Cyware
Also known as: Cyware Quarterback, Agentic AI Fabric, Cyber Fusion, Cyware Intel Exchange
AI powered Cyber Fusion platform with an Agentic AI Fabric of specialized SOC agents that enrich intelligence, engineer detections, reconstruct attacks, and automate response, plus threat sharing networks.
Cyware provides an AI powered Cyber Fusion platform that operationalizes threat intelligence and unifies security operations for enterprises, MSSPs, and threat sharing networks. Its modular platform combines a threat intelligence platform (Intel Exchange), security orchestration and automation (Respond), and collaborative threat sharing, and it serves as the backbone for most major ISACs, ISAOs, and CERTs, automating intelligence sharing for tens of thousands of enterprise members.
Cyware Quarterback AI, which began as a co pilot in 2024, now includes an Agentic AI Fabric: an ecosystem of specialized agents that autonomously ingest, contextualize, and act on threat intelligence. Named agents include a SOC Analysis Agent that enriches IOCs and delivers step by step mitigation from the browser, a Detection Engineering Agent that generates validated TDL rules, YARA or Sigma code, and Splunk SPL queries, an Attack Flow Agent that reconstructs adversary timelines mapped to MITRE ATT&CK and predicts next moves, an Incident Reporting Agent, a Playbook Builder Agent, and Alias Consolidation and Contextual Intelligence agents. An Analyst Agent Hub, available in platform or via browser extension, lets analysts coordinate agents across workstreams, and the AI Fabric builds agents with prebuilt templates, a drag and drop editor, natural language prompts, and AI generated code blocks. All AI features are optional and can be disabled by deployment flag or admin configuration.
Founded by CEO Anuj Goel, Cyware raised a thirty million dollar Series C led by Ten Eleven Ventures with participation from Advent International and Zscaler, achieved FedRAMP Ready status, and partners with Microsoft to integrate threat intelligence workflows across Cyware and Microsoft Sentinel.
Vendor details
Canonical URL
https://www.cyware.com
Category
Security / SOC agent
Subcategory
Cyber fusion and agentic threat intelligence
Funding status
Series C of thirty million dollars led by Ten Eleven Ventures with Advent International, Zscaler, and others (2023); FedRAMP Ready; serves Fortune 1000, MSSPs, and 20+ ISACs
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Vendor agnostic orchestration across cloud and on premises security tools; enrichment from VirsTotal, Mandiant, PolySwarm and more; deep integration with Microsoft Sentinel via a strategic partnership; App Marketplace and Playbook Store; STIX 2.1 normalization; MITRE ATT&CK mapping; browser extension for the Analyst Agent Hub; MCP support.
In practice
The SOC Analysis Agent enriches IOCs, correlates alerts, and delivers step by step mitigation from the analyst's browser, cutting triage time two to three times
The Detection Engineering Agent converts a threat report into validated YARA and Sigma rules and Splunk queries with no manual coding
An ISAC uses Cyware to automatically ingest, normalize to STIX, and share threat intelligence across tens of thousands of member organizations
Sources & related URLs
Research sources
Capability coverage
12.0 / 14 capabilities · 86%
| Integrations & Tool CallingVendor agnostic orchestration across cloud and on premises security tools, enrichment from VirusTotal, Mandiant, and PolySwarm, deep Microsoft Sentinel integration, an App Marketplace, and MCP support. cyware.com homepage, Intel Exchange page, and Sentinel partnership PR retrieved 2026-07-08. | Full |
|---|---|
| Workflow OrchestrationThe Agentic AI Fabric creates and deploys agents that autonomously ingest, contextualize, and act on intelligence, orchestrating rapid responses and triggering automated playbooks, with SOAR hyper orchestration across the security stack. cyware.com /ai and Agentic AI Fabric PR retrieved 2026-07-08. | Full |
| Knowledge Grounding & RAGAgents extract IOCs, TTPs, and threat actors from any source, normalize to STIX 2.1, enrich and correlate indicators, consolidate aliases, and map relationships to MITRE ATT&CK, grounding decisions in a continuously updated intelligence picture. cyware.com Intel Exchange page retrieved 2026-07-08. | Full |
| Human Oversight & GuardrailsAgents work alongside analysts to elevate human capabilities, the Analyst Agent Hub lets analysts coordinate and drive selected agents across workstreams, and all AI features are optional and can be disabled by deployment flag or admin. cyware.com Agentic AI Fabric PR and Intel Exchange page retrieved 2026-07-08. | Full |
| Security, Identity & GovernanceAgents are integrated with the Cyware platform and governed from day one, the platform achieved FedRAMP Ready status, and AI features are admin controllable, hosted securely on AWS. cyware.com /ai page and Series C PR retrieved 2026-07-08. | Full |
| Observability & AuditabilityTracks KPIs like MTTD and MTTR with advanced reporting and auditing, provides visual threat mapping and relationship visualization, and the Incident Reporting Agent generates structured executive and technical reports. cyware.com Respond page retrieved 2026-07-08. | Full |
| Memory & State PersistenceThe platform maintains a continuously updated, deduplicated intelligence repository and correlated data that agents draw on across the lifecycle; a dedicated agent memory construct is not separately documented. cyware.com Intel Exchange page retrieved 2026-07-08. | Partial |
| Deployment & Data ResidencyThe platform synchronizes actions between cloud and on premises tools, is cloud based and AWS hosted with FedRAMP Ready status, and supports modular deployment of TIP, SOAR, and threat response components. cyware.com Series C PR and /ai page retrieved 2026-07-08. | Full |
| Prebuilt Agents, Templates & PacksA growing Agent Catalogue of specialized prebuilt agents (SOC Analysis, Detection Engineering, Attack Flow, Incident Reporting, Playbook Builder, Alias Consolidation), a Playbook Store, and prebuilt templates with a drag and drop editor. cyware.com Agentic AI Fabric PR and homepage retrieved 2026-07-08. | Full |
| Triggers & Channel CoverageAgents autonomously ingest and act on incoming threat intelligence, proactively trigger containment such as isolating a compromised asset before a breach spreads, and real time alerting drives bi directional sharing. cyware.com Intellyx analysis and homepage retrieved 2026-07-08. | Full |
| Model Flexibility & RoutingThe AI Fabric embeds LLMs directly into playbooks to analyze alerts and normalize data and supports native context protocols (MCP), but customer selectable models or routing across providers is not detailed. cyware.com /ai page and cyber fusion blog retrieved 2026-07-08. | Partial |
| APIs, SDKs & MCP ExtensibilityThe AI Fabric builds agents with natural language prompts, AI generated code blocks, a Custom Code Generator Agent, and native context protocols (MCP), with an App Marketplace and browser extension extending the platform. cyware.com Intellyx analysis, Agentic AI Fabric PR, and cyber fusion blog retrieved 2026-07-08. | Full |
| Testing, Debugging & OptimizationThe Detection Engineering Agent generates validated, production ready detection rules and the playbook builder debugs run logs with step by step fixes, but a dedicated agent evaluation or simulation harness is not documented. cyware.com /ai page retrieved 2026-07-08. | Partial |
| Browser & Computer UseThe SOC Analysis Agent operates directly in the analyst's Chrome or Edge browser via a browser extension, enriching IOCs and connecting signals, though this is scoped to Cyware workflows rather than general computer use. cyware.com /ai page retrieved 2026-07-08. | Partial |
Pricing
Contact sales (modular components)
modular components (TIP, SOAR, threat sharing); AI features optional
What is public
The modular component structure and optional nature of AI features are public; dollar figures are not.
Billing mechanics
Modular licensing of TIP, SOAR, and collaborative threat response components, together or individually, with optional agentic AI features. Enterprise and MSSP contracts.
Cost watchouts
Modular licensing means cost depends on which components (TIP, SOAR, threat sharing) are adopted; agentic AI features are optional add ons layered on the base platform.
Variable cost rationale
Modular component licensing plus optional AI features means cost scales with the mix adopted and, for MSSPs and ISACs, with member and data volume; no public metering, so exposure is inferred from the model.
Additional watchouts
Component mix drives cost; MSSP and ISAC deployments scale by members; confirm whether agentic AI is bundled or an add on.
Sales call required
Yes — required for paid access
Free / trial
No public free tier; demo request. AI features optional and admin controllable
Key ambiguities
Pricing axis and figures are unpublished; modular structure means quotes depend heavily on component mix and member scale.
Missing data
All pricing figures, per component rates, AI feature pricing.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…