Full SOC Operations with Claude Code: Fork, Install and Run Agents

After RSAC, one thing was clear: security teams don't want a black box AI SOC product and they want to go beyond triage and co-pilots. They want infrastructure they can control, extend, and own.

LimaCharlie runs composable AI agents built on real SecOps infrastructure, in production.

Our open-source AI triage agents are designed as self-contained, installable units, each with defined scope, permissions, and behavior. Join Maxime Lamothe-Brassard, CEO and Founder, as he walks through the architecture and runs live demonstrations inside the Agentic SecOps Workspace.

What you'll see:

• How coordinated AI agents handle detection triage end-to-end, from alert to case (with or without human intervention)
• The "SOC as IaC" (Infrastructure as Code) model in practice: agents defined as YAML and markdown, installed or removed on demand
• How composable agents stack, covering detection triage, false positive baselining, and threat intel without conflicting
• The open-source lc-agents repo and how to fork, extend, or contribute your own

Our RSAC demo generated a lot of interest and questions about how our agentic operations actually work. This session is a deeper dive, built for security engineers and MSSP operators who want to see what running a SOC on Claude Code really looks like.