AI-Native SOC Reasoning That Computes the Truth Before It Reasons
AegisGraph builds a deterministic Graph Truth Statement - reachability and privilege facts - before any language model runs. Only then does the LLM narrate, and it may cite graph facts only. It extends classic toxic-combination attack paths into the AI domain: agents, MCP tools, OAuth grants, and non-human identities.
Illustrative product view
Graph-at-Ingest: the deterministic layer before the LLM
Most “AI SOC” tools hand the alert to a model and hope the narrative is right. AegisGraph inverts that. It computes the facts first - deterministically, with no model in the loop - and only lets the LLM speak over facts it is not allowed to invent. That order is the whole point: the analysis is reproducible and auditable, not a plausible-sounding guess.
How a finding is produced
- 1
Ingest
Assets, identities, OAuth grants, MCP tools and non-human identities land as typed nodes and edges in the graph.
- 2
Graph Truth Statement
A deterministic pass computes reachability and privilege facts - no LLM - and anchors them as evidence.
- 3
Reason
Only then does the language model narrate and prioritize, and it may cite Graph Truth facts only.
- 4
Simulate
Response playbooks run in simulation to show what containment would do; nothing executes against a live system.
Toxic-combination attack paths, extended to the AI domain
Exposure-management tools trace toxic combinations across cloud infrastructure. AegisGraph carries the same idea into the systems that now hold the keys - the AI agents, the tools they call, and the identities they run as.
| Domain | Toxic combination it traces |
|---|---|
| AI agents | An over-scoped agent identity that can reach a production secret through a chained tool call |
| MCP | A registered MCP tool whose OAuth grant widens blast radius beyond its stated purpose |
| OAuth | A dormant third-party grant that still holds write scope on a sensitive resource |
| NHI | A non-human identity with standing credentials, no owner, and no rotation |
Simulation-only SOAR, deterministic-first analysis
- Containment playbooks - isolate identity, revoke grant, quarantine tool - run as simulations with a predicted before/after
- Every finding links back to the exact graph facts that produced it, so an analyst can check the work
- Deterministic-first means two runs on the same graph return the same answer - a property auditors ask for
- The LLM adds narrative and prioritization on top of facts it may not fabricate
Frequently asked questions
What is a Graph Truth Statement?
A deterministic set of reachability and privilege facts computed from the security graph before any language model runs. It is the ground truth the LLM is then restricted to citing, which is what makes AegisGraph’s analysis reproducible and auditable rather than a model guess.
Is AegisGraph a deployed cloud SOC?
No - it runs on an in-memory mock graph with simulation-only response and no live cloud integrations. It is the reasoning and evidence engine that shows how toxic-combination attack paths form, not a SOC wired into your production environment.
How does it extend attack paths to AI systems?
It models AI agents, MCP tools, OAuth grants and non-human identities as first-class nodes, so it can trace toxic combinations - like an over-scoped agent reaching a production secret through a chained tool call - the same way exposure tools trace cloud attack paths.
Why is deterministic-first a strength, not a limitation?
Because the finding does not depend on a model guessing. The Graph Truth Statement is computed deterministically, the LLM may only narrate over those facts, and the same graph always yields the same result - which is what security and audit teams need to trust a finding.
Does the SOAR take real remediation actions?
No. Response playbooks run in simulation with a predicted before/after; nothing is executed against a live system. It shows what containment would do without the risk of an automated action firing against production.
Keep going
Try the calculator
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
See the security depth, not the slideware
Walk the SOC engine, the governed MCP server, and the control graph live - with the honest caveats on the table, not hidden.
Talk to us