Key Takeaways
- DeepTempo unveiled the Intelligent Defense Platform, a system‑level solution that adds an AI‑driven intelligence layer to existing SIEM, SOAR, and AI‑SOC investments.
- The platform builds on the LogLM foundation model, which now ingests a wide range of telemetry (network flow, firewall, DNS, WAF, cloud, OT, agentic AI logs) and delivers <1% false‑positive and <1% false‑negative rates without retraining.
- Its pluggable architecture lets organizations integrate their own AI models (OpenAI, Gemini, Claude, on‑prem reasoning) or use Vigil, the open‑source AI SOC, while avoiding vendor lock‑in.
- Continuous validation monitors the efficacy of rule‑based, ML‑based, and LogLM detections, providing visibility into performance, cost, and projected workflow improvements.
- Edge‑appropriate, distilled versions of LogLM enable critical‑infrastructure and fly‑away‑kit deployments, extending machine‑speed threat detection to the farthest reaches of the network.
- By closing the detection‑to‑response loop, the platform reduces MTTD and MTTR, controls spending on human and AI intelligence, and supports continual improvement of security operations.
Overview of the Intelligent Defense Platform Launch
DeepTempo announced its Intelligent Defense Platform, marking the company’s evolution from a provider of the LogLM foundation model to a full‑stack cyber defense system. The platform is designed to deliver machine‑speed intelligence to enterprises, managed security service providers (MSSPs), service providers, and critical‑infrastructure operators. Rather than replacing existing security tools, it augments SIEMs, SOARs, and AI‑SOCs by inserting an intelligent layer that unifies detection quality across all telemetry sources. The announcement follows the April 2026 release of Vigil, an open‑source AI SOC built on an LLM‑native architecture, underscoring DeepTempo’s commitment to transparent, extensible security operations.
The Rise of AI‑Powered Attackers and the Gap in Traditional Defenses
Attackers are increasingly harnessing AI to craft and execute campaigns that outpace human‑centric security processes. Recent data show that 67.2% of exploited CVEs in 2026 were zero‑day vulnerabilities, and 82% of detections in 2025 involved no malware, indicating that adversaries rely on stealthy, behavior‑based techniques. Traditional rule‑based and even many ML‑based detectors struggle to keep up because they rely on static signatures or require frequent, costly retraining. This widening gap leaves security teams overwhelmed, with mean time to detect (MTTD) and mean time to respond (MTTR) lagging behind the seconds‑scale breakout times seen in modern intrusions.
How the Intelligent Defense Platform Augments Existing Security Stacks
The platform functions as an intelligence layer that sits atop an organization’s current telemetry pipeline. By ingesting logs from diverse sources—such as Cribl‑processed streams, Snowflake data lakes, Splunk SIEMs, and agentic AI systems—it enriches existing data with deep‑learning insights without forcing a rip‑and‑replace of legacy investments. The LogLM model, pretrained on billions of log events, performs roughly 279 billion calculations per sequence, uncovering subtle, compound behavioral patterns that human‑authored rules cannot anticipate. This approach allows security teams to preserve prior investments while gaining a far more nuanced view of malicious activity.
Pluggable Architecture: Flexibility and Vendor Neutrality
A core tenet of the Intelligent Defense Platform is its pluggable architecture. DeepTempo has partnered with Cribl, Snowflake, and other data‑layer providers, ensuring seamless ingestion regardless of the underlying storage or streaming technology. At the analytics layer, the platform works with Splunk, QRadar, and other SIEMs, as well as agentic solutions within the SOC. Users can attach their own AI models—enterprise licenses for OpenAI, Gemini, Claude, or on‑premises reasoning engines—as “skills” that plug into the framework. This design eliminates vendor lock‑in, lets organizations leverage existing AI expertise, and provides a path to incorporate Vigil or any other AI SOC without rearchitecting the stack.
