Torq Raises $140M to Scale AI-Driven Security Operations
Funding: US$140M Series D
Valuation: US$1.2B
Total funding to date: US$332M
Torq closed a new round to expand its AI SOC Platform-automation paired with human oversight-to run security operations at scale. The company says global enterprise adoption validates the approach, with Fortune 100 teams using its AI Agents for investigation and response every day.
According to CEO and co-founder Ofer Smadari: "Global enterprise adoption of our AI SOC Platform has validated our vision for the future of security operations. Fortune 100 customers are using our AI Agents for everything from investigation to response."
What Operations Leaders Should Take From This
Your SOC is a throughput problem. Alerts, investigations, handoffs, and SLAs either flow or clog the system. Torq's pitch is simple: automate the repeatable, keep humans on the edge cases, and scale without ballooning headcount.
- Reduce MTTR by letting AI Agents triage, enrich, and correlate before analysts touch a case.
- Standardize playbooks across tools to cut swivel-chair work and shrink variance in response quality.
- Lower reliance on heavy professional services by deploying automations with less custom engineering.
- Public sector angle: partnership with Merlin Ventures plus attention to FedRAMP requirements signals a compliance-aware path into government environments.
Product Snapshot and Adoption Signals
Torq's AI Agents are used by Fortune 500 SOCs to manage millions of alerts and investigations per day. The customer list includes Marriott, PepsiCo, Procter & Gamble, Siemens, Uber, and Virgin Atlantic.
The company is expanding across US Federal and Public Sector through Merlin Ventures, aiming to meet stringent government standards while keeping automation velocity high.
Practical Questions to Ask Your Team
- What percent of alerts can be auto-triaged today, and what's the target over the next two quarters?
- Which top 10 playbooks create the most drag (time per case x volume), and where can an AI Agent take the first pass?
- What's our policy for human-in-the-loop approval thresholds (e.g., containment vs. notification)?
- How will we track gains: MTTR, cost per incident, analyst cases per day, false-positive rate?
- Do we have connectors for SIEM, EDR, IAM, ticketing, and comms ready for a 30-day pilot?
- What are the audit and evidence requirements, and how will automated steps be logged for compliance?
- What's the exit plan if we need to migrate playbooks to another system to avoid lock-in?
90-Day Evaluation Plan (Lean and Measurable)
- Day 0-15: Map data sources, define success metrics, and pick 3-5 high-volume playbooks (enrichment, phishing, endpoint containment).
- Day 16-45: Deploy AI-assisted triage and enrichment; require human approval for containment; measure MTTR and analyst effort deltas.
- Day 46-90: Expand to auto-close low-risk cases; run weekly QA on false positives/negatives; publish a KPI dashboard for leadership.
- Security review: Access controls, audit trails, data residency, and incident evidence chain aligned with NIST SP 800-61.
- Financial model: Compare cost per incident and analyst throughput pre/post; set guardrails for ongoing automation rollout.
Why This Matters Now
Alert volume keeps climbing, budgets don't. Platforms that offload repetitive investigation steps while keeping humans on high-impact decisions will win on both security outcomes and operating costs.
Torq's funding signals strong enterprise demand for this model. If your SOC struggles with backlog, inconsistent playbooks, or rising MTTR, this category deserves a focused pilot.
Level Up Your Team
If you're planning an automation push or updating SOC workflows, explore practical upskilling resources for operations teams:
Bottom line: standardize the work, automate the repeatable, and measure everything. The rest gets easier.
Your membership also unlocks:
