Dropzone AI
Also known as: Dropzone
Production proven AI SOC analyst that investigates every alert in under ten minutes over the existing security stack, with published per investigation pricing from $36,000 a year.
Dropzone AI is the most mature product in the AI SOC analyst category measured by customers in production: an autonomous LLM powered analyst that investigates security alerts around the clock, closing benign ones and escalating real threats without playbooks. Founded by Edward Wu, who previously built the detection engine at ExtraHop, Dropzone raised a $37 million Series B in July 2025 led by Theory Ventures for more than $50 million total, is listed as a representative vendor for AI SOC Agents in the Gartner Hype Cycle for Security Operations 2026, and holds the largest mindshare in PeerSpot's AI SOC category.
The design philosophy is overlay, not replacement. Dropzone connects with read only access to the tools a SOC already runs, SIEM, EDR, identity, email, and cloud, and investigates every alert those tools surface, typically in under ten minutes, producing a full evidence backed investigation report a human can audit. It works with what the existing stack sees rather than requiring log migration, which makes time to value days rather than quarters; the flip side is that coverage is bounded by what current tools surface. The positioning is supervised autonomy for tier one triage: the AI handles repetitive L1 investigation at ten times human analyst capacity while humans keep verdict authority, eliminating investigation backlogs rather than replacing the team.
Pricing is unusually transparent for enterprise security: Dropzone starts at $36,000 annually for 4,000 investigations, tying spend directly to investigation volume rather than seats or data ingested. For teams that want the fastest path to autonomous tier one triage on the stack they already own, Dropzone is the production proven default in the lane; teams that want an integrated data layer underneath the agents, or offensive validation feeding defense, are looking at architecturally different platforms.
Vendor details
Canonical URL
https://www.dropzone.ai
Category
Security / SOC agent
Subcategory
AI SOC analyst
Funding status
Independent, founded by Edward Wu, who previously built the detection engine at ExtraHop. Raised a $37 million Series B in July 2025 led by Theory Ventures, bringing total funding above $50 million. Listed as a representative vendor for AI SOC Agents in the Gartner Hype Cycle for Security Operations 2026 and holds the largest mindshare in the AI SOC category on PeerSpot.
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Drops in over the existing security stack with read only access to SIEM, EDR, identity, email, and cloud tools, investigating alerts those tools surface rather than requiring data migration. Each investigation produces a full evidence backed report, and one AI SOC analyst handles alert volume around the clock with typical analysis under ten minutes per alert.
In practice
Your two analysts face four thousand alerts a week and the backlog keeps growing. Dropzone investigates every alert in under ten minutes around the clock, closing benign ones with evidence.
You cannot rip out the SIEM to adopt AI. Dropzone connects read only to the tools you already run and starts investigating in days, no data migration.
The board asks what the AI spend buys. Per investigation pricing from $36,000 for 4,000 investigations ties the bill directly to work performed.
Sources & related URLs
Capability coverage
7.5 / 14 capabilities · 54%
| Integrations & Tool CallingRead only integrations across SIEM, EDR, identity, email, and cloud tools; investigates alerts from the existing stack without migration, Dropzone docs 2026-07-06 | Full |
|---|---|
| Workflow OrchestrationSingle agent autonomous investigation chains per alert; not a multi agent orchestration architecture, Dropzone docs 2026-07-06 | Partial |
| Knowledge Grounding & RAGBuilds environmental context about the organization to inform investigations; scoped to security telemetry, Dropzone docs 2026-07-06 | Partial |
| Human Oversight & GuardrailsSupervised autonomy posture: AI handles L1 investigation while human analysts keep verdict authority over conclusions and escalations, Dropzone docs 2026-07-06 | Full |
| Security, Identity & GovernanceRead only access model to customer tools with enterprise security posture appropriate to a SOC product, Dropzone docs 2026-07-06 | Full |
| Observability & AuditabilityEvery investigation produces a full evidence backed report a human can audit; investigation transparency is core to the product, Dropzone docs 2026-07-06 | Full |
| Memory & State PersistenceRetains organizational context across investigations; continuous learning is not the marketed differentiator, Dropzone docs 2026-07-06 | Partial |
| Deployment & Data ResidencySaaS overlay deployment; no self host or VPC residency option documented, Dropzone docs 2026-07-06 | Partial |
| Prebuilt Agents, Templates & PacksPrebuilt investigation coverage across common alert types without playbook authoring; a single analyst rather than an agent library, Dropzone docs 2026-07-06 | Partial |
| Triggers & Channel CoverageAlert driven autonomous invocation around the clock across every connected alert source is the operating model, Dropzone docs 2026-07-06 | Full |
| Model Flexibility & RoutingProprietary LLM pipeline; no customer facing model choice or routing, Dropzone docs 2026-07-06 | Unable to verify |
| APIs, SDKs & MCP ExtensibilityNo public developer API or SDK documented, Dropzone docs 2026-07-06 | Unable to verify |
| Testing, Debugging & OptimizationNo customer facing testing or evaluation tooling documented, Dropzone docs 2026-07-06 | Unable to verify |
| Browser & Computer UseNo browser or computer use capability, Dropzone docs 2026-07-06 | Unable to verify |
Pricing
$36,000 per year for 4,000 investigations (about $3,000 per month); larger volumes via sales
usage (investigations per year)
Included quota
Entry tier includes 4,000 investigations per year with the AI analyst operating around the clock; higher volume tiers are negotiated.
What is public
The $36,000 for 4,000 investigations entry rate is published by the vendor; everything above it is negotiated.
Billing mechanics
Annual contracts priced on investigation volume starting at 4,000 investigations for $36,000, scaling by volume rather than seats or ingested data. Sales led procurement with proof of value evaluations.
Cost watchouts
The unit is investigations, so alert volume drives the bill: a noisy environment or a detection expansion that doubles alerts doubles consumption of the quota. Confirm how the platform counts an investigation and what happens past the included 4,000.
Variable cost rationale
Investigation volume pricing means cost scales with alert load: predictable for a tuned environment, but detection changes or noisy quarters consume quota faster than budgeted.
Additional watchouts
Per investigation pricing is easy to justify but couples the bill to alert volume; tune noisy detections before sizing the contract or the quota disappears into false positives.
Overage / add-ons
Priced per investigation volume; terms for exceeding the included quota are negotiated rather than published.
Sales call required
Yes — required for paid access
Free / trial
Proof of value evaluations through sales; no self serve trial
Lowest paid plan
$36,000 per year for 4,000 investigations
Commercial notes
Independent, founded by Edward Wu (ex ExtraHop detection engine). $37 million Series B July 2025 led by Theory Ventures, $50 million plus total. Gartner Hype Cycle representative vendor and PeerSpot mindshare leader in AI SOC.
Key ambiguities
The $36,000 entry rate is vendor published, but volume tier pricing above 4,000 investigations and enterprise terms are not public.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Exaforce — AI SOC platform unifying Exabots agents with an integrated knowledge…
- Prophet Security — AI SOC platform with continuously learning agents, explicit…
- Qevlar AI — European autonomous AI SOC platform using graph based orchestration…
- Radiant Security — Adaptive AI SOC platform triaging every alert type that reaches the…
- Simbian — Family of SOC, threat hunting, and pentest agents reasoning over a…