Bricklayer AI Adds Coordinated Agent Management for Security Operations
Bricklayer AI unveiled platform capabilities on March 19 designed to deploy and govern multiple AI agents across enterprise security operations. The update addresses a growing operational problem: security teams deploying isolated AI tools that lack shared context, consistent reasoning, or centralized oversight.
The company introduced three core features - Context, Coordination, and Control - to move security operations centers beyond single-purpose automation toward coordinated agent workflows.
Shared Context Across Agents
Bricklayer's Multi-Agent Context Engineering (MACE) system treats investigative knowledge as a structured asset rather than isolated data trapped in individual prompts. As multiple agents work on an investigation, context accumulates and carries forward to the next agent, preventing the loss of critical findings.
Previously, investigations would reset when control passed from one agent to another. MACE ensures agents inherit prior evidence, reasoning, and outcomes from earlier stages of an investigation.
The system applies across all 50 built-in SOC agents and custom agents created by customers. This consistency prevents fragmented analysis across different tools.
Human-Agent Collaboration Workspace
The Bricklayer Workbench provides a shared operating environment where analysts and agent teams execute investigations together. Analysts can design and launch investigative procedures while maintaining full visibility into agent reasoning, evidence sources, and decision steps.
The platform displays multi-agent plans and allows analysts to communicate directly with agents through discussion threads tied to active investigations. This keeps human analysts in control while enabling agents to handle structured investigative work.
Enterprise Governance Controls
The governance layer ensures agents operate within defined boundaries and remain auditable. The system includes:
- Multi-organization management: Separate business units, regional teams, or managed service provider customers can operate independently within a unified system while maintaining strict data isolation.
- Environment separation: Development, staging, and production environments allow testing of new procedures and agent configurations before live deployment.
- Data encryption: Schema-level segmentation isolates data between organizations. Encryption is enforced by default, with optional customer-managed keys and AWS KMS integration.
- Audit logging: All platform activity - configuration changes, agent updates, procedure modifications, user actions - is recorded and can be exported to customer-managed S3 environments.
Operational Results
Organizations using Bricklayer have reduced alert investigation time by 60 to 90 percent, according to the company. The platform addresses core SOC workflows including alert triage, incident response, vulnerability management, and threat intelligence operations.
The new capabilities become generally available April 1, 2026.
If you manage security operations or work with AI tools in threat detection, explore AI learning resources for cybersecurity analysts to understand how coordinated agents can fit into your operations strategy.
Your membership also unlocks:
