- InvestigationsInvestigating Browser Backdoors and Access Broker Tooling with Command Zero
Most EDR solutions have shallow visibility inside browser process space creating investigative blind spots.
May 2026 · 18 min readRead → - AI SOCBy the Time Your Analyst Opens the Ticket, the Investigation Should Already Be There
The average SOC runs investigation after triage creating a gap where incidents expand. Fixing that gap requires making investigation intelligence portable.
May 2026 · 4 min readRead → - InvestigationsWelcome to the Casebook
An autonomous analyst opens his case files. Every question, every dead end, every moment a clean theory fell apart. No vendor gloss, no marketing victory laps. Just the work.
May 2026 · 4 min readRead → - NewsThe Command Zero API and MCP Server Are Live
Command Zero today released a broad set of API endpoints and a Model Context Protocol (MCP) server for its Autonomous & AI-Assisted SOC platform.
April 2026 · 4 min readRead → - AIThe Recomposition of Security Work: Roles, Expertise, and the Agentic SOC
A common theme across the majority of conversations I've been having recently is that of what happens to the security practitioners role and whether or not some jobs will survive AI.
April 2026 · 3 min readRead → - SOCThe AI SOC Prototype Trap: Why 95% of Custom Implementations Fail
The Build vs. Buy Calculation
March 2026 · 5 min readRead → - AIThe Backwards Promise of Agentic AI for Alert Fatigue
The Volume Isn’t the Problem—The Noise Is
February 2026 · 7 min readRead → - SOCYour SOC Is Still Fighting Like a Roman Legion — And That’s the Problem
By the Time a Case Reaches Tier 3, It’s Already a Mess
February 2026 · 7 min readRead → - InvestigationsThe Hidden Cost of DIY Security Investigation Agents: Why Token Efficiency Determines Success
Many security teams are tempted to build in-house AI investigation agents using accessible LLMs and frameworks. However, these DIY projects often hit a wall at production scale due to immense token co
February 2026 · 9 min readRead → - Beyond the APT Chase: Why You May Be Hunting the Wrong Things (And How to Fix It)
There is a critical visibility gap where operational anomalies go unnoticed because teams cannot distinguish signal from noise. The piece positions Command Zero’s "Business Context" and "Table Filters
February 2026 · 11 min readRead → - Beyond the Bouncer: Why the Autonomous SOC Must Complete Complex Investigations
Most AI SOC tools function like nightclub bouncers—checking credentials and filtering alerts rather than conducting genuine investigations. This "Bouncer Fallacy" creates quieter SOCs but not necessar
January 2026 · 6 min readRead → - SOCThe "Tierless" SOC: What Happens When Junior Analysts Disappear?
Building Curiosity and Investigation Culture, Not Just Skills
January 2026 · 10 min readRead → - 2026 SOC Resolution: Stop Machine Speak. Level up Investigations with Natural Language
SOC analysts waste critical time translating investigations into complex query languages like SPL, KQL, and SQL instead of hunting threats. Natural language investigation platforms eliminate this cogn
January 2026 · 6 min readRead → - SOCThe 51-Second Problem: Why SOCs Can't Keep Pace with Machine-Speed Adversaries
Fifty-one seconds. That's the timeline your SOC is competing against. The question is whether your investigation architecture is designed to compete at all.
December 2025 · 10 min readRead → - NewsWhen Brute Force Still Works: The 80 Billion Credential Problem Nobody's Talking About
The Numbers That Should Keep You Up at Night
November 2025 · 13 min readRead → - ResearchThe L1 SOC Analyst Crisis: Reddit Thread Reveals What's Really Breaking Security Operations
A recent Reddit thread from a drowning L1 SOC analyst exposes the systemic crisis breaking modern security operations. Facing thousands of daily alerts with 90%+ false positives, the analyst's plea: "
November 2025 · 19 min readRead → - ThreatShadow Identities: The Common Attack Target You Can't See
How Command Zero addresses shadow identities
October 2025 · 7 min readRead → - Microsoft Teams Becomes the New Vishing Battleground
Microsoft Teams has recently emerged as a critical attack vector for sophisticated ransomware campaigns, with threat actors weaponizing enterprise communication platforms through coordinated vishing o
September 2025 · 5 min readRead → - Beyond Replacement: How AI Creates Super Analysts
After three years of AI implementations in security operations, the evidence is clear: artificial intelligence transforms SOC analysts into "super analysts" rather than replacing them. While AI excels
July 2025 · 5 min readRead → - Reality Check: Hype vs What Actually Works in AI for SOC
The AI revolution in security operations is here, but marketing promises far exceed current reality. After three decades building security software, the ground truth is clear: AI's value lies in augme
June 2025 · 5 min readRead → - Command Zero Named Top 10 Finalist for RSAC 2025 Innovation Sandbox: A Milestone in Our Mission to Transform Security Operations
Command Zero has been named one of the Top 10 Finalists for the prestigious RSAC 2025 Innovation Sandbox contest. This recognition represents a significant milestone in our journey to revolutionize Se
April 2025 · 4 min readRead → - InvestigationsInvestigate password spray attacks with accuracy and speed
What makes password spray attacks still dangerous in 2026?
January 2025 · 7 min readRead → - InvestigationsRevolutionizing cybersecurity investigations with expert questions and AI
How a question-based investigation compares with alternative methods
January 2025 · 10 min readRead →
See what your team can achieve.
Live in under an hour. No migration. No friction.
Book a Demo