ThreatBook is now the Agentic Security Company. That sentence will probably get reduced in some headline somewhere to "ThreatBook rebrands." The reason behind it is the part worth your three minutes.
The company is now structured around two arms of an agentic layer: AI for Security AND Security for AI. Both built on the threat intelligence engine we've been compounding since 2015. The rest of this explains why that structure, and why now.
For the last decade, AI plus threat intelligence was the differentiator for ThreatBook; it's the edge that earned four consecutive years in the Gartner Market Guide for Security Threat Intelligence and a spot in the first-ever Gartner Magic Quadrant for NDR.
Machine learning got you to detection. Threat intelligence got you to accuracy. Fused together, the detection stopped crying wolf. TDP®'s false positive rate is under 0.03%. ATI's accuracy is 99.9%. Those aren't feature claims; they're the result of a decade of fusing threat context into every alert so that the alert means something by the time it reaches an analyst. AI plus threat intelligence became the engine, not the differentiator. That didn't shrink ThreatBook's value — it deepened it.
That pitch is now table-stakes. Enterprise security teams in 2026 are expected to have some form of AI and TI in their stack. If a vendor doesn't have it, they're answering for the gap, not selling against it.
That doesn't change; we still ship the foundation. ATI's 99.9% accuracy. TDP®'s <0.03% false positive rate. The 200+ APT groups and 2,000+ adversary groups tracked since 2015. The 14B+ attack records processed daily. None of that goes away. If a buyer doesn't have an AI+TI base layer, we're still the company that gives them a field-tested one. That part of the conversation hasn't changed.
What has changed is what we build on top. The agentic layer. Two arms.
By "AI for Security" we mean Agentic AI specifically. Not the traditional ML and deep learning that's already inside the engine. Agentic AI acts: it runs sessions, invokes tools, executes workflows, and builds experience over time. Flocks is what that looks like in the SOC.
The first arm uses AI to do the security work. Today, we're launching Flocks, and Flocks is the embodiment.
Flocks is our open-source, locally deployed agentic SecOps platform. Rex, the Main Agent, coordinates seven specialist agents across 150+ integrated tools. The agents don't replace your SIEM, SOAR, or EDR. They orchestrate across them. No rip-and-replace. Alert triage, correlation, playbook execution; the agent runs continuously, accumulates experience, and improves the rulebooks as your usage grows.
Three architectural choices matter, and they aren't accidents. We've made it open-source (Apache 2.0), which means a buyer can audit every line of agent behavior before it touches production. The antidote to black-box AI. Locally deployed means the agents run inside the customer's infrastructure with no data exfiltration to ThreatBook by design. The structural answer to data-sovereignty objections that SaaS-only competitors cannot replicate. SOC-adjacent means the existing stack stays intact. We want you to think of Flocks as a digital workforce of sorts; you're getting more hands on deck, making correlations and writing rulebooks (and getting better at it as it gets more experienced).
Most of the agentic pitches in market right now require the buyer to bet on a closed cloud platform. Flocks is the platform you deploy without making that bet. The architecture is what differentiates it.
Flocks is the SOC-operations embodiment of AI for Security. It's not the only one. Investigator, our free LLM/chat threat-analysis tool launched in 2023, has a Chat function forming the analyst-Q&A embodiment of the same arm: ask it about an IP, a domain, a hash, an APT group, and get the answer with the context behind it.
Same Agentic AI principle (an AI that acts on the intelligence to give you an answer); different surface (analyst Q&A instead of SOC orchestration). They can work standalone, but Flocks can call Investigator through the ThreatBook API when an in-flight investigation needs a fast intel-side lookup.
The second arm is the one most vendors aren't talking about yet. It's the one CISOs are about to start asking about — recent supply-chain poisoning campaigns have already hit developer tooling: Lazarus poisoning the Axios npm package, the openClaw RAT backdoor, the LiteLLM framework compromise. The AI tooling stack is next.
Every enterprise that deployed AI agents in the last 24 months has just created a new estate that needs defending. Agents acquire capabilities through Skills: third-party packages, MCP servers, code modules that extend agent behavior. Skills run with the agent's privileges. Skills are the new supply chain. Skills are the new attack surface.
SafeSkill is the AI-supply-chain assurance layer. Pre-import inspection. Marketplace filtering. Download scanning. Inventory remediation. One stop, every Skill. Monthly Skill call growth is 40%. SafeSkill has already identified 1,000+ compromised packages in the ClawHavoc supply-chain campaign.
SafeSkill is the launch-anchored embodiment of the Security for AI arm. Not the entirety. Our NDR platform, ThreatBook TDP®'s asset monitoring extends the arm to the network layer: model-serving endpoints, inference clusters, and agent runtime hosts are a new class of asset that NDR detects compromise on. ATI extends the arm to the CVE layer. The AI-related vulnerability subset (model-serving frameworks, vector databases, agent orchestration libraries) is one of the fastest-growing categories in the 400K+ vulnerabilities we track.
The strategic point: the company that ships the agents on the AI for Security arm is the same company that secures the AI estate on the Security for AI arm. For buyers worried that "agentic security" means trusting the agents themselves, the answer in this portfolio is structural. Both arms, same vendor, same intelligence engine.
The category is mid-shift. Every major vendor is making an agentic claim. Most of those claims are a SaaS aggregator running on top of the vendor's own closed platform. The buyer gets agents, conditional on betting on the platform first.
Our bet is different. AI+TI as the base, not differentiator. Agentic layer on top, two arms, deployment-mode-flexible: open-source local worker today, more SaaS surfaces ahead. The discipline that earned the trust becomes the foundation. The agents are the work.
This is the inflection point for the category. The moment "AI in security" stops being a feature claim and starts being an architecture decision. We're positioning into it.
We have more incoming. The Agentic Company isn't a single launch; it's very much the direction of where we're headed. It's the masthead the next 12 months of product ship under. Both arms will extend.
Flocks is on GitHub today, and you can easily deploy in an afternoon. SafeSkill is live on safeskil.io. The base cybersecurity stack (ATI, TDP®, DRPS, OneDNS®) is still doing what it's always done, just under a sharper masthead.
Bet on the agents you can audit, the deployments you control, and the company that ships both arms.