NEW YORK, June 18, 2026 (GLOBE NEWSWIRE) -- Intezer, the AI SOC platform for enterprise powered by ForensicAI™, today announced a completely revamped Model Context Protocol (MCP) server, enabling organizations to effectively and efficiently adopt frontier AI agents into their security operations and put Claude, Codex, and Cursor to work, accelerating any SOC task by 10x.
As AI agents including Anthropic Claude and OpenAI Codex are deployed across enterprise security operations, security leaders are asking where exactly these agents fit, and what does the stack need to look like for them to deliver real value?
Plugging AI agents directly into detection tools does not produce consistent, reliable and scalable outcomes. Building custom agent pipelines from scratch is expensive, unreliable at scale, and still leaves the coverage gaps that matter most. Intezer now provides the answer: a proven operating layer that gives AI agents everything they need to work effectively in the SOC from day one.
"An AI platform does its best work standing on a real foundation of security knowledge, not on a dozen raw feeds it has to assemble itself,” said Itai Tevet, CEO and co-founder of Intezer. “This release gives Claude and Codex that foundation with all your cases, your workflows, your triage logic, your institutional memory. AI executes. Humans supervise. And now the supervising got a lot faster too,"
Intezer’s framework for AI adoption in the SOC includes:
- Detection (sensor) layer: EDR, NDR, SIEM, identity, cloud security, and email security platforms, each alerting on their specific attack surface.
- Operations layer: Intezer AI SOC ingests every alert from every source, applies forensic-grade investigation, and produces a verdict at 98% accuracy in under two minutes. Less than 2% of alerts are escalated to human review. Intezer is the SOC operating layer and system of record: every alert investigated, every verdict stored, every case documented, every detection rule tuned, and every piece of organizational security context accumulated in-house and available to any agent that connects.
- Agentic interaction layer: Anthropic Claude, OpenAI Codex, Cursor, and other AI agents connect to Intezer via MCP and execute custom response actions, grounded in the forensic evidence Intezer already assembled.
This is what effective AI agent adoption in the SOC looks like. Agents that leverage a deep forensic knowledge base, picking up cases with investigations already run and verdicts already backed by evidence, rather than trying to assemble a picture from raw signals alone.
The Intezer MCP server is available now to all customers. Read more about how Intezer enables the adoption of frontier AI models at the SOC in our blog. Organizations not yet using Intezer can see these capabilities by signing for a demo at intezer.com/get-a-demo/.
ABOUT INTEZER
Intezer AI SOC delivers 24/7, forensic-grade cyber alert triage across 100% of alerts, with less than 2% escalated for human review, dramatically accelerating incident response. Powered by ForensicAI™, Intezer specializes in deep forensic investigation to deliver unmatched accuracy and speed, significantly reducing cyber risk and enabling security teams to operate effectively without reliance on outsourced services. Intezer is trusted by global enterprises including NVIDIA, MGM Resorts, Equifax, Salesforce, and Ferguson. Learn more at www.intezer.com.
MEDIA CONTACT
Jennifer Tanner
Look Left Marketing
intezer@lookleftmarketing.com
—
Frequently asked questions:
Question: Why Is it Important that Enterprises Own The Alert Investigation Layer
Enterprises that outsource alert investigation to a managed detection and response (MDR) provider do not own the detection rules, case history, triage logic, or organizational context that accumulate from that investigation. Those assets live inside the MDR vendor's platform. When an enterprise attempts to deploy AI agents in its security operations, it is building on a foundation it does not own and so the agent has no accumulated verdicts, no tuned detection rules, no institutional memory to reason from.
Enterprises that run AI SOC in-house with Intezer own that foundation. Every alert investigated, every case resolved, and every tuning rule written accumulates inside the organization's own instance. When an AI agent connects via MCP, it inherits months or years of that organization's forensic history. The decision to bring investigation in-house is therefore not only a security operations decision. It is the prerequisite for any effective Agentic SOC strategy.
Question: Why Do Security Operations Need Both Autonomous AI and AI Assistants?
Security operations involve two types of work with fundamentally different requirements.
The first is autonomous triage: investigating 100 percent of alerts, 24 hours a day, seven days a week, regardless of severity. This work cannot be prompt-initiated and must run at machine speed across hundreds to thousands of daily alerts. Intezer AI SOC handles this autonomously. Less than 2 percent of alerts are escalated to human review after forensic investigation.
The second is high-judgment supervision: deciding what to do with an escalation, writing the incident report, tuning the autonomous layer, hunting a threat surfaced in an industry briefing. For this work, security professionals want acceleration, not replacement. This is where frontier AI platforms such as Claude or Codex deliver their greatest value, and where this release changes what is possible. The autonomous half absorbs the scale. The assistive half carries the judgment. Every decision made in the AI workspace feeds back as logic that makes the autonomous half smarter. The system compounds.
Question: What Can AI Platforms Do When Connected to Intezer?
A few examples include:
- Investigate and close escalated cases. "Pick up the oldest escalated open case and let's investigate it together." The workspace inherits the full investigation Intezer already ran such as forensic analysis, SIEM and EDR queries, and verdicts already reached. For an impossible-travel alert, it cross-references login history, calendar, and Slack to reach a conclusion in seconds rather than a follow-up ticket.
- Make autonomous triage smarter. "We keep getting this exact false positive. Write a tuning rule so it never escalates again, then retriage the case." The AI workspace drafts a narrowly scoped rule, tests it against the real alert object, and pushes it to Intezer for approval. Every rule written reduces escalations the following month.
- Convert investigations to incident reports in one prompt. "Write an incident report for the latest case with the timeline, affected assets, and an executive summary I can send to the CISO, using our corporate brand styleguide." The AI workspace rebuilds the timeline from forensic evidence already in Intezer and generates the report ready to send to the Chief Information Security Officer (CISO).
- Hunt threats starting from a lead, not an alert. "Here's a writeup of a new campaign. Check whether any of these indicators appear in our environment." The AI workspace extracts indicators and techniques, sweeps the environment through Intezer's SIEM and EDR query tools, and returns matching assets and artifacts for analysis.
Question: Why Do AI Agents Fall Short When They Connect Directly to Detection Tools?
It is possible to wire an AI platform directly into individual security tools, most of which now ship their own MCP server. Two factors make this a worse architecture than it appears. First, the integration and correlation work falls to the enterprise: stitching together a dozen connectors, managing each product's query syntax, and receiving disconnected results that still require correlation into a coherent picture. Second, raw tool access is not an investigation. Even with every SIEM, EDR, and threat intelligence feed connected, an AI model can read the data but cannot collect evidence from an endpoint, run memory forensics, or weigh conflicting signals into a verdict it will stand behind.
There is also a coverage problem. According to Intezer's AI SOC Report, based on analysis of more than 25 million alerts, 54 real threats are missed per enterprise per year because they hide in low-severity or informational alerts that are never investigated. Organizations attempting to triage and investigate alerts using custom AI agents face the same problem. The high token cost and inability to scale agents across full alert volume means teams focus on a subset of alerts, skipping low-severity or informational events entirely and recreating the exact coverage gap the AI was meant to close.
Intezer handles both problems. One connector delivers normalized cases with verdicts backed by real forensic evidence and cross-tool correlation already complete, across 100% of alerts regardless of severity.
