SOC, Threat Intelligence

SOCRadar Rolls Out Agentic Threat Intelligence to Turn AI Insights into Action

Brain "AI" inside the chip logo representing ai tech.

SOCRadar used the stage at Black Hat 2025 to debut its Agentic Threat Intelligence platform, a system built to move cyber threat intelligence from static alerts to automated, AI-driven action. Instead of simply flagging potential risks, the platform deploys autonomous agents that detect, analyze, and respond to external threats, cutting manual workload while keeping analysts in control of final decisions.

Automation That Keeps Analysts in the Loop

Huzeyfe Onal, CEO of SOCRadar, told MSSP Alert that the goal is to maintain speed without sacrificing accuracy.

"The beauty of working with multi-model LLMs is not putting all your trust in one,” he explained. “We often use one model to generate, and another to validate. That’s how we keep both speed and sanity in check. Every agent output is run through a custom checklist - often created by senior analysts - and must pass at least 90% of the criteria before it even reaches human review.

“Before, phishing detection could take an hour: jumping between tools, pasting screenshots, checking WHOIS, and doing manual analysis. Now, the entire pipeline finishes in five minutes. The analyst still makes the call, but with better data, less grunt work, and a clear audit trail. We didn’t replace the analyst. We just gave them five extra hours a day.”

The platform’s modular architecture allows organizations to deploy only the agents they need, with the flexibility to customize their functions. Its built-in AI marketplace supports SOCRadar-built, third-party, and customer-developed agents - all running on the MCP framework for compatibility, modularity, and auditability. Onal said that layered governance is key: “Hallucinations aren’t rare; they’re predictable flaws. That’s why we define three tiers - Free agents for basic tasks, Pro agents managed entirely by the customer, and Master agents that are SOCRadar-certified, monitored, and backed by strict runtime controls.”

Built for MSSPs to Scale Without Adding Headcount

The platform is also designed with MSSPs in mind, helping them expand services without growing analyst teams. “MSSPs are under constant pressure: more clients, more alerts, same headcount,” Onal said. “Scaling with people alone doesn’t work. We built our agentic platform to scale with logic, not labor.

“With multi-tenant orchestration, MSSPs can assign agents to specific clients, SLAs, or use cases — whether that’s monitoring CVEs, generating branded monthly reports, correlating dark web findings with client IOCs, or flagging phishing domains across all tenants. It all runs without human context-switching or duplicate work. Analysts supervise, not execute. That’s the shift.”

Alongside the launch, SOCRadar is rolling out its first agentic workflow - Impersonating Domain Detection - for Extended Threat Intelligence customers. The feature uses both text and image analysis to identify sophisticated impersonation attempts, reduces false positives through fine-tuning, and gives customers full control over detection parameters.

This release builds on SOCRadar’s earlier agentic AI initiatives, including its MCP Server for threat intelligence and global AI-for-cybersecurity training programs. With Agentic Threat Intelligence, the company is betting on AI agents not just as a source of insight, but as a way to turn intelligence into real-time action at scale.

Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds