|
By Daniel Ballmer
Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.
|
By Daniel Ballmer
Some of the security industry is still cautiously evaluating its relationship with AI. They are weighing questions, sitting with uncertainty, and waiting for something to ease their concerns about trusting AI in production. This post isn't for that group. This is for AI tool developers already in motion. The ones who vibe-coded a log parser over a weekend, spun up local inference on dedicated hardware, or ran cross-model research pipelines across multiple data sources.
|
By Daniel Ballmer
AI tools are moving faster than the security controls meant to govern them.In this episode of Defender Fridays, Cisco's Cybersecurity Technical Solutions Architect Katherine McNamara walks through changes in the threat landscape as organizations rush to integrate AI without applying basic security discipline. When Katherine meets with customers to discuss AI security, the conversation almost always starts and ends in the same place: data leakage. Someone might upload sensitive files to a public LLM.
|
By Daniel Ballmer
Most multi-agent security deployments fail in production not because the agents can't act, but because there's no shared context layer between them. When something goes wrong, the audit trail doesn't exist. In LimaCharlie, solving that problem is architectural, and the solution starts with how individual agents are defined.
|
By Daniel Ballmer
Anyone who's stood up a SIEM from scratch knows the feeling: weeks of infrastructure work, integration headaches, and a services team alongside for the whole process. That experience shaped how people think about adopting anything new in security ops. The instinct is to treat AI the same way: budget for it, plan for it, bring in specialists. This instinct is costing teams real time. Traditional infrastructure takes great effort to stand up. Infrastructure-as-code happens in seconds.
|
By Daniel Ballmer
Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.
|
By Daniel Ballmer
Most current demonstrations of AI in security operations are lackluster. You ask a chat interface a question, get a summary, and maybe a suggested next step. The operator still does all the work, at human speed. Meanwhile, adversaries are already deploying AI offensively against their targets. AI in SecOps must ultimately be an operator. Otherwise, the gap between adversary and defender will become too wide to bridge. LimaCharlie Co-founder, Christopher Luft, demonstrates a simple way to get started.
|
By Daniel Ballmer
Most AI detection engineering puts a human in the loop at every step. David Burkett envisions an efficient and effective pipeline architecture that does not. David is a security researcher at Corelight Labs and a longtime LimaCharlie community member. He appeared on a recent episode of Defender Fridays to walk through his vision of a fully agentic detection engineering pipeline. His system uses LimaCharlie as its operational backbone.
|
By Daniel Ballmer
Detection engineering is fundamentally a translation problem: rules need to be converted between formats, IOCs need to be converted into detection logic, and noisy alerts need to be converted into precise suppressions. That translation work is what consumes analyst time, and it's what Claude Code handles well.
|
By Daniel Ballmer
A credential access event fired. An AI agent investigated it, correlated it against running processes, assessed the risk, and closed the ticket. No analyst touched it. The entire loop ran in minutes. This is what security operations look like when AI can actually operate in the environment rather than advise from outside it. Security operations have always required a special kind of person.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
|
By LimaCharlie
In this hands-on workshop we will analyze an unknown binary, quickly extract indicators, and determine the binary’s core functionality. We'll give Claude the LCRE (LimaCharlie Reverse Engineering) tool to accelerate analysis and interpretation by identifying configuration details, key behaviors, and any additional indicators useful for rule building. We'll use this information to craft detection rules for this sample.
|
By LimaCharlie
Dr. Adeel Shaikh Muhammad, a cybersecurity strategist and global speaker with over 16 years of experience across information security, networks, and systems. Adeel brings a practical perspective on how organizations can adapt to evolving cyber threats and the growing role of AI in cybersecurity.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
|
By LimaCharlie
Join us for this week's Defender Fridays as Ken Westin, Senior Solutions Engineer at LimaCharlie, shares his AI journey and what the hero's journey framework reveals about how security professionals can move from hesitation to genuine mastery of AI tools. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
|
By LimaCharlie
Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.
|
By LimaCharlie
Join us for this week's Defender Fridays as Katherine McNamara, Cybersecurity Technical Solutions Architect at Cisco, breaks down the expanding attack surface of AI and ML systems and what organizations need to do to secure them before it's too late. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
|
By LimaCharlie
This video walks through how single agents and multi-agent systems are built and run inside the LimaCharlie platform. Agents in LimaCharlie are defined declaratively. Each agent specifies the model it runs, its instructions, the tools it can access, what events trigger it, and the guardrails it operates under. This approach makes agents version controllable, reviewable, and portable across tenants.
