Key Takeaways
- ThreatBook unveiled two new AI‑driven solutions, Flocks and SafeSkill, to strengthen security operations centers (SOCs) across the entire security lifecycle.
- Flocks is an open‑source, agentic AI platform that consolidates alert handling, investigation, remediation, and learning into a single autonomous loop, allowing enterprises to build custom neural networks of self‑evolving security operators.
- SafeSkill provides end‑to‑end protection for AI agent skills, scanning, filtering, and remediating imported skills to defend against skill‑tampering attacks that target information gathering, code generation, and automated communications.
- Both solutions sit atop ThreatBook’s existing threat intelligence mesh and tools (ThreatBook TDP and ATI), adding an agentic AI layer and a dedicated “security for AI” layer to the company’s 360‑degree cyber defense offering.
- Executives emphasize that Flocks eliminates the need for SOC analysts to juggle multiple tools and screens, while SafeSkill curates a growing hub of over 100,000 verified skills to fortify the AI supply chain.
- The launches reflect ThreatBook’s repositioning as the leading agentic security company, aiming to deliver holistic, AI‑native defense for cloud, network, endpoint, and perimeter environments.
Overview of ThreatBook’s Agentic Security Vision
ThreatBook announced a company‑wide brand relaunch that positions it as the premier agentic security provider. The relaunch introduces a suite of AI‑powered applications and tools designed to cover every stage of the security lifecycle—from detection and triage to remediation and hardening. By integrating advanced artificial intelligence with deep threat intelligence, ThreatBook seeks to give enterprises a unified, 360‑degree cyber defense capable of protecting cloud workloads, networks, endpoints, and perimeters with precision and automation.
The Problem Flocks Addresses in Modern SOCs
Today’s security operations centers struggle with alert backlogs, prolonged investigations, staffing shortages, fragmented context, and the operational overhead of stitching together disparate tools. Analysts frequently switch between multiple screens and workstations, creating inefficiencies and security gaps. These challenges hinder timely threat response and increase the risk of missed incidents, prompting ThreatBook to develop a solution that consolidates workflows into a single, intelligent loop.
Flocks: An AI‑Native, Agentic Security Platform
Flocks is described as “AI for security.” It brings together long‑running agent sessions, a tool system, a workflow engine, specialist agents, skills, memory, task scheduling, multi‑entry access, and platform governance into one operational loop. The platform understands a given task, invokes the appropriate capabilities, executes actions, and accumulates experience over time. Crucially, Flocks is open source, enabling enterprises to construct their own neural network of self‑evolving, autonomous security operators that can be extended with custom specialist agents tailored to specific SOC roles.
How Flocks Transforms SOC Operations
By replacing the fragmented, multi‑tool paradigm with a single, easily manageable, unified threat intelligence solution, Flocks allows agents to comprehend numerous tasks simultaneously while organizing capabilities proactively. Work performed within Flocks becomes reusable organizational assets, effectively turning the SOC into a learning system. Security teams train Flocks through natural language, and the platform runs on the customer’s chosen large language models (LLMs), including sovereign deployments, while storing zero customer data. In essence, Flocks functions as a security‑trained, agentic Tier‑1 analyst that operates continuously inside the enterprise environment.
The Emerging Threat: Skill Tampering and AI Agent Risks
As organizations increasingly adopt AI‑driven automation, attackers have begun targeting the skills that power these AI agents. Skill tampering involves malicious modification of AI agent capabilities used for information gathering, code writing, sending automated emails, and similar tasks. Such attacks can lead to identity hijacking, API secret theft, backdoor implantation, and other nefarious outcomes. This new threat vector highlights the acute vulnerability of AI agent skills and underscores the need for dedicated protection mechanisms.
SafeSkill: Security for AI Agent Skills
Complementing Flocks, ThreatBook launched SafeSkill—a one‑stop platform designed to secure AI agent skills throughout their lifecycle. SafeSkill performs pre‑import inspection, marketplace filtering, download scanning, and inventory remediation, providing end‑to‑end protection against skill‑tampering threats. The solution ensures that every AI agent skill imported into an enterprise is vetted, trusted, and free from malicious alterations, thereby safeguarding the AI supply chain.
SafeSkill’s Skill Hub and Ongoing Threat Intelligence
SafeSkill’s curated Skill Hub already houses over 100,000 verified, whitelisted skills, and the platform continuously expands this repository while scanning for hidden threats. By leveraging ThreatBook’s deep threat intelligence mesh, SafeSkill can identify emerging vulnerabilities in AI skills and provide timely remediation guidance. This proactive approach helps organizations bolster their defenses against the evolving tactics of adversaries who seek to weaponize AI agent capabilities.
Integrating Flocks and SafeSkill into ThreatBook’s Existing Portfolio
Both new solutions build upon ThreatBook’s foundational offerings, which include traditional AI and machine learning models supported by a threat intelligence mesh, as well as tools like ThreatBook TDP (Threat Detection Platform) and ThreatBook ATI (Advanced Threat Intelligence). Flocks adds an agentic AI layer that automates and orchestrates SecOps processes, while SafeSkill introduces a dedicated “security for AI” layer. Together, they create a comprehensive defense stack that addresses both conventional threats and the novel risks posed by AI‑driven automation.
Executive Perspectives on the New Offerings
Chase LI, Co‑founder and Managing Director for International Business at ThreatBook, noted that SOC analysts are often overwhelmed by the need to juggle numerous tools and screens, leading to inefficiencies and security gaps. He emphasized that Flocks replaces this fragmented workflow with a single, open‑source platform that enables agents to handle multiple tasks proactively and turn their work into reusable assets. Feng XUE, Co‑founder and Chief Executive Officer, highlighted the rising prevalence of skill tampering attacks and stressed that SafeSkill’s growing hub of verified skills is essential for shielding AI agent capabilities. He affirmed that Flocks and SafeSkill exemplify ThreatBook’s ability to deliver precise, easy‑to‑use detection and response backed by deep threat intelligence across AI security, governance, and broader security services.
Conclusion: A Holistic, AI‑Powered Defense Strategy
ThreatBook’s launch of Flocks and SafeSkill marks a significant evolution in its security portfolio, delivering an agentic AI layer for automated SecOps and a specialized security layer for AI agent skills. By unifying threat intelligence, autonomous agents, and rigorous skill validation, the company provides enterprises with a cohesive, 360‑degree cyber defense capable of protecting modern hybrid environments. The open‑source nature of Flocks encourages customization and community‑driven innovation, while SafeSkill’s extensive Skill Hub offers immediate, trusted protection against AI supply chain threats. Together, these solutions empower security teams to operate more efficiently, reduce alert fatigue, and stay ahead of both traditional and emerging cyber threats.
