Simbian is teaching AI agents to triage alerts, hunt threats, and answer firewall tickets at machine speed - so the analysts on your team can finally take a weekend.
Somewhere in a Mountain View office park, a small team of engineers is watching a graph that, for most security companies, would be a cause for alarm. There are no humans triaging. There is no inbox of pending tickets. There is, instead, a fleet of AI agents quietly closing tickets, writing investigation notes, and labelling false positives - and a single on-call analyst monitoring the work. This is Simbian's pitch made flesh: a security operations center that runs while you sleep, run by software that doesn't.
Simbian, founded in 2023 by Ambuj Kumar and Alankrit Chona, is one of a small number of companies betting that the security industry has been quietly outsourcing its labour problem to humans for too long. The company emerged from stealth in April 2024 with $10 million in seed funding and a thesis that sounds simple and is, in practice, almost recklessly ambitious: build autonomous AI agents that can do the work of a security operations center, from alert triage to penetration testing to firewall management - and make them resistant to the very AI attacks they are designed to stop.
Security operations is a strange business. The world spends an estimated $85 billion every year on it, and the dominant activity is still a person staring at a screen, deciding whether a flickering red light means anything. The defenders move at human speed. The attackers, lately, do not. A modern phishing-to-ransomware chain can complete in under an hour. A prompt-injected agent can exfiltrate data in seconds.
The Simbian founders saw the asymmetry as the entire game. Traditional SOC tooling - SIEMs, SOARs, ticketing systems - was built on the assumption that humans would do the reasoning and the software would do the filing. But the volume of alerts had long since broken that assumption. Most enterprises now ignore the majority of alerts they generate. The interesting attacks hide in the tail.
Layered on top of that is a second, newer problem: AI itself is becoming an attack surface. Models can be prompt-injected. Agents can be jailbroken. Tribal knowledge - the dozens of small decisions an analyst makes about what to escalate - usually leaves with the employee. None of this gets better with another dashboard.
Ambuj Kumar's resume is not the obvious one for a SOC company. He spent his early career at NVIDIA leading the design of several GPU generations, then co-founded Fortanix, where he helped create the Confidential Computing category and raised more than $135 million. He could, presumably, have done anything next. He chose security operations - the part of the industry famous for burning out its workforce.
Alankrit Chona, the company's CTO, came at the problem from a different angle. He had built high-scale data platforms at Twitter and was a founding engineer at both Afterpay and Spotnana. Between them, the founders had two skills the modern SecOps stack tends to lack: a deep familiarity with how machines actually reason about data at scale, and an instinct for what users will and will not accept from automated software.
Their bet was that the autonomous agent paradigm - large language models that can plan, take tool calls, and recover from mistakes - had finally crossed the line into being useful for security work. Not because LLMs are smart, but because the SOC turns out to be a domain where the work is mostly reading, writing, correlating, and explaining. Which is, suspiciously, what these models are best at.
Simbian's platform is built around two ideas that, taken on their own, sound a little dry. Together, they are the whole company.
The first is the Context Lake. The Lake is a structured store of an organization's institutional security knowledge: its runbooks, its asset inventories, the unwritten rules about which alerts to escalate, the fact that the CFO travels through Asia every March. The Lake is what stops an agent from being a generic chatbot. It is what makes Simbian's SOC agent know that a login from Singapore on March 7 is fine, but the same login on August 1 is not.
The second is TrustedLLM, Simbian's own hardened LLM stack. It assumes any input could be hostile: a log line might contain a prompt injection, a user message might be a jailbreak attempt, an attached file might be poisoned. TrustedLLM is designed to keep working when those things happen.
Triages and investigates alerts end-to-end. Closes false positives. Escalates the real ones with a written rationale.
Generates hypotheses and validates them across historical telemetry. The work most teams never get to.
Continuous, on-demand penetration testing. Looks for the exploit path before someone else does.
Manages firewall change requests and network security policy operations. The thankless ticket queue, automated.
Early enterprise customers - Matillion, Axelar, Cybalt, SMT, Wipro and a roster of MSSPs - have started running Simbian agents in production. The integrations span more than a hundred existing security tools, which is the polite way of saying the agents do not require you to throw out your SIEM.
It would be easy to read Simbian's pitch as another "AI replaces humans" story. The founders are careful, almost insistent, that it is not. The mission, as they describe it, is to give every security team a permanent reinforcement: an additional set of agents that handles the volume, freezes the institutional knowledge in place, and surfaces the small number of cases that genuinely need a human brain.
That is a different posture than the one most of the AI industry has taken in 2024 and 2025. The bet behind Simbian's culture - heavy on engineers from NVIDIA, Twitter, Fortanix, Afterpay and Spotnana - is that security in particular cannot tolerate the "ship it and apologize later" mode. The agents have to be auditable. The decisions have to be explained. The human, somewhere, has to be able to say no.
Here is the uncomfortable thing about modern security: the volume of attacks is going up, the cost of launching them is going down, and the supply of trained analysts is, kindly put, finite. Something has to give. Either defenders find leverage, or attackers keep getting easier wins.
Simbian is one of the more honest answers to that question. The company is not promising to remove humans from the loop. It is promising to remove the parts of the loop that humans never wanted to do anyway - the endless first-pass triage, the recycled phishing investigations, the firewall ticket from a developer who just needs port 443 open by Tuesday. What's left, in theory, is the work that drew people into security in the first place.
Back in the Mountain View office, it is now 3:42 a.m. The alert queue is still empty. A single analyst has been on call all night and has not been paged. The agents have closed 412 tickets, escalated three, and written an incident summary for one of them. The summary is correct. The analyst reads it, signs off, and gets a coffee. This is, in Simbian's telling, what winning looks like. Not silence. Just a SOC that has finally learned how to do its own homework.