- ProductBringing investigation intelligence into your existing workflows
SOC managers face a frustrating choice: force analysts to leave their trusted workflows to use a new tool, or let a powerful capability go underutilized.
May 2026 · 2 min readRead → - SOCAccelerate Supply Chain Investigations With Federated Data
A Different Approach: Evidence Before Inference
April 2026 · 4 min readRead → - EventsRSAC 2026: AI SOC Claims Finally Meet Operational Reality
Command Zero spent the week in working sessions with SOC leads and detection engineers. The consistent pressure point was the same: federated, source-agnostic access is the operational requirement.
April 2026 · 3 min readRead → - SOCSan Francisco, We’re Coming for You: Meet Command Zero During RSAC 2026
Other Must-Attend Community Events
March 2026 · 3 min readRead → - SOCThe Blind Spot at the Front Door: Why Identity-Hopping Attackers Are Invisible to Legacy SOCs
The Front Door Is Wide Open. Why Legacy SOC Architecture Can’t Keep Up.
March 2026 · 8 min readRead → - If Your AI SOC Can’t Show Its Work, You’ve Got a Compliance Problem Coming
The era of unregulated "black box" AI in security operations is ending due to new legal frameworks like the EU AI Act. With the EU Act now enforceable law and full compliance for high-risk systems req
February 2026 · 7 min readRead → - InvestigationsThe Federated Truth: Why Data Lakes Are Failing Investigations
The Future of Investigation Architecture
January 2026 · 16 min readRead → - AIThe Black Box SOC AI Agent Problem (And How to Fix It)
Security Operations Centers face a difficult paradox where AI agents offer necessary speed but create unacceptable liability due to their "black box" nature. CISOs remain hesitant to deploy these auto
January 2026 · 13 min readRead → - Investigating Service Principal Attacks with Graph API Activity Logs
Service principal attacks are escalating, with threat actors like Midnight Blizzard and Storm-0501 exploiting non-human identities to compromise enterprise environments. These attacks historically suc
December 2025 · 5 min readRead → - SOCThe AI SOC Paradox: Why Organizational Architecture Matters More Than Algorithm Performance
The barrier to AI-powered security operations isn't model sophistication—it's fragmented architectures across 83+ security tools that create impossible environments for autonomous agents to navigate.
December 2025 · 12 min readRead → - AIAnthropic's GTG-1002 disclosure: When AI Becomes a Cyber Weapon of Mass Destruction, Investigation Capabilities Must Scale
This is the Moment Command Zero is Built For
November 2025 · 17 min readRead → - Finding Your Way Upstream: Breaking the Burnout Cycle in Security Operations
During my twenty-plus years defending networks—from the Air Force to government contractor work to my current role in security research—I've watched exceptional analysts burn out from a systemic probl
November 2025 · 8 min readRead → - SOCThe SOC of the Future Is Already Here: Why Security Leaders Can't Risk Waiting to Adopt AI
After three decades building security software and leading multiple successful exits, I can tell you with certainty: AI in Security Operations Centers isn't a future consideration—it's an urgent prese
October 2025 · 12 min readRead → - NewsInvestigating Microsoft 365 Direct Send Abuse: When Convenience Becomes a Vulnerability
Real-World Impact: Get to Answers in Minutes, not Hours
October 2025 · 8 min readRead → - InvestigationsInvestigating Business Email Compromise: How Modern Attacks Exploit Trust in 2025
BEC Has Transformed, So Should Your Response
October 2025 · 15 min readRead → - Business Context: The Key Ingredient for Autonomous Security Operations
The promise of AI agents in security operations hinges on a deceptively simple question: Can AI SOC agents reliably make the same judgment calls as your most experienced analysts? Surprisingly, the an
October 2025 · 5 min readRead → - Deep Dive: Finding and Investigating Microsoft Teams Vishing Attacks with Command Zero
Attackers exploit Microsoft Teams through sophisticated vishing campaigns that traditional security tools fail to detect. Command Zero addresses this critical gap with a comprehensive investigation pl
October 2025 · 10 min readRead → - SOCThe AI SOC Revolution: From Disparate Tools to Intelligent Defense
During my two decades defending networks and investigating threats, I've never witnessed transformation this profound. AI is revolutionizing security operations unlike any other tectonic shift has don
July 2025 · 6 min readRead → - NewsScattered Spider 2025 Update: The Social Engineering Threat That Won't Go Away
Fighting Scattered Spider with Command Zero
July 2025 · 7 min readRead → - SOCThe Evolution of SOC Structure: From Rigid Tiers to Flexible Operations
Picking the right tier structure for your SOC
June 2025 · 5 min readRead → - Breaking the SOC Alert Fatigue Cycle: Why Speed Metrics Are Killing Quality
Security operations centers face a critical crisis: alert fatigue is overwhelming analysts and creating dangerous investigation gaps. Traditional SOC metrics like MTTR and MTTI incentivize speed over
June 2025 · 5 min readRead → - ProductCommand Zero & Okta Identity Threat Protection: Level-up Identity Investigations
Level-up identity investigations
May 2025 · 3 min readRead → - Introducing the Agent Communication & Discovery Protocol (ACDP): A proposal for AI agents to discover and collaborate with each other
AI agents are becoming increasingly specialized and numerous, creating an urgent need for standardized methods of discovery and collaboration. Without a standardized protocol that enables secure disco
April 2025 · 16 min readRead → - SOCWhy SIEMs and data lakes do not deliver the optimal experience for security investigations
Centralized data systems like SIEMs and data lakes excel at detection, reporting and compliance, but fall short for complex security investigations.
April 2025 · 5 min readRead →
See what your team can achieve.
Live in under an hour. No migration. No friction.
Book a Demo