Agentic Security Is the Architecture Decision

The defender math broke a few years ago. Not because the threats got worse. They did, but that has been true every year since the first SOC was stood up. The equation broke because the cost structure on the defense side stopped scaling with the threat. Enterprises added tools. The tools generated more telemetry. The telemetry required more analysts. The analysts hit a ceiling. The attackers did not.

A CISO told me something a while back that I've been thinking about since. He said his team reviews 500 high-priority alerts a day. Every one of them looks urgent. Every one of them looks like alert number 501 could be. Sometimes it is. You can't fix that by adding buckets to catch the overflow. You fix it by changing what generates the overflow.

The unit economics don't lie

The average enterprise security stack now runs north of 70 products. The cost of an analyst-hour has gone up: talent is harder to find, harder to retain, harder to replace. The volume of telemetry has gone up; every tool, every endpoint, every cloud workload generates more signal. And the number of products that need to be connected has gone up.

None of those three trends are going to reverse. Adding better AI, better threat intelligence, lower false positive rates, faster time-to-detect: all of that is still necessary but no longer sufficient. Those improvements buy back analyst-hours at the margin. They don't change the underlying ratio of one human shift against a continuous-operation adversary.

That ratio is the structural problem. It is also the problem the agentic layer solves.

For a long time, AI plus threat intelligence was where the real gain was. ThreatBook's ATI delivers 99.9% accuracy. TDP holds a false positive rate below 0.03%. Alert noise reduction exceeds 85%. Those numbers are real, and that work is not going away. But AI+TI is now table-stakes. Buyers expect it from us. The unit-economics improvement it delivered five years ago is now baked into the baseline. The next-order improvement is the agent that runs the queue while analysts focus on real incidents.

AI-native, not AI-tacked-on

Most vendors have joined the agentic hype by tacking AI capabilities onto legacy products. The AI sits inside a UI layer or alongside an existing rulebook engine. The product underneath is the same product they shipped five years ago. A chatbot got added in the next release. A copilot feature arrived in the one after that. The architecture did not change.

Flocks is built AI-native; Rex and the seven specialist agents were designed as agents from the architecture up, not retrofitted onto a product that shipped five years ago with a chatbot added in the next release. That distinction matters for a SOC operations platform. An agent making detection decisions or initiating remediation on production infrastructure needs to be readable before it touches anything.

When ThreatBook built Flocks, three architectural decisions reflected what a well-run security team actually needs.

Open-source. Every line of agent behavior is readable before it touches production.

Locally deployed. The agents run inside the customer's infrastructure. Data stays there. Not a policy commitment. An architecture commitment.

SOC-adjacent, not SOC-replacing. Flocks connects across the SIEM, SOAR, and EDR the customer already paid for. Rex, the Main Agent, coordinates seven specialist agents across more than 150 integrated tools. The existing investment is preserved. The agent makes it do more.

These three decisions are what AI-native architecture looks like for a SOC operations platform. The economics follow from them. An agent that runs continuously, learns from the customer's environment, and orchestrates across the stack changes the analyst-to-alert ratio. Not because it is cheap — because the marginal cost of running it is structurally lower than the marginal cost of the next hire who still hits the same ceiling.

That is the AI for Security arm of the Agentic Company. Flocks is the embodiment today.

The arm most boards haven't priced yet

In the last 24 months, most enterprises deployed AI agents. Every one of those deployments created a new estate that needs defending.

Agents acquire capabilities through skills: third-party packages, MCP servers, code modules that run with the agent's own privileges. Skills are the new supply chain. Skills are the new attack surface. The difference from software dependencies is that the pace of adoption is outrunning the pace of defense faster than it did the first time. SafeSkill has already identified more than 1,000 compromised packages in the ClawHavoc supply chain campaign. Monthly skill call growth is running at 40%. The math on the attack side is moving faster than the security response.

Who has visibility into the skills your agents are using? Who scans them before they execute in your environment? Who tracks the CVEs in your agent orchestration stack? If the vendor can't answer those, the risk is real and it is unpriced.

This is the second arm: Security for AI. SafeSkill anchors it with pre-import inspection, marketplace filtering, download scanning, and inventory remediation. ATI extends it to the CVE layer, where AI-related vulnerabilities in model-serving frameworks, vector databases, and agent orchestration libraries are now among the fastest-growing subsets of the 400,000+ vulnerabilities tracked since 2015.

And that's before you count the agents nobody told the security team about. Most enterprises have no inventory of the shadow instances like OpenClaw and similar tools spun up by individual teams without IT review, deployed on local servers and office endpoints with credentials nobody is watching. TDP continuously monitors network traffic to discover and map every agent deployment across the infrastructure, hosts and open ports included. It also identifies the internal devices reaching out to external agent services. The policy violations surface only when you're watching the traffic, not the tickets.

What the board should be pricing in is the cost of the next class of incident. The companies that built defense-in-depth for the software supply chain early avoided the worst of the cascading incident costs. The companies that didn't paid for it in incident-response retainers, regulatory exposure, and customer-trust events that cost more than the original defense would have. AI agent skills are the next dependency layer.

The architecture decision

Most buyers treat the agentic layer as a product decision. They evaluate it the way they evaluate any point solution: features, integrations, price per seat. They pick the agent with the best dashboard and move on.

That is not the right frame. The agentic layer is an architecture decision. It is the layer that sits between the intelligence engine and the analyst, that runs continuously when the analyst is not in the queue, that determines whether the 70-product stack actually functions as a coordinated defense or as 70 independent signals with no orchestration. Buyers who treat it as a product purchase get a feature. Buyers who treat it as an architecture decision get a layer that compounds. One that learns from their environment, extends to the new estate as it grows, and holds across both the agents defending the enterprise and the defenses protecting the AI estate itself.

The vendors that get there are the ones that built AI-native from the architecture up, not the ones that bolted "agentic" onto a cloud product as a release note. The seam between a vendor that ships only one arm and another that ships only the other is where the next incident lives.

ThreatBook ships both arms. ATI is recognised in the Gartner Market Guide for Security Threat Intelligence Products and Services for four consecutive years. TDP was selected in the first-ever Gartner Magic Quadrant for Network Detection and Response. The intelligence engine does not change. It extends.

Whatever new architecture gets named next year, the work is the same: reduce the alert the analyst wastes a day on, detect the threat before it moves, secure the estate the enterprise already depends on. The agents that act on the intelligence are how that work gets done at the scale of the actual estate. That is the basic problem. We are trying to solve it.