MSSP, Managed Security Services, Endpoint/Device Security, AI benefits/risks, Generative AI, Application security, Attack surface management, Cloud Security, Data Security, Incident Response, Network Security, SIEM, SOC, Threat Management, MDR, Threat Hunting

Crogl Offers Free AI SOC Tool as MSSPs Face Rising Alert Pressure

AI agents are now being increasingly called into 'action' to enable defenders to move at the same machine speed as the AI-wielding threat actors.

“Cybersecurity is undergoing a fundamental transformation,” Cynet researchers wrote last month. “For decades, security teams relied on static rules, human analysts, and reactive tooling to defend their organizations. Today, AI agents, autonomous systems capable of reasoning, planning, and acting across complex environments, are rewriting the rules of both attack and defense.”

They pointed to a Google study that found that 52% of executives with organizations that use generative AI already have agents in production, with security operations named as a key use case. In addition, 46% of executives at enterprises that deploy agents have adopted them for security operations and cybersecurity.

A survey late last year by global consultancy McKinsey and Co. found that 35% of executives buying cybersecurity solutions expect AI agents to replace their tier-one security operations center (SOC) analysts within three years, and that almost half say AI will be embedded across their security stack in the same period.

Crogl Takes the Freemium Route

The trend has given rise to established and new vendors that are infusing security offerings with agents. Startup Crogl is one of them, with an AI-powered autonomous investigation platform for enterprise SOCs that automates the triage, investigation, and documentation of security alerts. Crogl, armed with $30 million in funding, released the platform and its knowledge engine last year.

Now the company is offering a free version of the platform to organizations and MSSPs that is designed for quick deployment. Crogl announced the beginning of the private preview this week, with general availability coming soon. It gives smaller firms access to the same platform capabilities that larger organizations use, according to Crogl co-founder and CEO Monzy Merza.

“The key point is access to the same system, regardless of size,” Merza told MSSP Alert. “Hundreds of smaller MDR (managed detection and response) and MSSP providers globally can’t afford enterprise tooling. Now they can download the same product that gets deployed in the Department of Defense and Fortune 100 banks – for free, no hoops.”

He added that “the practical outcome is straightforward: fewer uninvestigated alerts, faster context-building, and less manual stitching together of signals across fragmented systems.”

Same Problems, Multiplied

Merza noted that AI is now the common denominator for all organizations, and MSSPs are dealing with the same SOC pressures as enterprises, but those pressures are multiplied across myriad environments that rarely match each other. There are different tools, telemetry quality, and visibility. MSSPs don’t have a single baseline to work from.

“AI-driven threats then increase both volume and ambiguity,” said the CEO, whose background includes time with Databricks and Splunk as well as the federal government at Sandia National Laboratory. “You don’t just get more alerts, you get more alerts that look real. That pushes the bottleneck away from detection and into investigation. And the data point that matters is simple: most teams only investigate a fraction of the alerts they receive. So in an MSSP context, what gets missed isn’t theoretical, it’s operational. Signals exist, but they don't get fully worked.”

Response time for MSSPs is collapsing, but not only because of the speed that AI brings to the scene. For security service providers, it’s also collapsing because the investigation capacity doesn’t scale across such fragmented environments, he said.

The Platform

Crogl’s platform includes a knowledge graph that continuously maps a company’s environment, from users and assets to behaviors, relationships, and access patterns. There’s also an orchestration layer that autonomously plans and executes the investigation workflow, large language models (LLMs) that mull evidence, generate findings, and documents, and a tool integration layer that addresses the existing security stack.

A skills library includes threat-hunting capabilities that search for indications of compromises and adversarial behavior, conduct complete investigations of all alerts, and generate investigation reports and analyses of an incident’s impact.

It works on premises, in a private cloud – including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform – or in air-gapped networks, and can be used with LLMs from OpenAI and Anthropic or with self-hosted OSS models.

Designed for Rapid Deployment

Organizations and MSSPs will have access to a free version of Crogl’s platform, which the company says is a fully functional deployment of the platform for a single user. It’s designed to be deployed rapidly – from installation to investigation in minutes – by a company dealing with an active incident, newly disclosed vulnerabilities, or internal investigations.

The enterprise edition comes with everything in the free version, as well as multi-user collaboration, single sign-on, role-based access control, onboarding services, and advanced model management.

“In an incident scenario, you don’t want to be slowed down by procurement cycles,” Merza said. “You don’t want coordination overhead. You don’t want to have to disclose more than you need to just to start working on the problem. You can download an AI with enterprise-grade capability and deploy it immediately.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds