What You Missed on the Expo Floor
Key Moves in Security Orchestration at Black Hat USA 2025:
- Arctic Wolf showcased its Aurora Platform for AI-powered SOC operations.
- Red Canary highlighted its Security Data Lake and new identity protection capabilities.
- N-able promoted its AI-based endpoint security, cloud-first backup, and multi-tenant RMM platform for MSPs.
- D3 Security featured its Morpheus AI platform for autonomous SOC operations.
- Sublime Security ran popular demos of its email security platform, focusing on detecting advanced threats like Scattered Spider.
Security Orchestration, Automation, and Response (SOAR) took center stage at Black Hat USA 2025, with vendors showcasing how automation is evolving from rule-based workflows to intelligent, agentic systems. The shift is no longer about reducing alert fatigue; it’s about enabling autonomous decision-making across the SOC.
Our team was on the ground throughout the event—attending keynotes, sitting in on panel discussions, and speaking directly with solution providers and CISOs. The consensus was clear: SOAR is maturing fast, and the next wave is being driven by AI-native platforms that can act, not just react.
Here are some key themes from the show that stood out:
Agentic AI Meets SOAR: The Rise of Autonomous SOCs
A popular demo on the expo floor came from Torq, whose HyperSOC™ platform wowed attendees with its ability to autonomously triage and respond to Tier-1 and Tier-2 alerts. Torq’s AI-native SOC integrates with full security stacks and automates critical responses at machine speed. Carvana’s CISO Dina Mathers shared how her team now handles 100% of Tier-1 and Tier-2 events through Torq’s AI SOC analyst, freeing human analysts to focus on strategic threats.
Swimlane also made waves with its Turbine platform, which now automates up to 25 million actions per day—17x faster than traditional SOAR. The company introduced a Compliance Audit Readiness solution that maps controls to the Secure Controls Framework, streamlining audit prep across 30+ global standards.
LLMs in the Loop: Smarter Orchestration with Context
Cyware showcased its MCP Server, which integrates large language models directly into detection and response workflows. Its Quarterback AI agent surfaces indicators of compromise, adversary TTPs, and vulnerabilities, then recommends actions based on threat intelligence. The result is faster, more informed decisions without human bottlenecks.
CrowdStrike expanded its Falcon Shield platform to support GPT-based agents via integration with OpenAI’s ChatGPT Enterprise Compliance API. The system maps agents to their human creators, governs privileges, and automatically contains threats using Falcon Fusion, CrowdStrike’s no-code SOAR engine.
SaaS and AI App Control: Orchestration Beyond the SOC
AppOmni introduced new packages for SaaS and AI app control, including orchestration for shadow SaaS discovery, permission mapping, and suspicious activity detection. Its enterprise tier supports 30+ AI and SaaS apps, including ChatGPT Enterprise and Cisco Umbrella, and integrates orchestration into threat detection workflows.
Tenable added AI Exposure to its Tenable One platform, enabling orchestration of policy enforcement and risk prioritization for generative AI tools. It identifies unauthorized AI usage and automates guardrail enforcement across enterprise environments.
What We Heard in the Hallways
“We’re seeing orchestration shift from playbooks to autonomous agents. That’s a big leap.”
—Eldad Livni, Co-Founder & CIO, Torq
“SOAR is finally living up to its promise: automation that actually thinks.”
—Dina Mathers, CISO, Carvana
Why It Matters
Security orchestration is now about enabling autonomous action. The platforms showcased at Black Hat USA 2025 are pushing SOAR into a new era, where AI agents operate with context, speed, and precision. For BDMs and TDMs, this means faster MTTR, reduced burnout, and more strategic use of human talent.
If your SOC still relies on manual triage and static playbooks, it’s time to rethink your approach. Check out our list of top SOAR solution providers for some best practices.
