惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
C
Check Point Blog
博客园 - Franky
V
Visual Studio Blog
云风的 BLOG
云风的 BLOG
aimingoo的专栏
aimingoo的专栏
Microsoft Security Blog
Microsoft Security Blog
V2EX - 技术
V2EX - 技术
AI
AI
Hacker News - Newest:
Hacker News - Newest: "LLM"
Jina AI
Jina AI
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
H
Hackread – Cybersecurity News, Data Breaches, AI and More
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
爱范儿
爱范儿
H
Heimdal Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
Google Developers Blog
G
GRAHAM CLULEY
V
V2EX
The Register - Security
The Register - Security
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
Schneier on Security
Schneier on Security
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
Help Net Security
Help Net Security
大猫的无限游戏
大猫的无限游戏
C
CERT Recently Published Vulnerability Notes
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
The Last Watchdog
The Last Watchdog
J
Java Code Geeks
S
Secure Thoughts
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
量子位
NISL@THU
NISL@THU
K
Kaspersky official blog
Engineering at Meta
Engineering at Meta
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
宝玉的分享
宝玉的分享
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
博客园_首页
A
Arctic Wolf

Insight Partners

Demystifying the forward deployed engineer Behind the investment: Higharc and the AI-native future of homebuilding According to Root.io, your security backlog is a problem that only AI can fix How AI is rebuilding America's primary care system How Skyflow ends the false choice of block or unblock for Agent data How Trustmi uses AI to make sure every dollar goes where it should How Tamnoon is tackling the cloud security backlog with autonomous remediation The next generation of analytics: Why we invested in Golden Analytics How Mate Security is building the AI teammates that security operations centers have been waiting for Brinqa is building the context layer that enterprise security is missing The SaaS GTM glossary that no one has written yet What top-performing CMOs say about success in 2026 Client Challenge How Healthie is building the critical infrastructure behind accessible, longitudinal care GovWell Raises $25M Series A Led by Insight Partners to Build the AI Operating System for Modern Government How Devo built agentic Strike48 to kill the SOC alert Devicie is building endpoint security for an AI-driven world Why Delinea focuses on privileged access to prevent breaches from humans and AI Agents Inside Semperis: Response and recovery after identity system attacks Cloudsmith Raises $72M Series C Led by TCV and Insight Partners to Control and Secure the AI-Powered Software Supply Chain Covera Health and Medmo Combine to Deliver the First Platform That Manages the Complete Radiology Journey: From Imaging Order to Accurate Diagnosis From software to hardware: Where Nest founder Tony Fadell thinks AI will go next The skills gap cybersecurity leaders are facing right now Client Challenge Stop selling to enterprises. Start building with them. Behind the Investment: Linx Why we invested in Rocketlane How agentic AI is rearchitecting enterprise workflows Linx Security Raises $50M Series B as Identity Becomes Security’s Biggest Failure Point ScaleOps Raises $130M Series C at Over $800M Valuation to Lead the Future of Autonomous Cloud and AI Infrastructure Resource Management Rocketlane Raises $60 Million Series C to Redefine Professional Services for the AI Era Supercharging financial advisors: How AI is reshaping wealth management How Pictor Labs is turning tissue into data to revolutionize diagnosis
Command Zero is betting big on AI-native defense compressing response time
Insight Partners · 2026-06-26 · via Insight Partners

Cybersecurity has long been defined and dogged by the same problem. Defenders have to get it right every time. Attackers, once. AI has made that asymmetry more marked.

Attacks from AI-enabled adversaries increased by 89% from 2024 to 2025, according to CrowdStrike’s 2026 Global Threat Report, and the fastest observed breakout time — the speed at which an attacker moves from initial access to another system — was 27 seconds.

But Alfred Huger, CPO and cofounder of AI-native cyber investigation platform Command Zero, thinks that that asymmetry might now be shifting in defenders’ favor.

“AI is finally giving us the opportunity to get in front of a problem that we’ve always traditionally been well underneath,” he says.

“[AI] presents an opportunity to at least level the playing field. And that’s not a truth that I’ve had in the last 30 years of building products.”

The agentic security operations center (SOC) space is crowded in 2026, with Microsoft, Google, CrowdStrike, IBM, and a long tail of startups talking about autonomy, alert correlation, and mean time to respond (MTTR) compression. But what will it really take for that asymmetry to bend, and is it happening now?

On the attacker’s clock

An asymmetry also exists within defense. There is a difference between what a Tier 1 analyst can do with a set of alerts and what a Tier 2 or Tier 3 analyst can do with exactly the same data.

“The outcome is almost entirely dependent on the skill set of the person who’s in front of the problem, and that’s one of the things that AI helps level out for everybody,” says Huger.


Read Command Zero’s founding story: How Command Zero is redefining incident response in the age of autonomous cyber defense


In a typical breach investigation at a well-resourced organization, he says, it takes “anywhere from 90 minutes to four and a half hours to actually define whether you’re looking at an incident.” Command Zero compresses that to roughly seven minutes.

Set that against the average breakout time for an attacker in 2025: 29 minutes, a 65% increase in speed from 2024. AI enables defenders to respond on the attacker’s timescales, or better, whether they’ve been on the job for 10 days or 10 years.

Most of this time is taken up not with incident response, but actually figuring out what went wrong.

“It’s time lost scrambling…extracting the right data from the right places, finding out where to get it, who owns it, how to access it, and then trying to tie all of these disparate things together into one coherent narrative. When you’re dealing with 30 spreadsheets and a variety of data, that’s word of mouth, a Slack channel, et cetera.”

In other words, not work that humans really want to do. And it only really pays off when a senior analyst is doing it, because they have the experience and hard-won instinct to know where to dig and what to look for. Agents can now do all of that grunt work, while the human moves up the stack to judgment.

Encoded experience is the moat

That doesn’t mean Agents replace decades of expert investigative knowledge, but rather Agents are used to encode and scale it. And that, Huger believes, is the new moat.

“The barrier to entry for everything is both narrowed, and it’s very shallow. So the question is, how do you become successful when code is not the barrier?”

He thinks the answer is the business-specific context that makes an Agent useful in a specific environment. APIs and data integration, he argues, are the easy part.

Most data sources have APIs, they’re fairly well structured, and they’re easy to integrate with. The hard part is the institutional knowledge that turns telemetry into investigation — who owns the asset, why it matters, who the VIPs are, what normal looks like for this VIP user, and what the Agent should expect.

“We spend a lot of time codifying that knowledge and then marrying it against the business context of where we’re deploying,” says Huger. “And when you couple that up with experience from somebody who’s been through thousands of real breaches, you end up with an Agent that’s highly capable.”

“Nothing beats the hard-earned experience of an incident responder or somebody who has lived in these problems.”

Doing more with more

That’s why Huger doesn’t agree with the common narrative that AI in the SOC will immediately replace entry-level analyst roles.

“I’ve yet to meet a CISO who intentionally wishes to trim their budget. This is a space that has far more problems than hands, and that’s not likely to change anytime soon…I don’t think that the best approach right now is to…assume that you can cut staff with it. You can — but I don’t know that that’s the wisest decision to make.”

He frames it in terms of capacity rather than efficiency. Most Command Zero customers, he says, use the speed gain to do more, such as investigating issues they had previously triaged away, running threat hunts they couldn’t staff, and getting ahead of problems instead of always being on the back foot.

“They can certainly do more with less, but in many cases, they can simply do more with more.”

Over-reliance on automation could erode the exact investigation skills SOC teams need over the next several years. The Agent that handles archaeology ultimately depends on humans who have the expertise and judgment to correct it, retrain it, and tell it what to look for next.

Entry-level security analysts will no doubt find parts of their roles changing because of AI, but most organizations will want to continue employing them, because they are the future higher-tier analysts who will orchestrate the Agents.

As Dov Yoran, CEO and cofounder of Command Zero, put it last year, “You’ll certainly still need those Tier 2 and 3 [analysts] that have the experience…Where are those going to come from, if you all of a sudden kill your Tier 1 footprint?”

The end of asymmetry?

This is probably not the end of the fundamental asymmetry of cybersecurity. But there does seem to be a way of bending it in the defenders’ favor, and not in the way that “agentic SOC” makes you think.

It is a future more human than a fully autonomous SOC. The tools and platforms that actually bend the asymmetry will win on the depth of the context and expertise they carry into a specific environment, and how much the AI uplevels everyone on the team, regardless of experience. And it will depend on organizations that use what they gain in speed to do more, rather than using it as a license to do the same with less.

If the agentic SOC is anything, it is the freedom to do more with more.


*Editor’s Note: Insight Partners has invested in Command Zero.