Mountain View, CA, USA
2018
  |  By LimaCharlie
Co-founder and COO Agentic SOC architecture, explained: how API-driven security operations work when AI agents are the primary operators. Most security operations centers are built around a dashboard. The dashboard is how analysts see what is happening, take action, respond to alerts, and manage cases. This design choice made sense when humans were the only operators in the environment.
  |  By LimaCharlie
Co-founder and COO If you're running an MSSP or preparing for an audit, lc-compliance automatically documents relevant compliance evidence directly into your case records as they're created. Service providers work in a regulated environment, and already know compliance is a grind. Audits produce a pile of evidence requests. Your team pulls logs, traces detections back to controls, and writes documentation that no one reads until the QSA asks for it. Then you do it again next year.
  |  By Daniel Ballmer
CEO Maxime Lamothe-Brassard made an observation after the RSA conference that security vendors don't typically say out loud: "The frontier models are just better than anything people roll their own. There's no secret sauce these vendors are offering that is better than the latest frontier model release." That's a pointed claim that carries a significant implication buyers may not have fully considered.
  |  By Daniel Ballmer
Most malware analysis workflows follow the same pattern: run a set of tools, manually review the output, build detection rules from memory, and repeat. It's reliable, but slow, and for MDR and MSSP teams handling volume, delays have a cost. In this workshop, LimaCharlie Senior Solutions Engineer Chris Botelho demonstrates a faster path: using Claude Code with LimaCharlie's reverse engineering environment to triage, analyze, and build detections against a real malware sample pulled from Malware Bazaar.
  |  By Daniel Ballmer
The dominant narrative around AI in security is one of emboldened defenders suppressing attackers. Yet, not everyone is convinced the future will be so rosy. In a recent Defender Fridays episode, Josh Neil, Co-founder and CTO of Alpha Level, made an argument that cuts against the celebratory mood: as AI makes known attack vectors harder to use, adversaries don't disappear. They adapt. For MSSPs and SOC teams, an adversary that looks like a user is a harder problem than one that looks like malware.
  |  By Daniel Ballmer
In July 2025, Replit's autonomous AI coding agent deleted a live production database despite being explicitly instructed to freeze all changes. The agent then attempted to reassure the user with incorrect information after the fact. The team had safeguards in place. The instructions were explicit. Neither stopped it. The conclusion that follows is one the security community should take seriously: you cannot enforce AI agent behavior through the agent itself.
  |  By Daniel Ballmer
Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.
  |  By Daniel Ballmer
Some of the security industry is still cautiously evaluating its relationship with AI. They are weighing questions, sitting with uncertainty, and waiting for something to ease their concerns about trusting AI in production. This post isn't for that group. This is for AI tool developers already in motion. The ones who vibe-coded a log parser over a weekend, spun up local inference on dedicated hardware, or ran cross-model research pipelines across multiple data sources.
  |  By Daniel Ballmer
AI tools are moving faster than the security controls meant to govern them.In this episode of Defender Fridays, Cisco's Cybersecurity Technical Solutions Architect Katherine McNamara walks through changes in the threat landscape as organizations rush to integrate AI without applying basic security discipline. When Katherine meets with customers to discuss AI security, the conversation almost always starts and ends in the same place: data leakage. Someone might upload sensitive files to a public LLM.
  |  By Daniel Ballmer
Most multi-agent security deployments fail in production not because the agents can't act, but because there's no shared context layer between them. When something goes wrong, the audit trail doesn't exist. In LimaCharlie, solving that problem is architectural, and the solution starts with how individual agents are defined.
  |  By LimaCharlie
It is almost impossible to trust the source of an image or video anymore. On The Cybersecurity Defenders Podcast, Tamas Kadar, CEO and Co-Founder of SEON, explains how generative AI has reshaped what fraudsters can pull off. Setting up sophisticated fraud operations no longer requires coding skills, and synthetic identities and deepfake documents have become convincing enough that visual verification alone is no longer reliable.
  |  By LimaCharlie
Intel Chat with Matt Bromiley and Chris Luft. Matt and Chris break down four stories from the week in threat intel: Chapters: The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Subscribe wherever you listen.
  |  By LimaCharlie
Today we're speaking with Tamas Kadar, CEO / Co-Founder of SEON, about building a safer digital world for businesses. We touch on fraud, how it's evolved in the age of AI, and what we can do to protect ourselves against it. Tamas' entrepreneurial path began at Corvinus University in Budapest, where the vision for SEON first took shape. Co-founding a cryptocurrency exchange opened his eyes to the scale and complexity of online fraud, sparking the idea for something better. In 2017, that “something better” became SEON.
  |  By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
  |  By LimaCharlie
In this session, LimaCharlie CEO Maxime Lamothe-Brassard walks through Grid, LimaCharlie's agentic SecOps layer built on Claude Code, and shows how it solves security operations problems end-to-end, from initial setup to ongoing autonomous maintenance. What's covered: Grid runs on Claude Code under the hood, with your own API keys, so cost is transparent and fully in your control. Timestamps.
  |  By LimaCharlie
A bug in Meta's AI-powered account recovery tool compromised 20,000 Instagram accounts. In this week's Intel Chat, Chris and Matt discuss how the flaw allowed attackers to bypass email verification. Meta patched the tool after discovering the abuse on May 31st. Matt's takeaway: tools given broad API access become attractive targets. Meta should have caught this in basic testing, yet it took an adversary to expose the weakness.
  |  By LimaCharlie
Join us for the final episode of Defender Fridays as Eric Capuano, creator of Defender Fridays and co-founder of Digital Defense Institute, closes out the series with a candid conversation on how he's actually building and running agentic workflows in the SOC today. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
  |  By LimaCharlie
Most MSSPs are spending analyst hours on compliance work that doesn't show up on an invoice. A client comes on board with HIPAA or CMMC requirements, someone manually audits detection rules and telemetry against framework controls, documents what's missing, and builds a remediation plan. Then the next audit cycle starts and you do it again, across every tenant, every framework, every year.
  |  By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
  |  By LimaCharlie
Join us for this week's Defender Fridays as Carlo Anez, Founder & Lead Instructor at IgniteCyber Academy and DEFCON Training Instructor, breaks down how to build practical blue team skills using open-source labs, MITRE ATTACK, and real-world defender workflows, and where AI fits into the picture without replacing the analyst.

