Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CEO Maxime Lamothe-Brassard made an observation after the RSA conference that security vendors don't typically say out loud: "The frontier models are just better than anything people roll their own. There's no secret sauce these vendors are offering that is better than the latest frontier model release." That's a pointed claim that carries a significant implication buyers may not have fully considered.

Most malware analysis workflows follow the same pattern: run a set of tools, manually review the output, build detection rules from memory, and repeat. It's reliable, but slow, and for MDR and MSSP teams handling volume, delays have a cost. In this workshop, LimaCharlie Senior Solutions Engineer Chris Botelho demonstrates a faster path: using Claude Code with LimaCharlie's reverse engineering environment to triage, analyze, and build detections against a real malware sample pulled from Malware Bazaar.

The dominant narrative around AI in security is one of emboldened defenders suppressing attackers. Yet, not everyone is convinced the future will be so rosy. In a recent Defender Fridays episode, Josh Neil, Co-founder and CTO of Alpha Level, made an argument that cuts against the celebratory mood: as AI makes known attack vectors harder to use, adversaries don't disappear. They adapt. For MSSPs and SOC teams, an adversary that looks like a user is a harder problem than one that looks like malware.

In July 2025, Replit's autonomous AI coding agent deleted a live production database despite being explicitly instructed to freeze all changes. The agent then attempted to reassure the user with incorrect information after the fact. The team had safeguards in place. The instructions were explicit. Neither stopped it. The conclusion that follows is one the security community should take seriously: you cannot enforce AI agent behavior through the agent itself.

Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.

Some of the security industry is still cautiously evaluating its relationship with AI. They are weighing questions, sitting with uncertainty, and waiting for something to ease their concerns about trusting AI in production. This post isn't for that group. This is for AI tool developers already in motion. The ones who vibe-coded a log parser over a weekend, spun up local inference on dedicated hardware, or ran cross-model research pipelines across multiple data sources.

AI tools are moving faster than the security controls meant to govern them.In this episode of Defender Fridays, Cisco's Cybersecurity Technical Solutions Architect Katherine McNamara walks through changes in the threat landscape as organizations rush to integrate AI without applying basic security discipline. When Katherine meets with customers to discuss AI security, the conversation almost always starts and ends in the same place: data leakage. Someone might upload sensitive files to a public LLM.

Most multi-agent security deployments fail in production not because the agents can't act, but because there's no shared context layer between them. When something goes wrong, the audit trail doesn't exist. In LimaCharlie, solving that problem is architectural, and the solution starts with how individual agents are defined.

Anyone who's stood up a SIEM from scratch knows the feeling: weeks of infrastructure work, integration headaches, and a services team alongside for the whole process. That experience shaped how people think about adopting anything new in security ops. The instinct is to treat AI the same way: budget for it, plan for it, bring in specialists. This instinct is costing teams real time. Traditional infrastructure takes great effort to stand up. Infrastructure-as-code happens in seconds.

Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.