MSSP, SOC, AI/ML, Managed Security Services

LimaCharlie Targets MSSP Scale With an Agentic SecOps Workspace

LimaCharlie has expanded its platform with the Agentic SecOps Workspace, a move that reflects where many security teams now find themselves with AI. AI is everywhere in the SOC, but in most cases, it stops at summaries, recommendations, and guided workflows. The hard work still falls on human analysts, and scale still depends on adding people.

The company’s position with the Agentic SecOps Workspace is that AI should no longer sit outside operations. It should be able to act inside them.

From AI assistants to AI operators

Charlton Swearingen, CMO at LimaCharlie, draws a clear line between assistance and execution. He told MSSP Alert, “Most vendors have bolted AI onto their existing platforms and created really capable assistants. They parse logs, summarize alerts, and suggest next steps. But at the end of the day, a human analyst is still the one clicking buttons and executing actions.”

That distinction shapes how the Agentic SecOps Workspace is built. Instead of wrapping AI around existing interfaces, LimaCharlie exposes its operational layer directly. “The Agentic SecOps Workspace gives AI agents the same capabilities as security engineers,” Swearingen said. “Our API covers 100% of platform functions, so an AI agent can actually perceive telemetry, write detection rules, trigger response actions, execute remediation, run reports, and onboard clients. It operates, it doesn’t just advise.”

Why architecture determines what AI can actually do

The difference is not cosmetic. It is architectural. “We built complete API coverage first, then exposed it to AI,” Swearingen explained. “Most competitors built human-centric interfaces and tried to retrofit AI access later. Their agents end up with fragmented context and limited control because the underlying system was never designed for autonomous operation.”

That design choice determines whether AI can participate meaningfully in security work or remain confined to side panels and chat windows. If the platform itself cannot be fully controlled programmatically, AI will always be constrained, regardless of how advanced the model is.

A different take on the AI business model

There is also a commercial angle. Many AI SOC platforms bundle AI tightly into their licensing and charge a premium for access. LimaCharlie has taken the opposite path. “AI SOC vendors charge you for AI capabilities locked inside their platform,” Swearingen said. “We took the opposite approach: bring Claude Code and connect it directly through our MCP server. You control the AI relationship, avoid the vendor markup, and work with tooling your team probably already uses.”

For security teams already experimenting with models and developer tooling, this removes friction rather than adding another proprietary layer.

MSSPs will feel the impact

For MSSPs, the value is not theoretical. It shows up in areas that quietly consume the most time and margin. “Three categories eat up the most analyst time: onboarding new clients, managing detection rules across tenants, and all the repetitive cross-tenant operations work,” Swearingen said. “That’s where service providers will see immediate impact.”

Onboarding is a clear example. “An AI agent can walk through the entire tenant setup conversationally,” he said. “Someone says, ‘I need to ingest Azure and Okta,’ and it becomes a guided deployment rather than digging through documentation yourself.” When combined with templated configurations, that approach allows MSSPs to spin up standardized tenants quickly and push changes across hundreds of environments using infrastructure as code.

Detection engineering follows the same pattern. “Writing search queries and detection and response rules becomes a natural language conversation,” Swearingen explained. “A prompt like ‘find PowerShell execution with encoded commands in the last 24 hours’ turns into a properly formatted query. The agent tests it and deploys it across whatever tenants you specify.”

Cross-tenant operations are often the biggest drag. “MSSPs managing 50-plus tenants spend enormous time on repetitive configuration tasks,” he said. “With prompts propagated through infrastructure as code, an agent can apply security policies, update rulesets, and manage integrations across thousands of organizations at once.”

Scaling without losing control

As AI takes on more responsibility, control becomes the central concern. Swearingen does not downplay that tension. “This is the question everyone should be asking. How are folks okay with black-box security?”

LimaCharlie’s approach is to treat AI exactly like a human operator from a governance standpoint. “Every AI action in LimaCharlie is visible, controlled, and auditable,” he said. “The same permission model governing human analysts applies to AI agents. There’s no separate trust model for AI.”

He points to three practical safeguards. “First, fine-grained API permissions. When you create credentials for an AI agent, you specify exactly what it can read, write, and execute. You can grant investigation access without remediation authority, or scope an agent to specific tenants only.”

“Second, full audit trails,” Swearingen added. “Platform logs capture every action taken by AI agents. You can write detection rules on those logs to alert when an agent does something unauthorized or behaves unexpectedly.”

“Third, secrets management. Sensitive credentials stay segregated from agents unless you explicitly grant access.”

The broader shift in SecOps

The philosophy behind the Agentic SecOps Workspace is direct. “We make AI an observable and accountable operator,” Swearingen said. “Trust comes from transparency into what agents are actually doing, enforced through the same permission model you already use for human operators.”

For SOCs and MSSPs under constant pressure to do more without linear growth in staff, this release highlights a broader shift. AI in security is moving beyond advice and into execution. The real differentiator is no longer whether AI is present, but how deeply it is embedded in operations, and how clearly teams can see and control its actions.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds