Advisory AI in the SOC still requires a human to review, approve, and act on every output. The bottleneck shifts upstream, but the constraint on your operations stays the same.

Alert volume keeps climbing. Analyst-to-alert ratios stay broken. Adding a chat interface does not change the math.

AI operator-first means AI agents have the same API access as your analysts: writing and deploying detection rules, triggering response actions, running cross-tenant investigations, and updating cases, all within the same RBAC model that governs your human team.

LimaCharlie was built API-first from the start. Every function in the UI is also available via API, so agents can do the same work analysts do, scoped to exactly the permissions you set.

The new blog covers what that architecture looks like in practice and why most platforms cannot support it.

See the full post: https://limacharlie.io/blog/what-ai-operator-first-soc-looks-like

Malware analysis takes time, and extracting indicators manually before you can write a single detection rule adds to that cost.

On May 6th at 10am PT / 1pm ET, we will be hosting a hands-on workshop covering how Claude Code can accelerate that process without removing human judgment from the analysis.

You'll analyze an unknown binary, extract indicators, and use the LCRE (LimaCharlie Reverse Engineering) tool to identify configuration details, key behaviors, and signals useful for rule building.

Then you'll execute the sample in a sandboxed VM to validate detections against real runtime behavior.

No Claude Code license required. This session will not be recorded.

Save your spot: https://limacharlie.wistia.com/live/events/i3qmix87mf?utm_campaign=workshop+malware+5+6+2026&utm_source=mastodon&utm_medium=social

The early days of U.S. cyber policy were defined by agencies that had no common language and no playbook to follow.

J. Michael Daniel, President and CEO of Cyber Threat Alliance and former White House cybersecurity coordinator, talks through what it actually took to coordinate cyber policy across the federal government, build public-private partnerships that work, and stand up an intelligence sharing organization that serves the entire cybersecurity industry.

The full conversation includes:

> Why public-private partnership in cybersecurity is harder to operationalize than most people assume
> What business leaders consistently get wrong about cyber risk
> How threat intelligence sharing actually works inside the Cyber Threat Alliance
> Why all of the industry's accumulated tech debt may be coming due

Listen to the full episode: https://www.youtube.com/watch?v=I1lF6OEUnvc&t=29s

Tomorrow on Defender Fridays, Katherine McNamara, Cybersecurity Technical Solutions Architect at Cisco, joins us to discuss how AI and ML adoption in enterprise infrastructure has expanded the attack surface for AI-driven systems.

She'll walk through the security challenges unique to generative AI and ML-based architectures, and cover the four critical components: Model, Data, Application, and System, that organizations need to secure to maintain integrity.

Friday, April 24 at 10:30am PT.

https://info.limacharlie.io/defender-fridays?utm_source=linkedin&utm_medium=organic_social&utm_content=webinar&utm_campaign=defender_fridays&utm_term=&lead_source_detail=mastodon

Most AI SecOps vendors ship a fixed platform: the architecture, the workflows, the pricing model are all decided for you.

LimaCharlie's position has always been the opposite. Build the capabilities and the value first, then give operators the freedom to modify, assemble, and build on top of them however their operation requires.

That extends all the way up the stack, from automated agents to deployable AI SOCs you define and run across thousands of tenants as infrastructure as code.

Your toolkit, built on real SecOps infrastructure.

See how it works: https://limacharlie.io/

#mssp #secops #ai #agenticai

In this week's Intel Chat, Chris Luft and Matt Bromiley discuss a design flaw in Anthropic's Model Context Protocol (MCP) that could enable large-scale supply chain attacks on agentic AI systems.

Researchers at OX Security found that MCP's command execution allows malicious commands to run silently without sanitization checks or warnings.

Matt clarifies what this means for organizations: MCPs aren't inherently malicious or insecure, but there are ways for them to be abused. You're dealing with an open source project that loads additional libraries on your system, creating another potential attack vector.

His advice? You don't need to throw your entire infrastructure away. You just need to be a little more careful. Double check your code, be cautious about what you download and install, and make sure you have the right security controls in place.

The episode also covers APT41 deploying a Linux backdoor targeting cloud credentials, Fancy Bear using zero-days in Ukraine supply chain attacks, and a critical NGINX UI vulnerability being actively exploited.

Subscribe to The Cybersecurity Defenders Podcast: https://limacharlie.io/podcast

Most EDR vendors eventually make a choice: optimize for large enterprise or stay flexible enough for MSSPs.

For Black Hills Information Security, their previous vendor made that choice, and it wasn't the right one for how they operate.

John Strand says LimaCharlie delivered everything they had hoped their previous vendor would have built toward five years ago. The licensing scales up and down with their business, multi-tenancy is built in, and it integrates cleanly across their entire stack.

Switching vendors is never easy, but the BHIS SOC team found the transition to our Agentic SecOps Workspace natural from the start.

Watch the full interview: https://www.youtube.com/watch?v=stHEBb-iiys&t=3s

Token-based billing sounds reasonable until you run the numbers at MSSP scale.

With thousands of tenants, variable alert volumes, and no predictable ceiling on monthly AI costs, that model doesn't just create budget problems, it makes AI operationally impossible to commit to.

ASW pricing is structured differently: a flat monthly fee per analyst, covering everything they need. No per-token math, no worst-case scenarios to hedge against, no surprises when a tenant has a bad week.

Predictable costs are what make it possible to actually build AI into how you run a SOC, not just pilot it.

Explore pricing at http://limacharlie.io/pricing

#mssp #secops #ai #agenticai

MFA gaps are still showing up in 2026, and penetration testers are finding them.

On The Cybersecurity Defenders Podcast, Terry Bradley, founder of Mile High Cyber and former NSA hacker, explains how organizations roll out MFA policies but consistently leave certain systems uncovered.

Copier accounts, scanner accounts, and similar devices often get skipped during rollout and remain accessible from the internet without any authentication layer.

The full conversation covers a lot of ground:

> Why Active Directory default security settings are a gift to penetration testers
> How attackers are scaling operations against small and mid-market businesses
> What a solid incident response plan actually needs to include
> Where application security is headed as AI-assisted development accelerates

Listen to the full episode: https://limacharlie.io/podcast?wchannelid=1bbncmrkw3&wmediaid=6y3engsk70