Security operations centers (SOCs) today aren’t short of detections. They’re drowning in them. For every potential threat surfaced, analysts are forced into a long, manual process of stitching together context across identities, resources, and configurations. The result: alert fatigue, investigation times measured in hours, and a widening gap between the number of signals and the people available to act.

Exaforce believes the model is broken. Instead of just adding more dashboards, the company is building what it calls an “agentic SOC”—a platform designed to collapse mean time to investigate from hours to minutes by combining a semantic data model, behavioral learning, and AI-driven reasoning.

Ariful Huq, Co-Founder and Head of Product at Exaforce, puts it simply: “The output of agents is only as good as the data.” That philosophy explains why the company started not with generative AI, but with integrations. Exaforce built deep connections into Okta, GitHub, Google Workspace, and other SaaS and cloud platforms to ingest not just events, but the contextual signals that show how identities, resources, and configurations actually interact.

From Data Chaos to Context on Demand

In most SOCs, answering a basic question like “who really performed this action?” requires analysts to chase logs across multiple systems, map assumed roles, and reconcile fragmented identities. Exaforce’s semantic model short-circuits that work. By stitching together relationships across systems, it can resolve actors and resources automatically, turning noisy events into answerable questions.

That shift from “event streams” to “context on demand” is what makes Exaforce’s AI agents useful. “If we can make these answers easy, the AI agents can use them,” Huq explains. Instead of dumping thousands of alerts into a large language model, Exaforce prepares concise, relevant facts, which lets agents reason predictably and consistently.

Why Multimodel Matters

The company’s approach combines three pillars: the semantic data model, behavioral modeling to understand what “good” looks like, and large language models for reasoning. This multimodel stack isn’t just a technical curiosity—it’s a hedge against the brittleness of LLMs when fed raw, unstructured data. By curating the input, Exaforce gets closer to reliable, repeatable AI-driven investigations that analysts can trust.

The practical impact? Customers report that investigations that once took more than an hour can now be resolved in minutes. AI agents do the legwork, surfacing findings and next steps, while analysts maintain the authority to decide. It’s augmentation, not replacement—a theme Huq returns to repeatedly.

Augmenting Analysts, Scaling Teams

That distinction matters because the needs of SOCs differ widely. Large enterprises face the nonlinear problem of rising alert volumes outpacing headcount. Smaller, high-growth companies often have tiny security teams that can’t afford the upfront investment in tooling and staff. Exaforce aims to serve both, offering copilots that let analysts ask environment-specific questions—“Am I impacted by these npm indicators?”—and get clear, contextual answers without sifting through endless logs.

The company is also extending its platform into response automation and MDR services, closing the loop by combining AI agents with human oversight. “We’re not asking customers to rip and replace,” Huq emphasizes. Exaforce integrates with existing SIEMs, SOARs, and communication platforms like Slack or Teams so it can act within current workflows rather than demanding wholesale change.

The Stakes for Security Operations

SOCs have been caught in the same cycle for years: more alerts, more tools, more dashboards. What Exaforce is proposing is a different trajectory—one where semantic context and agentic reasoning give security teams leverage against the scale problem. With $75 million in funding, the company is betting big that enterprises are ready to make the shift.

If the promise holds, the outcome isn’t just faster investigations. It’s a structural change in how security operations work: from hours of human toil to minutes of machine-augmented decision-making. For overburdened SOCs, that’s not a convenience—it’s survival.