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility into your coverage, build what you want, control your data, get the security capabilities you need, for however long you need them, and pay only for what you use.

LimaCharlie Sensors enable organizations to collect relevant security telemetry, logs and artifacts in real-time from any source and process that data at wire speed using a universal detection, response and automation engine. Use signature based detections, your favourite threat feed or subscribe to curated detection rules.

An engineering approach to cybersecurity:

  • Endpoint detection & response: Respond to threats at wire speed and create powerful automations. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors.
  • Software-defined networking: Secure and monitor network access to your endpoints by providing advanced instrumented Zero Trust VPN access. LimaCharlie’s Secure Access Service Edge (SASE) makes secure remote networking easy and affordable.
  • Windows Event Log monitoring: Gain the ability to capture and analyze Windows Event Logs (WEL) in real-time. Ingested WEL are indexed along common indicators of compromise and run through the Detection & Response engine.
  • File & registry integrity monitoring: LimaCharlie's File & Registry Integrity Monitoring capability allows you to monitor specific file path patterns and registry patterns for changes.
  • Monitoring cloud deployments: Secure your cloud using LimaCharlie’s advanced Sensor technology. Run in a VM, Docker, or as a privileged container in Kubernetes. Optimize your costs with fine-grained event collection control, autoscaling and automated sensor culling.
  • YARA scanning at scale: Various YARA scanning methods are available. Run a scan on any given endpoint or continuously across the entire fleet in a way that does not impact performance. Pull YARA signatures from Github repositories and other sources, both private and public.
  • Cutting edge detections: Leverage the work of best-in-class professionals with an unparalleled cost efficiency. Subscribe to threat feeds and curated detection rules. Easily write your own custom rules and apply them instantly to your entire fleet.
  • Log and artifact monitoring: Ingest logs, or any file type, from any source and run them through the detection, automation and response engine. One year of full telemetry storage included - not just detections or select entries, but all endpoint, network, and external logs telemetry.

Detect and respond on everything.