Glossary · Agent Zero

What is Agent Zero?

Agent Zero is Command Zero's autonomous investigation agent, the AI persona that conducts end-to-end security investigations using Governed AI and the Question-based method, producing documented verdicts customers can audit, verify, and act on.

Updated 2026-05-19

What it means

Agent Zero is not a single LLM call or a single workflow. It is the orchestration layer that selects relevant expert questions for each alert, executes them against authorized data sources, correlates findings, and produces a verdict with supporting evidence. Agent Zero represents multiple agents acting as teams, all made up of multiple pipelines and agentic loops and roles. Examples of the investigations Agent Zero produces are archived in the Casebook, a public archive of real cases (redacted) that serve as the most direct evidence of what Command Zero produces in production.

Command Zero’s approach

How Command Zero handles Agent Zero.

Agent Zero runs in autonomous mode by default for routine Tier-1 alert triage and on demand for any case the human analyst chooses to delegate. The agent's reasoning is logged, the questions executed are visible, and the verdict ties to the evidence. Customers control which questions Agent Zero is permitted to ask and which data sources it is authorized to query. This is what distinguishes Agent Zero from black-box autonomous SOC products.

Related terms