Back to vendors
Q

Qevlar AI

Also known as: Qevlar

Visit site
Security / SOC agentindependentVerified 2026-07-06

European autonomous AI SOC platform using graph based orchestration for hallucination free tier 2 and 3 investigation in about three minutes, live across 1,500 plus organizations.

Qevlar is the European autonomous AI SOC platform built on graph based orchestration, with a design goal that shapes everything: hallucination free investigations at Tier 2 and Tier 3 depth. Founded in 2023 in Paris by CEO Ahmed Achchak and Hamza Sayah, the company raised roughly $44 million total, most recently a $30 million round in March 2026 co led by Partech and Forgepoint with EQT Ventures, and runs in production across more than 1,500 organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, ECI, and Atos, with unusually strong MSSP traction.

The platform automatically investigates every alert by correlating detection signals and telemetry across the whole stack, SIEMs, EDRs, identity systems, and threat intelligence, cutting investigation time roughly tenfold to about three minutes while investigating 100 percent of alerts with full depth. Two things distinguish it. The first is the graph based orchestration underneath, which the company positions as the reason investigations stay grounded and reproducible rather than hallucinating, a direct answer to the reliability worry that keeps teams from trusting autonomous SOC tooling. The second is the ambition beyond triage: Qevlar frames alerts as signals pointing at recurring patterns and systemic weakness, and is building from Level 1 investigation toward Level 2 enhanced detection and Level 3 remediation, turning each investigation into insight that reduces future alerts. A Fall 2026 release unifies SOC and vulnerability operations, correlating CVEs with live incident data, identifying asset owners, and hunting active exploitation.

Qevlar publishes no pricing; contracts run through enterprise sales, with strong MSSP packaging given its base. For SOCs and MSSPs whose priority is deep, reproducible autonomous investigation across the full stack, plus a roadmap from triage toward posture and remediation, Qevlar is the strongest European headquartered option in the lane.

Vendor details

Canonical URL

https://www.qevlar.com

Category

Security / SOC agent

Subcategory

AI SOC platform

Funding status

Independent, founded 2023 in Paris by CEO Ahmed Achchak and Hamza Sayah. Raised about $44 million total, including a $30 million round in March 2026 co led by Partech and Forgepoint Capital International with EQT Ventures, following a $14 million round in 2025. Live in production across more than 1,500 organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, and Atos.

Company status

independent

Use cases & customers

Primary use cases

autonomous tier 2 and 3 investigationhallucination free graph orchestrationMSSP alert overloadSOC and vulnerability operations unification

Target customers

MSSPsFortune 500 enterprisesEuropean SOC teams

Deployment options

SaaS

Integrations

Automatically investigates alerts by correlating detection signals and telemetry across the entire security stack, including SIEMs, EDRs, identity systems, and threat intelligence sources, using graph based orchestration and LLMs. New agents unify SOC and vulnerability operations, correlating CVEs with live incident data, identifying asset owners, and hunting active CVE exploitation, generally available Fall 2026.

In practice

Your MSSP analysts spend 30 plus minutes per alert across thousands daily. Qevlar investigates every alert at tier 2 and 3 depth in about three minutes with graph based orchestration.

You will not trust an autonomous tool that hallucinates in an investigation. Qevlar's graph based orchestration is built for reproducible, grounded conclusions rather than free form generation.

Your SOC and vulnerability teams work in silos. Qevlar's Fall 2026 agents correlate CVEs with live incident data, identify asset owners, and hunt active exploitation across both.

Capability coverage

7.0 / 14 capabilities · 50%

Integrations & Tool CallingCorrelates detection signals and telemetry across the full stack: SIEMs, EDRs, identity systems, and threat intelligence sources, Qevlar docs 2026-07-06 Full
Workflow OrchestrationGraph based orchestration is the flagship architecture driving reproducible tier 2 and 3 investigations across the stack, Qevlar docs 2026-07-06 Full
Knowledge Grounding & RAGCorrelates telemetry and threat intelligence into investigations, with Fall 2026 CVE correlation; scoped to security signals, Qevlar docs 2026-07-06 Partial
Human Oversight & GuardrailsHallucination free design and analyst review over conclusions; explicit verdict gating less documented than audit first overlay analysts, Qevlar docs 2026-07-06 Partial
Security, Identity & GovernanceEnterprise and MSSP grade security posture serving Fortune 500 and major managed providers across 1,500 plus organizations, Qevlar docs 2026-07-06 Full
Observability & AuditabilityGraph based investigations are reproducible with reporting, aiding auditability; per step provenance depth less documented, Qevlar docs 2026-07-06 Partial
Memory & State PersistenceLearns from each case to reduce future alerts and build posture insight; scoped to investigation state, Qevlar docs 2026-07-06 Partial
Deployment & Data ResidencySaaS with European headquarters and MSSP multi tenant deployment; explicit self host or residency controls not documented, Qevlar docs 2026-07-06 Partial
Prebuilt Agents, Templates & PacksPrebuilt autonomous investigation with new unified SOC and vulnerability agents in Fall 2026; a focused agent set rather than a large library, Qevlar docs 2026-07-06 Partial
Triggers & Channel CoverageInvestigates 100 percent of alerts across the stack around the clock, alert driven autonomous invocation, Qevlar docs 2026-07-06 Full
Model Flexibility & RoutingProprietary graph orchestration and LLM pipeline; no customer facing model choice or routing, Qevlar docs 2026-07-06 Unable to verify
APIs, SDKs & MCP ExtensibilityNo public developer API or SDK documented, Qevlar docs 2026-07-06 Unable to verify
Testing, Debugging & OptimizationNo customer facing testing or evaluation tooling documented, Qevlar docs 2026-07-06 Unable to verify
Browser & Computer UseNo browser or computer use capability, Qevlar docs 2026-07-06 Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

Contact sales; enterprise and MSSP contracts, no public rates

enterprise contract (MSSP packaging)

Contact onlyLow variable costTrial available

Included quota

Platform contract covering autonomous investigation across the full stack at Tier 2 and 3 depth; Fall 2026 vulnerability operations agents extend scope. No public tiers.

What is public

Nothing numeric; the 1,500 organization base and MSSP focus are public.

Billing mechanics

Enterprise contracts through sales with distinct MSSP packaging for managed providers serving many clients, plus direct enterprise deployment. Pricing not disclosed.

Cost watchouts

MSSP versus direct enterprise packaging differ; a managed provider reselling Qevlar across clients prices differently than a single enterprise deployment. Confirm which model the quote reflects.

Variable cost rationale

Enterprise platform licensing; while investigation volume likely factors in, no usage metering is published, so documented exposure is low.

Additional watchouts

Strongest fit for MSSPs and European enterprises; US buyers should confirm data residency and support coverage for their region.

Overage / add-ons

No public metering documented; likely scales with alert or investigation volume but terms are not published.

Sales call required

Yes — required for paid access

Free / trial

Enterprise evaluations through sales; no self serve trial

Lowest paid plan

None public; enterprise contract only

Commercial notes

Independent, Paris founded 2023, about $44 million raised. Live across 1,500 plus organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, and Atos, with unusually strong MSSP traction.

Key ambiguities

Nothing numeric is public, and MSSP multi tenant pricing versus direct enterprise pricing is not documented.

Verified 2026-07-06

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.