Qevlar AI develops an autonomous SOC platform built to turn day-to-day security operations into a self-improving defense system. Its platform investigates alerts across the security stack, connects related activity into incident narratives, and feeds outcomes back into response, threat hunting, detection engineering, and vulnerability management.
The company serves both enterprise SOC teams and managed security providers with API-based deployment, flexible hosting, and broad security-stack integrations. Qevlar AI has also expanded beyond alert investigation into incident correlation and a newer SOC-and-vulnerability workflow focused on exploitation hunting, shared CVE context, and asset-owner resolution.
Offerings, Capabilities, and Integrations
Qevlar AI’s core capability is autonomous investigation. It pulls, enriches, and analyzes data from internal and external sources, determines whether an alert is malicious or not harmful, generates comprehensive reports, and suggests remedial actions while keeping analysts in control of final decisions. The platform is designed to make its reasoning reviewable rather than opaque, and it applies organizational context so investigations become more consistent over time.
Deployment is API-based and available as SaaS or in a private cloud. Qevlar AI can be used as a dedicated platform or headless inside existing ticketing and SOC workflows, and it connects to common SIEM, EDR, XDR, SOAR, ticketing, email, identity, cloud, and threat-intelligence tools. Verified integrations shown by Qevlar AI include Microsoft Azure, Microsoft Sentinel, AWS CloudTrail, AWS GuardDuty, Google Cloud, Google SecOps, ServiceNow, Splunk, CrowdStrike, and VirusTotal.
Products and Services
- Qevlar AI: Autonomous SOC platform that investigates alerts across the stack, correlates related activity, and feeds outcomes into response, threat hunting, detection engineering, and vulnerability management.
- Automated Alert Investigation: Core investigation workflow that starts from SIEM or EDR alerts, autonomously pulls and analyzes data from internal and external sources, determines whether an alert is malicious or not harmful, and generates a comprehensive incident report with suggested next steps.
- SOC + Vulnerability: A newer Qevlar AI workflow that connects SOC and vulnerability operations so teams can prioritize risk using both live incident data and vulnerability context. It is being positioned around a shared operating model for exploitation-aware remediation.
- Vulnerability Exploitation Hunter: Announced in May 2026 and expected for general availability in Fall 2026, this AI agent translates CVE data into hunt queries and proactively searches environments for active exploitation.
- CVE Exploitation Intelligence Exchange: Announced in May 2026 and expected for general availability in Fall 2026, this shared intelligence layer is designed to give SOC and vulnerability teams a common real-time view of vulnerabilities and live exploitation activity.
- Asset Owner Agent: Announced in May 2026 and expected for general availability in Fall 2026, this AI agent reconciles asset ownership across CMDB, identity, and operational data sources to accelerate remediation.
- Autonomous Alert Investigation for MSSPs: MSSP-focused offering that supports multi-tenant operations with isolated investigations, customer-specific business context and enrichment settings, automated reporting, and API-based deployment across common security tools.
- Intelligent Solutions for Enterprise: Enterprise-focused offering for SOC teams that automates end-to-end investigations, enriches every alert for faster remediation, keeps analysts in the loop, and works inside existing SOC environments.
- Qevlar Incidents: AI correlation capability introduced in June 2026 that groups related malicious alerts from any supported source into a single prioritized incident with contextual severity scoring and a continuously updated attack narrative.
Target Customers
Qevlar AI targets security operations teams that need to investigate high alert volumes without proportionally expanding headcount. Its enterprise positioning centers on SOC teams that want faster investigations, lower alert fatigue, improved consistency, and analyst-visible reasoning inside existing tooling.
Qevlar AI also targets MSSPs and MDR providers that need to scale investigations across multiple customers. Its MSSP messaging emphasizes multi-tenant operations, client-specific context, faster onboarding through APIs, and better service economics, while external partner messaging shows fit for managed security customers in regulated and large-enterprise environments.
Cloud Integrations and Marketplace
- Microsoft Azure: Qevlar AI’s integrations page lists Microsoft Azure as a cloud integration and also shows Microsoft Sentinel among supported integrations.
- AWS: Qevlar AI’s integrations page lists AWS CloudTrail and AWS GuardDuty as supported integrations for cloud and related telemetry.
- Google Cloud: Qevlar AI’s integrations page lists Google Cloud and Google SecOps among its cloud integrations.
Key People
- Ahmed Achchak: Co-Founder and CEO
- Hamza Sayah: Co-Founder and CTO
- Fraser Whitfield: Head of Product
- Corentin Le Reun: VP Americas
- Sebastien Mouhieddine: Head of Enterprise Sales
Key Facts
- Headquarters: Paris, Île-de-France, France
- Employees: 60-70 employees
- Annual Revenue: $4M-$5M
- Parent Company: None
- Subsidiaries: None
- Publicly Listed: Not publicly listed
Analyst Recognitions
- Gartner: 2025 Emerging Tech Impact Radar: Global Attack Surface Grid – Sample Vendor in Agentic Remediation.