End‑to‑End Validation and Continuous Monitoring of Detection Efficacy
Beyond generating detections, the platform continuously evaluates the performance of all detection mechanisms—rule‑based, traditional ML, and LogLM‑based—across the entire telemetry corpus. It produces metrics on false‑positive and false‑negative rates, estimates the operational cost of each detection workflow, and projects future efficacy based on evolving threat trends. This validation loop gives security operators a clear, data‑driven view of where investments are paying off and where adjustments are needed, enabling informed tuning of rules, model thresholds, and resource allocation without guesswork.
Expanded Telemetry Ingestion and Superior Accuracy of the LogLM
Recent enhancements to LogLM broaden its ingestion scope to include network flow logs, firewall alerts, DNS queries, WAF events, cloud performance metrics, common OT data, and agentic AI logs. In several production deployments, the model achieved less than 1% false positives and less than 1% false negatives without any adaptation or retraining, a dramatic improvement over legacy anomaly‑detection systems that often suffer from drift and high maintenance overhead. By focusing on precise behavioral signatures rather than noisy statistical outliers, the LogLM reduces alert fatigue and allows analysts to concentrate on genuine threats.
Edge‑Appropriate Deployment for Critical Infrastructure and Distributed Environments
Recognizing that many critical‑infrastructure assets operate in constrained or disconnected environments, DeepTempo distilled versions of LogLM that run on modest hardware, such as edge gateways or fly‑away kits. These lightweight instances retain the core ability to detect novel, rapidly evolving attacks while consuming minimal compute and power. Consequently, organizations can extend machine‑speed threat detection to substations, pipelines, manufacturing lines, and remote field sites, ensuring uniform protection across the entire enterprise perimeter.
Integration with Vigil and Other AI‑SOC Workflows
The Intelligent Defense Platform is engineered to work hand‑in‑hand with Vigil, the open‑source AI SOC launched earlier in 2026. Vigil’s LLM‑native architecture consumes the enriched telemetry and LogLM insights to automate triage, enrich alerts with contextual reasoning, and suggest or execute response playbooks. Because the platform exposes detection efficacy and cost data, Vigil can continuously learn which actions yield the best MTTD/MTTR improvements, creating a feedback loop that refines both detection and response over time. Organizations that prefer alternative AI SOCs can plug those in via the same skill‑based interface, preserving flexibility.
Operational Benefits: Faster MTTD/MTTR, Cost Control, and Continuous Improvement
By unifying telemetry, providing real‑time behavioral intelligence, and validating detection performance, the platform delivers measurable operational gains. Enterprises report reductions in MTTD and MTTR as the system highlights malicious behavior earlier in the attack chain, allowing quicker containment. The built‑in cost‑modeling capability helps security leaders allocate budgets more efficiently, avoiding over‑investment in low‑yield tools while investing in high‑impact AI‑driven detection. Moreover, the continuous improvement loop ensures that defenses evolve alongside attacker tactics, keeping the security posture resilient against the accelerating pace of AI‑enabled threats.
Evidence from Recent CVE and Malware‑Free Intrusion Statistics
The urgency of DeepTempo’s offering is reinforced by recent threat landscape statistics. In 2026, 67.2% of exploited CVEs were zero‑days, indicating that traditional patch‑centric defenses are insufficient. Simultaneously, 82% of detections in 2025 involved no malware, underscoring a shift toward credential abuse, lateral movement, and living‑off‑the‑land techniques that evade signature‑based tools. These trends illustrate why a behavior‑focused, AI‑driven approach—capable of spotting subtle anomalies across diverse telemetry streams—is essential for modern security operations.
Leadership Perspective and Vision for Machine‑Speed Intelligence
Evan Powell, CEO and Founder of DeepTempo, emphasized that the platform was built to augment, not replace, existing security investments: “When 82% of intrusions arrive without malware and breakout times are measured in seconds, you need a system to decide what actions to take and to capture end‑to‑end performance for continuous improvement. We built the Intelligent Defense Platform to augment what organizations already have, making every detection and workflow measurably better.” This vision reflects a broader industry shift toward machine‑speed intelligence, where deep learning models work in tandem with human analysts to deliver faster, more accurate, and cost‑effective defense against today’s intelligent adversaries.