|
By LimaCharlie
Users are connecting AI tools without understanding the security implications. In this week's Intel Chat, Chris Luft and Matt Bromiley discuss a security breach at Vercel that originated from a compromised third-party AI tool used by one of its employees. The attacker gained control of the employee's Google Workspace account, which provided access to Vercel's internal environment.
|
By LimaCharlie
This hands-on workshop is designed for security professionals interested in learning how to integrate advanced AI capabilities into their detection and response workflows. Attendees will receive practical, step-by-step instruction on leveraging the power of Claude Code, a sophisticated AI agent, to significantly enhance security operations within the LimaCharlie platform for detection engineering use cases.
- May 2026 (13)
- April 2026 (32)
- March 2026 (18)
- February 2026 (32)
- January 2026 (15)
- December 2025 (13)
- November 2025 (13)
- October 2025 (15)
- September 2025 (17)
- August 2025 (20)
- July 2025 (11)
- June 2025 (11)
- May 2025 (17)
- April 2025 (14)
- March 2025 (18)
- February 2025 (15)
- January 2025 (14)
- December 2024 (8)
- November 2024 (11)
- October 2024 (8)
- September 2024 (14)
- August 2024 (9)
- July 2024 (9)
- June 2024 (11)
- May 2024 (11)
- April 2024 (12)
- March 2024 (9)
- February 2024 (14)
- January 2024 (3)
- November 2023 (3)
- October 2023 (4)
- September 2023 (2)
- August 2023 (6)
- July 2023 (4)
- June 2023 (2)
- May 2023 (5)
- April 2023 (9)
- March 2023 (7)
- February 2023 (7)
- January 2023 (7)
- December 2022 (6)
- November 2022 (6)
- October 2022 (9)
- September 2022 (6)
- August 2022 (6)
- July 2022 (4)
- June 2022 (6)
- May 2022 (4)
- April 2022 (3)
- March 2022 (6)
- February 2022 (3)
- January 2022 (3)
- December 2021 (5)
- November 2021 (6)
- October 2021 (3)
- September 2021 (4)
- August 2021 (9)
LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility into your coverage, build what you want, control your data, get the security capabilities you need, for however long you need them, and pay only for what you use.
LimaCharlie Sensors enable organizations to collect relevant security telemetry, logs and artifacts in real-time from any source and process that data at wire speed using a universal detection, response and automation engine. Use signature based detections, your favourite threat feed or subscribe to curated detection rules.
An engineering approach to cybersecurity:
- Endpoint detection & response: Respond to threats at wire speed and create powerful automations. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors.
- Software-defined networking: Secure and monitor network access to your endpoints by providing advanced instrumented Zero Trust VPN access. LimaCharlie’s Secure Access Service Edge (SASE) makes secure remote networking easy and affordable.
- Windows Event Log monitoring: Gain the ability to capture and analyze Windows Event Logs (WEL) in real-time. Ingested WEL are indexed along common indicators of compromise and run through the Detection & Response engine.
- File & registry integrity monitoring: LimaCharlie's File & Registry Integrity Monitoring capability allows you to monitor specific file path patterns and registry patterns for changes.
- Monitoring cloud deployments: Secure your cloud using LimaCharlie’s advanced Sensor technology. Run in a VM, Docker, or as a privileged container in Kubernetes. Optimize your costs with fine-grained event collection control, autoscaling and automated sensor culling.
- YARA scanning at scale: Various YARA scanning methods are available. Run a scan on any given endpoint or continuously across the entire fleet in a way that does not impact performance. Pull YARA signatures from Github repositories and other sources, both private and public.
- Cutting edge detections: Leverage the work of best-in-class professionals with an unparalleled cost efficiency. Subscribe to threat feeds and curated detection rules. Easily write your own custom rules and apply them instantly to your entire fleet.
- Log and artifact monitoring: Ingest logs, or any file type, from any source and run them through the detection, automation and response engine. One year of full telemetry storage included - not just detections or select entries, but all endpoint, network, and external logs telemetry.
Detect and respond on everything.