In the 18 months since "agentic security" stopped being a slide-deck phrase, the AI SOC category has gone from idea to product war. On 6 May 2026, Singapore-headquartered ThreatBook fired the latest salvo with two simultaneous launches — Flocks and SafeSkill — alongside a full brand relaunch positioning itself as "the agentic security company."
If you run a security team in the region — particularly the kind of mid-market team that's two analysts and a coffee machine away from burnout — this is the category to actually understand, not just nod at in newsletters. Here's what's shipped, who's playing, and why one launch in Singapore matters more than its press release suggests.
What "AI SOC" actually means
Strip the marketing and an AI SOC is an agent that does Tier-1 SOC work without a human in the loop for each step. It takes the firehose of alerts coming out of your SIEM, EDR, identity logs, cloud audit trails — and triages, enriches, hunts, and either closes the alert or hands a curated case to a human Tier-2.
The work itself isn't new. What's new is that LLMs got good enough at structured reasoning across heterogeneous tool outputs that the agent layer above the SIEM finally feels less like a chatbot and more like a junior analyst who never sleeps and remembers every prior investigation.
The May 2026 roster
Here's what landed in the AI SOC space in the last ~5 weeks, ordered by recency. I've stuck to verifiable launches — vendor announcements with corroborating independent reporting — and skipped the perpetual-beta crowd.
| Product | Vendor | Date | Posture |
|---|---|---|---|
| Flocks + SafeSkill | ThreatBook (SG) | 6 May 2026 | Agentic SOC + AI-agent skill protection |
| Claude Security (public beta) | Anthropic | 30 Apr 2026 | LLM-native vulnerability discovery + patching |
| Command Zero (APIs + MCP) | Command Zero | 29 Apr 2026 | Autonomous SOC platform, now open via API/MCP |
| Agentic SOC framing | Microsoft Security | 9 Apr 2026 | Roadmap + Security Copilot direction |
Add to that the established field that didn't ship anything material this month but is part of the competitive picture: Dropzone AI, CrowdStrike Charlotte Agentic SOAR (GA'd November 2025), Conifers CognitiveSOC, and Radiant. The Hacker News' AI SOC stack review from late 2025 catalogues most of these if you want the wider field.
Flocks: the security-trained Tier-1 that wants your sovereign LLM
The pitch, in ThreatBook's own framing: a security-trained agentic Tier-1 analyst that deploys inside the enterprise environment, stores zero customer data, and — this is the part I find most interesting — runs on the customer's chosen LLM, including sovereign deployments.
That last clause matters for ASEAN buyers more than for US ones. If you're a Singapore bank, an Indonesian telco, or a Malaysian healthcare network, "your SOC's reasoning brain phones an OpenAI endpoint" is a non-starter for a lot of regulators. The default architecture for nearly every other AI SOC product on the market assumes a US-hosted frontier model is the inference layer. Flocks pitches itself as model-agnostic and willing to run against whichever LLM your sovereignty review approved.
The architecture, again per ThreatBook's announcement and the Fast Mode write-up: long-running agent sessions, a tool system, a workflow engine, specialist agents, skills, memory, task scheduling, multi-entry access, and platform governance — packaged into "a single operational loop." That description is a feature list, not a benchmark, so the real test will be how it handles a 6am Friday alert storm. But the building blocks line up with what a 2026-class agentic SOC needs to actually do.
SafeSkill: protecting the agents that are protecting you
SafeSkill is the more conceptually-interesting half of the launch, even if it'll get less press. The thesis: as enterprises adopt AI agents en masse — for SOC work, for code review, for finance ops, anything — the skills those agents pull from (think MCP servers, plugin marketplaces, downloaded prompt libraries) become a new and largely-unguarded attack surface.
Per SecurityBrief Asia's coverage, SafeSkill scans across pre-import inspection, marketplace filtering, download scanning, and inventory remediation — basically anti-malware for the agent skill ecosystem. The threat model is the same supply-chain logic that hit Laravel-Lang last week (which I wrote about) — except instead of a developer pulling a compromised Composer package, you've got an autonomous agent silently invoking a poisoned skill mid-investigation.
If you're skeptical that AI-skill tampering is a real category yet, fair — it's early. But the orthogonal-product instinct here is correct: protecting the agent layer is a different problem from running the agent layer, and one company shipping both at the same launch event is a bet that the buyer eventually needs both.
Where Claude fits in: substrate, not product
It's tempting to slot Anthropic into the AI SOC vendor list and call it a day. That's not quite right.
Anthropic isn't shipping a SOC product. What it shipped on 30 April 2026 is Claude Security in public beta — a code-scanning and vulnerability-patching capability. Different problem space (AppSec, not SecOps). Important, but adjacent.
