower that risk. But SOC teams and MSSPs still need clear rules. They must decide what AI can do on its own, what needs human approval, and what should stay fully in the hands of analysts.

Smadari said the goal is to make autonomous actions more reliable by grounding them in a live organizational context rather than isolated telemetry.

“Most importantly, it allows the platform to execute autonomous actions with far greater confidence because decisions are grounded in a continuously updated organizational context rather than isolated telemetry,” he said. “The SOC experience becomes far more operationally intelligent, precise and outcome-driven.”

Torq is not treating Jit as just another source of security data. It sees Jit as technology that can help the platform decide what an alert means, how serious it is and what action should happen next. For MSSPs, this could make it easier to deliver more consistent security services across different customers. For enterprise SOCs, it could help analysts spend less time connecting data from different tools and more time making important decisions. But customers will need to trust the system. They will want to know why the platform made a decision and whether that decision matches the real business risk.

AI SOC Market Moves Into a New Phase

The Jit acquisition also says something about where the AI SOC market is heading. Vendors are competing to move beyond basic workflow automation and toward systems that can investigate, explain, justify and execute actions with less manual review.

Smadari said he sees the market entering a new stage. “I believe the industry is entering the next major phase of AI-driven security operations,” he said. “The first wave was focused on automation - moving repetitive workflows and orchestration tasks away from analysts. But automation alone is no longer enough because speed without understanding can actually create new operational risk.”

That is an important point for security leaders evaluating AI SOC tools. Faster response is useful only if the response is appropriate. A platform that acts quickly on incomplete information can create new problems for the business. A platform that can explain its reasoning and show the context behind its action is more likely to gain trust.

“The future of the AI SOC is contextual reasoning,” Smadari said. “Security platforms need to understand the organization itself, including its operational priorities, identities, dependencies, risk exposure, and business impact, in order to make trustworthy decisions autonomously.”

SIEM, SOAR, XDR, and MDR platforms have all moved toward more automation, but many still depend on analysts to connect technical signals to business risk. The next phase of competition will likely center on how well platforms understand the customer environment and how clearly they can justify recommended or automated action.

Why MSSPs Should Watch the Deal

For MSSPs, the Torq-Jit deal is also pointing to a service delivery shift. Providers are under pressure to scale detection and response without adding analysts at the same pace as customer growth. AI-driven investigation and automation can help, but only if those systems account for customer-specific context.

A context graph could help MSSPs build more tailored response workflows across different customer environments. It could also help reduce false urgency by distinguishing between low-risk technical events and incidents that affect high-value users, sensitive systems, or regulated data.

However, the challenge is data quality. A context-aware SOC platform is only as good as the identity, asset, privilege, business, and operational data feeding it. MSSPs will need strong onboarding, integration, and governance processes to make that context useful. Customers will also need to understand how much autonomy they are willing to grant and where human review remains required.

Smadari said explainability will be central to adoption.

“Over the next several years, we’ll see AI SOC platforms evolve into intelligent operational systems that can investigate, prioritize, justify, and execute actions dynamically with far less human intervention,” he said. “But the critical differentiator will be explainability and trust. Organizations will adopt autonomous systems only if those systems can demonstrate why decisions are being made and prove that those actions are grounded in an accurate organizational context.”

That is how the deal fits into Torq’s AI SOC strategy. Torq is betting that security teams will need more than fast automation. They will need automation that understands the business and can explain its decisions. The deal does not answer how much control SOC teams should give AI. But it does show where the market is going.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds