How Cybersecurity companies build with AI — which foundational models they run and how directly, ranked by proximity to the model. Avg Foundation Proximity Score 57/100.
Cybersecurity · AWS · Native (own / self-hosted weights)
Abnormal runs a cloud-native, API-first behavioral AI platform that integrates with cloud email and collaboration suites (e.g., Microsoft 365, Google Workspace) outside the mail flow, ingesting user, email, and identity telemetry into proprietary behavioral models and a data lake to drive detection, response, and human-risk scoring.[1][5][7][8][9] Its core is a proprietary behavioral foundation model and related ML pipelines hosted in its own cloud environment, exposed through its SaaS console and APIs rather than via public/open-source model distribution.[7][9]
Cybersecurity · Hybrid · Native (own / self-hosted weights)
Self-Learning AI built in-house; models the network rather than calling an LLM.
Cybersecurity · GCP · Native (own / self-hosted weights)
Runs Precision AI, its own security ML, over a huge telemetry lake.
Cybersecurity · AWS · Native (own / self-hosted weights)
Purple AI combines SentinelOne’s own Ultraviolet models with Anthropic Claude + OpenAI GPT over its Singularity data lake; exposes a Purple MCP server for agentic SOC investigation.
Cybersecurity · GCP · Native (own / self-hosted weights)
Developer-security platform on GCP/AWS scanning code and dependencies; DeepCode AI combines symbolic analysis with ML for fix suggestions. Backed by a curated open-source vulnerability database.
Cybersecurity · AWS · Cloud-hosted (Bedrock/Vertex/Azure)
AWS-native endpoint security whose Threat Graph ingests trillions of events/week into Cassandra/ScyllaDB-class stores. Detection is in-house ML; Charlotte AI adds an LLM analyst over the graph.
Cybersecurity · AWS · Middleware / wrapper
AWS-native identity cloud (workforce + Auth0 customer identity) on MySQL/DynamoDB with a multi-tenant cell architecture. AI is in-house threat-detection ML plus assistant LLMs.
Cybersecurity · AWS · Middleware / wrapper
Security hyperautomation; routes partner LLMs through its SOC workflow engine.
Cybersecurity · Multi-Cloud · Middleware / wrapper
Agentless cloud security that scans customers' AWS/Azure/GCP via APIs and builds a Security Graph of risks. Now part of Google Cloud; AI adds LLM-driven risk explanation over the graph.
Cybersecurity · Hybrid · Off the LLM map (in-house non-LLM ML)
1Password’s production architecture is centered on a zero-knowledge, end-to-end encrypted vault service, where plaintext is encrypted on the client before reaching 1Password’s servers. Publicly available sources confirm hybrid cloud deployment patterns for components such as the SCIM bridge, but they do not reliably expose the company’s full internal database stack or all backend infrastructure details.
Cybersecurity · On-Prem · Off the LLM map (in-house non-LLM ML)
Own global proxy cloud + in-house ML; off the LLM map at the core.