IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Cinematic soc dark room threat path monitors blue red glow
#
Firewalls
#
Data Analytics
#
SIEM

Dropzone unveils AI Threat Hunter for 24/7 SOC hunts

Thu, 19th Mar 2026
Author image
By Shannon Williams, News Editor

Dropzone AI has introduced AI Threat Hunter, an autonomous agent for continuous threat hunting across security and IT environments. General availability is scheduled for Summer 2026.

The product is positioned as a way for security operations teams to run regular hunts across multiple data sources without dedicating specialist staff. Threat hunting often competes with day-to-day alert handling and incident response in security operations centres.

According to Dropzone AI, a single cross-tool hunt can take up to 40 hours when done manually. AI Threat Hunter runs what the company calls federated hunts in 60 to 90 minutes and then generates a report. Dropzone AI says the output is auditable and records the steps taken during the process.

Cross-tool searches

AI Threat Hunter connects to systems that typically sit in different parts of the security stack, including SIEM platforms, endpoint detection and response tools, cloud environments, and identity systems. It is designed for 1-click hunts: users can select from a library of pre-built hunts or describe a custom objective, which the system turns into a hunt plan.

It then queries connected tools and analyses telemetry across the environment. Dropzone AI says it can process "hundreds of thousands of rows" of data during a run. The company also says the system applies iterative filtering and documents each filter step and its reasoning.

In one example, a hunt reduced 464,000 events to nine investigated findings. Dropzone AI says the agent records evidence sources and conclusions as it works through suspicious activity across connected tools, such as identity providers and IP reputation services. Findings are classified as urgent, notable, or informational.

Hunt packs

Dropzone AI says AI Threat Hunter ships with more than 250 pre-built "hunt packs" mapped to the MITRE ATT&CK framework, plus additional packs covering cloud, identity, endpoint, and user behaviour anomalies.

The company highlighted examples such as OAuth consent grant abuse, unauthorised remote monitoring and management tools, and "legacy MFA gaps" used as security signals. It also says the hunts surface visibility gaps, detection opportunities, misconfigurations, and policy violations even when no active threats are found.

Vendor-agnostic design

Dropzone AI is pitching the agent as vendor-agnostic. According to the company, hunt definitions are written once and can run across tools including Microsoft Sentinel, Splunk ES, and CrowdStrike, as well as other connected platforms, without rewriting queries.

The approach targets organisations that use multiple security vendors and have separate teams managing them, as well as smaller teams that may not have dedicated threat hunters or run proactive hunts regularly.

"For too long, proactive threat hunting has been limited by manual workflows, fragmented tools, and the cost of doing it even once a day," said Edward Wu, founder and CEO of Dropzone AI.

"24/7 threat hunting has simply not been realistic for 99% of organizations. Today, LLM-powered software can replicate expert hunting intuition and techniques at scale, allowing our AI Threat Hunter to bring continuous, autonomous expert-level hunting within reach without adding headcount. This is another important step toward the Agentic SOC and for the vast majority of organizations that could never staff a dedicated threat hunter, it makes continuous hunting possible for the first time."

Agent collaboration

AI Threat Hunter sits alongside other Dropzone AI agents, according to the company. In one workflow, an AI Threat Intel Analyst identifies an emerging threat-such as a newly disclosed vulnerability or a developing campaign-then generates a hunt pack and passes it to AI Threat Hunter.

Dropzone AI says this produces a hunt report before analysts start work the next day. The company adds that each hypothesis, query, filtering step, and finding is logged for review, giving security teams visibility into how the system reached its conclusions.

Indiana Farm Bureau Insurance described the shift in time required for hunting. "Dropzone's AI Threat Hunter performs federated hunts in 1 hour that would take humans up to 40 hours," said Andrew Marsh, director of information security. "Now we can hunt continuously across our environment without pulling analysts away from other priorities."

Dropzone AI recently partnered with Leidos to deploy its AI SOC analysts within US federal security operations centres. The company also plans to demonstrate AI Threat Hunter at the 2026 RSA Conference as it moves toward its Summer 2026 general availability target.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment