◆ Gentoo Logic · Modeling Warehouse

Cybersecurity · AI architecture

11 Cybersecurity companies — how they build with AI

How Cybersecurity companies build with AI — which foundational models they run and how directly, ranked by proximity to the model. Avg Foundation Proximity Score 57/100.

Native 5Direct API 0Cloud-hosted 1Middleware 3

Abnormal Security

Cybersecurity · AWS · Native (own / self-hosted weights)

Abnormal runs a cloud-native, API-first behavioral AI platform that integrates with cloud email and collaboration suites (e.g., Microsoft 365, Google Workspace) outside the mail flow, ingesting user, email, and identity telemetry into proprietary behavioral models and a data lake to drive detection, response, and human-risk scoring.[1][5][7][8][9] Its core is a proprietary behavioral foundation model and related ML pipelines hosted in its own cloud environment, exposed through its SaaS console and APIs rather than via public/open-source model distribution.[7][9]

Darktrace

Cybersecurity · Hybrid · Native (own / self-hosted weights)

Self-Learning AI built in-house; models the network rather than calling an LLM.

Palo Alto Networks

Cybersecurity · GCP · Native (own / self-hosted weights)

Runs Precision AI, its own security ML, over a huge telemetry lake.

SentinelOne

Cybersecurity · AWS · Native (own / self-hosted weights)

Purple AI combines SentinelOne’s own Ultraviolet models with Anthropic Claude + OpenAI GPT over its Singularity data lake; exposes a Purple MCP server for agentic SOC investigation.

Snyk

Cybersecurity · GCP · Native (own / self-hosted weights)

Developer-security platform on GCP/AWS scanning code and dependencies; DeepCode AI combines symbolic analysis with ML for fix suggestions. Backed by a curated open-source vulnerability database.

CrowdStrike

Cybersecurity · AWS · Cloud-hosted (Bedrock/Vertex/Azure)

AWS-native endpoint security whose Threat Graph ingests trillions of events/week into Cassandra/ScyllaDB-class stores. Detection is in-house ML; Charlotte AI adds an LLM analyst over the graph.

Okta

Cybersecurity · AWS · Middleware / wrapper

AWS-native identity cloud (workforce + Auth0 customer identity) on MySQL/DynamoDB with a multi-tenant cell architecture. AI is in-house threat-detection ML plus assistant LLMs.

Torq

Cybersecurity · AWS · Middleware / wrapper

Security hyperautomation; routes partner LLMs through its SOC workflow engine.

Wiz

Cybersecurity · Multi-Cloud · Middleware / wrapper

Agentless cloud security that scans customers' AWS/Azure/GCP via APIs and builds a Security Graph of risks. Now part of Google Cloud; AI adds LLM-driven risk explanation over the graph.

1Password

Cybersecurity · Hybrid · Off the LLM map (in-house non-LLM ML)

1Password’s production architecture is centered on a zero-knowledge, end-to-end encrypted vault service, where plaintext is encrypted on the client before reaching 1Password’s servers. Publicly available sources confirm hybrid cloud deployment patterns for components such as the SCIM bridge, but they do not reliably expose the company’s full internal database stack or all backend infrastructure details.

Zscaler

Cybersecurity · On-Prem · Off the LLM map (in-house non-LLM ML)

Own global proxy cloud + in-house ML; off the LLM map at the core.

← Back to the full orbit map (all 260 companies) · Score your own stack →