Where Claude shows up as a SOC capability is one layer down: as the model behind a partner's product. The clearest example is Accenture × Anthropic's Cyber.AI, which in customer deployments cut security-scan turnaround from 3-5 days to under one hour, and expanded test coverage from ~10% to over 80%. Anthropic has also published a catalogue of 734+ cybersecurity skills mapped to MITRE ATT&CK, which is essentially a library of agent capabilities a SOC product can compose against.
So the right mental model: ThreatBook, Dropzone, Charlotte = AI SOC products. Claude, GPT-5, Gemini = the substrate those products run on. Flocks' "bring your own LLM" pitch is interesting precisely because it makes the substrate layer swappable rather than vendor-locked.
Command Zero and the open-protocol bet
Command Zero's 29 April announcement is interesting in a different direction: they opened up their autonomous-SOC platform with full APIs and a Model Context Protocol (MCP) server. That signals where the category is heading — toward composability rather than walled gardens, with MCP as the lingua franca for tool-to-tool integration. Microsoft, Anthropic, and now Command Zero are all pulling in this direction.
Microsoft's framing piece
On 9 April 2026, Microsoft Security published its "Agentic SOC" position piece — less product, more direction-of-travel for Security Copilot. It's a useful read because it's the most coherent public articulation of how the AI SOC fits into the broader Microsoft security stack, and because most ASEAN enterprises will hit Microsoft's version first by virtue of already running E5 licenses.
The ASEAN math: why this matters more here
The reason I'm spending a Tuesday morning writing this from Singapore rather than letting it sit as a passing news item: the ASEAN cyber workforce math is bad and AI SOC products are the first credible answer.
The numbers, courtesy of ISC2's 2025 Cybersecurity Workforce Study and follow-up analysis:
- Asia-Pacific has the largest regional cybersecurity workforce gap globally — roughly 3.4 million unfilled positions.
- 33% of organisations cite budget as the reason they can't staff their security teams.
- 29% can't afford the skill levels they actually need.
- 95% of respondents report at least one critical skill gap. 59% say the gap is significant or critical.
Translate that to the room I'm actually sitting in. A typical Singapore mid-market SOC is two to four analysts, often one with experience and the rest training on the job. A typical Malaysian or Indonesian counterpart is leaner. None of these teams can absorb a 24/7 alert volume that would tax a 15-person enterprise SOC in the US. The gap isn't closing — Asia-Pacific has the largest shortage globally — and the budget reality means hiring our way out isn't on the table.
This is where AI SOC stops being aspirational. For a Singapore mid-market security team, an agentic Tier-1 that handles alert triage, basic enrichment, and routine threat hunting isn't a productivity tool — it's the only realistic path to coverage. The question isn't whether to adopt one, it's which one your auditor will accept.
That last point is where I think Flocks has a structural advantage in this region specifically: "runs on your sovereign LLM" is a sentence that lands very differently in front of a Singapore MAS auditor than "runs on Claude (US-hosted)." Doesn't mean Flocks wins — it means it gets a meeting that some competitors won't.
What I'm watching over the next quarter
- Does Flocks' sovereign-LLM claim hold up under scrutiny? "Customer-chosen LLM" is great in marketing copy and harder in practice when half the workflow templates are tuned for a specific model's quirks.
- Does SafeSkill stay open-source? ThreatBook positioned Flocks itself as having open-source DNA in the Cybersecurity Asia coverage, which is interesting given the typical commercial-product trajectory.
- Does the AI SOC category collapse to 2-3 winners by end of 2026? Five-plus credible vendors is unstable. Microsoft's gravitational pull on E5 customers, CrowdStrike's incumbency, and the LLM substrate war will sort it out faster than buyers expect.
- Does Anthropic ship its own SOC product, or stay as substrate? Claude Security beta is AppSec-shaped, not SecOps-shaped. The strategic-fit question is whether they ever cross that line.
If you're evaluating any of these — including Flocks — I'd say two things:
One, read the architecture documentation, not the press release. The interesting differences between AI SOC products are in how they handle long-running investigations, how they pass state between specialist agents, and how they constrain the agent from "helpfully" doing something destructive at 3am. Press releases optimise for the press, not for that.
Two, ask the vendor specifically how they handle the case where the agent is wrong. Every AI SOC product will misclassify an alert at some point. The mature products will have a clear story for confidence scoring, human-in-the-loop hand-off, and post-incident learning. The immature ones will say "we have high accuracy."
I'll revisit this when the dust settles a bit — say, end of Q3. By then we should have actual deployment data on at least Flocks, Claude-backed deployments via Accenture, and one of the Microsoft Security Copilot agentic patterns. If something material shifts before then, I'll update this post inline rather than start a new one.
