Introducing native support for leading frontier AI models, including Claude Sonnet 4.6, Claude Opus 4.8 and Gemini 3.5 Flash across the Cortex platform.
Frontier AI is a moving target. Each successive generation of AI models can unlock distinct leaps in capability, such as deeper analytical reasoning, stronger instruction following, and the ability to synthesize massive, fragmented context.
Adversaries do not wait for the next platform refresh cycle to adopt these breakthroughs. They test, adapt, and operationalize them immediately. The attack lifecycle is compressing, with vulnerability discovery to exploitation currently taking under 25 minutes. Reconnaissance is now automated, phishing is harder to distinguish from legitimate communication, and exfiltration tactics can adapt to environments in real time.
An agentic SOC must operate with the same agility, on a model-flexible foundation that can absorb frontier advances and apply them inside operational workflows as the AI threat landscape evolves. With the Cortex platform, we're directly addressing these critical needs by giving defenders access to the right model capability for the right security workflow, without forcing the SOC to bet everything on a single model that could be outdated tomorrow.
Today, we are thrilled to announce native support for the world’s most powerful frontier AI models across the Cortex platform, including Anthropic Claude Sonnet 4.6, Claude Opus 4.8 and Gemini 3.5 Flash. These frontier models infuse every part of the platform, including Cortex XSIAM, AgentiX, XDR, and Cloud, to deliver sophisticated AI reasoning, speed, and intelligence directly into your workflow. Cortex is designed for the future, with a flexible harness that allows us to rapidly add support for new models as they emerge, keeping you on the frontier of AI-driven defense.
You can choose between Basic, Fast, Thinking, or Pro AI models to match the speed and depth your task requires.
Unleashing Intelligence on Native Telemetry
Frontier models are incredible at finding patterns, but they can only connect the dots within their line of sight. They become massively more effective the moment you run them on top of a unified security data foundation that brings all your telemetry into view.
In the Cortex architecture, context is stitched from native telemetry across endpoint, network, cloud, and identity. Each piece adds meaning. Together, they give analysts the full operational picture of what happened, why it matters and what can be done next.
By bringing native support for leading frontier AI models to the Cortex platform, security teams can easily connect disparate signals, synthesize complex context, and move at AI speed. This is frontier AI applied directly to real-world security operations.
Where Frontier Models Move the Work Forward
In security operations, the most important work is the chain of reasoning that moves an investigation forward. Security investigations often move across multiple paths. The challenge is deciding what matters, what to check next, and how to turn noisy case context into a clear next step.
Armed with stronger reasoning and instruction, Cortex AI agents can better understand analyst intent, more quickly synthesize complex requests into clear steps, while maintaining context across the workflow.
When the request or context is ambiguous, AI agents can ask more targeted clarification questions tied to the investigation, entity, action, or decision at hand. In the SOC, context is everything. It ensures AI agents fully understand the case and build a plan before taking action.
Frontier models also help translate reasoning into structured execution. Agentic workflows depend on AI agents turning analyst intent into the right next step, with the right parameters, context, and structure. Cleaner structured generation helps keep the workflow aligned to what the analyst is trying to accomplish.
At the synthesis layer, these AI frontier models help AI agents process massive amounts of data associated with a case, such as timelines, endpoint events, identity signals, cloud activity, network activity, and past analyst actions. The AI agent needs to preserve key evidence and suggest next steps, whether it is acting on its own or prepping the case for a human investigator.
With frontier AI directly embedded into security workflows, Cortex instantly bridges the gap between threat detection and automated response. AI agents are empowered to handle cases on their own at machine speed, or they can provide clear guidance to human analysts, taking the guesswork out of case investigations.
From Reasoning to Governed Action
Frontier models bring stronger reasoning to AI agents. Cortex grounds that reasoning in a security context and governs AI agentic action within policy boundaries defined by the SOC, including permissions, approvals, workflows, accountability, and human-in-the-loop approval where it's needed.
AI becomes operational in security by being connected to the data defenders trust, embedded in the workflows they use, and governed by the controls their organizations require.
Built to Move With the Frontier
By grounding how frontier models reason, execute, and access native telemetry today, Cortex helps defenders address today’s operational pressure while setting the stage for the next phase of Agentic SOC operations.
Experience the Power of Frontier AI SOC
See how Cortex XSIAM combines leading frontier AI models, AI agents, and autonomous workflows to accelerate investigations, reduce manual effort, and strengthen security operations. Schedule a demo.