New AI agent enables security teams to proactively and continuously hunt threats across their entire environment without adding workload

Dropzone AI, the leading agentic SOC company, today announced the addition of the AI Threat Hunter, its newest AI agent that enables security teams to proactively search for threats across their environments around the clock. The AI Threat Hunter is the next agent joining the Dropzone’s Agentic SOC team, expanding what AI agents can do across the full spectrum of detection and response. This new capability is designed to work seamlessly alongside SOC analysts, both human and autonomous, expanding security analytical capacity across the SOC, and will be generally available in Summer 2026.

Security teams have long recognized the importance of proactive threat hunting; however, thorough hunting requires time, specialized expertise, and investigation across multiple tools. A single hunt can take up to 40 hours of cross-tool investigation, and most security operations centers are forced to prioritize daily alert responses over proactive hunts. As a result, many teams can only conduct threat hunts occasionally, leaving threat hunting limited to the largest and most resourced SOCs. This is where the AI Threat Hunter makes a difference, enabling teams, big or small, to run continuous hunts across their environments while human analysts remain focused on strategy and high-value projects.

Key capabilities of the AI Threat Hunter include:

• 1-click autonomous hunting across the entire security stack: Select from 250+ pre-built hunt packs or describe a custom hunting objective and the agent builds one on demand. The agent then spends the next 60-90 minutes performing federated searches across SIEM, EDR, cloud, and identity platforms, processing hundreds of thousands of rows of telemetry from across the environment.
• AI-driven analysis of large security datasets: The agent iteratively analyzes and filters large telemetry datasets, documenting every filter step and the reasoning behind it, to surface the anomalies that warrant deeper investigation. In one real-world hunt, 464,000 events were reduced to 9 fully investigated findings.
• Automated investigation of suspicious activity: Each anomaly is investigated across connected security tools (EDR, SIEM, identity providers, IP reputation services) with every evidence source and conclusion documented. The agent conducts multiple investigations in parallel, classifying each finding as urgent, notable, or informational.
• Broad threat hunting coverage: Ships with 250+ pre-built hunt packs including one for every MITRE ATT&CK technique plus operational packs covering cloud, identity, endpoint, and user behavior anomalies such as OAuth consent grant abuse, unauthorized RMM tools, and legacy MFA gaps as security signals.
• Vendor-agnostic: Hunt definitions are vendor-agnostic by design: The same pack works across Microsoft Sentinel, Splunk ES, CrowdStrike, and any connected platform without rewriting a single query.
• Actionable security posture insights with every hunt: Beyond threat detection, every hunt surfaces visibility gaps, detection opportunities, misconfigurations, and policy violations—delivering measurable security improvements even when no active threats are found.

“For too long, proactive threat hunting has been limited by manual workflows, fragmented tools, and the cost of doing it even once a day,” said Edward Wu, Founder and CEO of Dropzone AI. “24/7 threat hunting has simply not been realistic for 99% of organizations. Today, LLM-powered software can replicate expert hunting intuition and techniques at scale, allowing our AI Threat Hunter to bring continuous, autonomous expert-level hunting within reach without adding headcount. This is another important step toward the Agentic SOC and for the vast majority of organizations that could never staff a dedicated threat hunter, it makes continuous hunting possible for the first time.”

The AI Threat Hunter is built to work in concert with the other agents on the Dropzone AI team. When the AI Threat Intel Analyst detects an emerging threat (a new CVE, a trending threat actor campaign), it automatically builds a hunt pack and hands it directly to the AI Threat Hunter. The result is continuous, autonomous coverage: a zero-day vulnerability surfaces on a Sunday night, and by the time analysts arrive Monday morning, a complete hunt report is already waiting. Every hypothesis, query, filtering, and finding generated during a hunt is logged and auditable, giving teams full visibility into how conclusions are reached. This coordinated workflow helps organizations identify risks earlier and discover threats faster across their entire environment.

"Dropzone’s AI Threat Hunter performs federated hunts in 1 hour that would take humans up to 40 hours,” said Dropzone AI customer Andrew Marsh, Director of Information Security of Indiana Farm Bureau Insurance. “Now we can hunt continuously across our environment without pulling analysts away from other priorities."

Dropzone AI recently partnered with Leidos to accelerate the deployment of its AI SOC analysts within U.S. federal security operations centers, making the fully agentic SOC a reality for both the private and public sectors. You can check out Dropzone’s new threat hunting agent in action during the 2026 RSA Conference. Visit The AI Diner, Dropzone AI's 1950s-themed booth (#455) in the South Expo Hall, where the company's SOC agents serve fresh alert investigations 24 hours a day. Learn more about this new agent and Dropzone's presence at RSA: https://www.dropzone.ai/rsa-2026-ai-diner.

To learn more about Dropzone AI or to book a demo, please visit: https://www.dropzone.ai/request-a-demo.

About Dropzone AI Dropzone AI weaponizes LLMs for cyber defenders, delivering the Agentic SOC: AI agents that collaborate 24/7 to overmatch attackers. Dropzone is ready to go on Day 1 and integrates into your existing tools. AI agents start work immediately to investigate alerts, respond to emerging threats, and proactively hunt attackers. Dropzone works with enterprises and MSSPs including ECS, Avalara, UiPath, and Zapier, and is actively protecting over 300 companies. Learn more at www.dropzone.ai.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260318986749/en/