Qevlar AI
Also known as: Qevlar
European autonomous AI SOC platform using graph based orchestration for hallucination free tier 2 and 3 investigation in about three minutes, live across 1,500 plus organizations.
Qevlar is the European autonomous AI SOC platform built on graph based orchestration, with a design goal that shapes everything: hallucination free investigations at Tier 2 and Tier 3 depth. Founded in 2023 in Paris by CEO Ahmed Achchak and Hamza Sayah, the company raised roughly $44 million total, most recently a $30 million round in March 2026 co led by Partech and Forgepoint with EQT Ventures, and runs in production across more than 1,500 organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, ECI, and Atos, with unusually strong MSSP traction.
The platform automatically investigates every alert by correlating detection signals and telemetry across the whole stack, SIEMs, EDRs, identity systems, and threat intelligence, cutting investigation time roughly tenfold to about three minutes while investigating 100 percent of alerts with full depth. Two things distinguish it. The first is the graph based orchestration underneath, which the company positions as the reason investigations stay grounded and reproducible rather than hallucinating, a direct answer to the reliability worry that keeps teams from trusting autonomous SOC tooling. The second is the ambition beyond triage: Qevlar frames alerts as signals pointing at recurring patterns and systemic weakness, and is building from Level 1 investigation toward Level 2 enhanced detection and Level 3 remediation, turning each investigation into insight that reduces future alerts. A Fall 2026 release unifies SOC and vulnerability operations, correlating CVEs with live incident data, identifying asset owners, and hunting active exploitation.
Qevlar publishes no pricing; contracts run through enterprise sales, with strong MSSP packaging given its base. For SOCs and MSSPs whose priority is deep, reproducible autonomous investigation across the full stack, plus a roadmap from triage toward posture and remediation, Qevlar is the strongest European headquartered option in the lane.
Vendor details
Canonical URL
https://www.qevlar.com
Category
Security / SOC agent
Subcategory
AI SOC platform
Funding status
Independent, founded 2023 in Paris by CEO Ahmed Achchak and Hamza Sayah. Raised about $44 million total, including a $30 million round in March 2026 co led by Partech and Forgepoint Capital International with EQT Ventures, following a $14 million round in 2025. Live in production across more than 1,500 organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, and Atos.
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Automatically investigates alerts by correlating detection signals and telemetry across the entire security stack, including SIEMs, EDRs, identity systems, and threat intelligence sources, using graph based orchestration and LLMs. New agents unify SOC and vulnerability operations, correlating CVEs with live incident data, identifying asset owners, and hunting active CVE exploitation, generally available Fall 2026.
In practice
Your MSSP analysts spend 30 plus minutes per alert across thousands daily. Qevlar investigates every alert at tier 2 and 3 depth in about three minutes with graph based orchestration.
You will not trust an autonomous tool that hallucinates in an investigation. Qevlar's graph based orchestration is built for reproducible, grounded conclusions rather than free form generation.
Your SOC and vulnerability teams work in silos. Qevlar's Fall 2026 agents correlate CVEs with live incident data, identify asset owners, and hunt active exploitation across both.
Sources & related URLs
Capability coverage
7.0 / 14 capabilities · 50%
| Integrations & Tool CallingCorrelates detection signals and telemetry across the full stack: SIEMs, EDRs, identity systems, and threat intelligence sources, Qevlar docs 2026-07-06 | Full |
|---|---|
| Workflow OrchestrationGraph based orchestration is the flagship architecture driving reproducible tier 2 and 3 investigations across the stack, Qevlar docs 2026-07-06 | Full |
| Knowledge Grounding & RAGCorrelates telemetry and threat intelligence into investigations, with Fall 2026 CVE correlation; scoped to security signals, Qevlar docs 2026-07-06 | Partial |
| Human Oversight & GuardrailsHallucination free design and analyst review over conclusions; explicit verdict gating less documented than audit first overlay analysts, Qevlar docs 2026-07-06 | Partial |
| Security, Identity & GovernanceEnterprise and MSSP grade security posture serving Fortune 500 and major managed providers across 1,500 plus organizations, Qevlar docs 2026-07-06 | Full |
| Observability & AuditabilityGraph based investigations are reproducible with reporting, aiding auditability; per step provenance depth less documented, Qevlar docs 2026-07-06 | Partial |
| Memory & State PersistenceLearns from each case to reduce future alerts and build posture insight; scoped to investigation state, Qevlar docs 2026-07-06 | Partial |
| Deployment & Data ResidencySaaS with European headquarters and MSSP multi tenant deployment; explicit self host or residency controls not documented, Qevlar docs 2026-07-06 | Partial |
| Prebuilt Agents, Templates & PacksPrebuilt autonomous investigation with new unified SOC and vulnerability agents in Fall 2026; a focused agent set rather than a large library, Qevlar docs 2026-07-06 | Partial |
| Triggers & Channel CoverageInvestigates 100 percent of alerts across the stack around the clock, alert driven autonomous invocation, Qevlar docs 2026-07-06 | Full |
| Model Flexibility & RoutingProprietary graph orchestration and LLM pipeline; no customer facing model choice or routing, Qevlar docs 2026-07-06 | Unable to verify |
| APIs, SDKs & MCP ExtensibilityNo public developer API or SDK documented, Qevlar docs 2026-07-06 | Unable to verify |
| Testing, Debugging & OptimizationNo customer facing testing or evaluation tooling documented, Qevlar docs 2026-07-06 | Unable to verify |
| Browser & Computer UseNo browser or computer use capability, Qevlar docs 2026-07-06 | Unable to verify |
Pricing
Contact sales; enterprise and MSSP contracts, no public rates
enterprise contract (MSSP packaging)
Included quota
Platform contract covering autonomous investigation across the full stack at Tier 2 and 3 depth; Fall 2026 vulnerability operations agents extend scope. No public tiers.
What is public
Nothing numeric; the 1,500 organization base and MSSP focus are public.
Billing mechanics
Enterprise contracts through sales with distinct MSSP packaging for managed providers serving many clients, plus direct enterprise deployment. Pricing not disclosed.
Cost watchouts
MSSP versus direct enterprise packaging differ; a managed provider reselling Qevlar across clients prices differently than a single enterprise deployment. Confirm which model the quote reflects.
Variable cost rationale
Enterprise platform licensing; while investigation volume likely factors in, no usage metering is published, so documented exposure is low.
Additional watchouts
Strongest fit for MSSPs and European enterprises; US buyers should confirm data residency and support coverage for their region.
Overage / add-ons
No public metering documented; likely scales with alert or investigation volume but terms are not published.
Sales call required
Yes — required for paid access
Free / trial
Enterprise evaluations through sales; no self serve trial
Lowest paid plan
None public; enterprise contract only
Commercial notes
Independent, Paris founded 2023, about $44 million raised. Live across 1,500 plus organizations including Mercedes-Benz, Sodexo, Orange Cyberdefense, and Atos, with unusually strong MSSP traction.
Key ambiguities
Nothing numeric is public, and MSSP multi tenant pricing versus direct enterprise pricing is not documented.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Dropzone AI — Production proven AI SOC analyst that investigates every alert in…
- Exaforce — AI SOC platform unifying Exabots agents with an integrated knowledge…
- Prophet Security — AI SOC platform with continuously learning agents, explicit…
- Radiant Security — Adaptive AI SOC platform triaging every alert type that reaches the…
- Simbian — Family of SOC, threat hunting, and pentest agents reasoning over a…