How Devo built agentic Strike48 to kill the SOC alert

Security operations teams have faced the same trade-off for years. Either collect every log and blow your budget, or reduce the amount of data you store and hope your blind spots don’t get exploited.

The problem starts with security information and event management (SIEM). This is the central nervous system of most enterprise security. SIEM platforms ingest log data from across the business, from firewalls and endpoints to cloud services and applications, then use it to detect threats and trigger alerts.

As businesses have moved to the cloud, deployed dozens of SaaS tools, and now started to use AI, the volume of this data has exploded. And because most SIEM platforms charge by the amount of data ingested, so has the cost of storing it. As a result, the number of blind spots has increased, and each one is a potential vulnerability.

“Organizations are dealing with a challenge of ‘What data am I going to put in this thing?’ because [they] only have so much money in [their] budget to be able to allocate toward it,” says Jason Mical, Field CTO at Devo and Strike48. “It’s introduced a gap in their visibility…[they] get the bill at the end of the month and [they] have to rip it out.”

Devo was founded to solve this problem by handling data at scale and helping security operations centers (SOCs) operate more efficiently.

The economics of seeing everything

Devo was founded in Spain in 2011 and moved to the United States in 2018. Since then, the company has raised over $500M across six funding rounds, with Insight Partners leading its Series B and C, reaching a $2B valuation at its Series F in 2022.

From the start, Devo was designed to be different from legacy SIEM solutions. Where traditional platforms had organizations choose between data coverage and cost, Devo allowed its customers to retain far more data in a searchable, or “hot” state.

But now Devo is allowing businesses to bypass that trade-off.

“What we’re seeing is a paradigm shift,” explains Mical. By unifying a company’s logs and combining them with AI’s ability to search massive amounts of data, full log coverage becomes economically viable. “I only need the data hot in the SIEM for alerting for a week, and then I could take the rest of that data and put it into an S3 bucket or a storage bin, where I can keep that for seven years if I want to. And my Agent can still search it…just as effectively.”

“AI is really going to help to eliminate a lot of the blind spots.”

This is the idea behind Strike48, Devo’s new product brand launched in January 2026. Strike48 unifies log data across cloud, on-premise, SaaS, and data lake environments into a single operational layer that AI Agents can reason with, regardless of where the data lives.

“[It’s] built to be a horizontal engine across all aspects of an organization,” says Mical. Traditionally, OT security issues required IT to step in — creating friction and delays. AI Agents are now dissolving that boundary, enabling faster, more autonomous resolution.

Agents in security operations are only as useful as what they can see. If your Agents can’t access all of your log data, they can’t do useful work. Strike48 makes sure they can.

The first line of defense

The visibility problem, however, is only half the story. Even when security teams can see what’s happening, they often lack the capacity to respond.

Mical has spent more than 30 years in cybersecurity, so he has seen every sort of fatigue and every sort of promise to fix it. “Alert fatigue…analyst burnout…threat intelligence burnout, and now SOAR burnout,” he says.

SOAR — security orchestration, automation, and response — tools were supposed to solve this problem by coordinating separate security tools and automating repetitive tasks. Instead, they just created another management layer for security analysts to keep up to date. “Everything they have to deal with every day is never-ending.”

One of the big challenges organizations face is the volume of data generated by endpoint detection and response (EDR) software. This is software that monitors end-user devices, such as laptops and servers, for threats. Most organizations can only afford to send their alerts to their SIEM, not the full telemetry.

“If I have an EDR that fires or triggers an alert that something suspicious is occurring, I only have the data in the SIEM of what suspicious activity occurred, but it doesn’t give me the visibility into what happened before [or after],” says Mical.

“So now I’ve got to pivot back into the console of the EDR or the firewall or all those different technologies to figure out what happened.”

One solution to this volume problem was to outsource it, organizations hiring managed service providers to act as their first line of defense. “But then they pass the buck back to the organization,” says Mical. “They say, ‘Well, we validated that this is bad. Now you guys have got to go and clean it up.’ And then the organization is like, ‘Well, how do we clean it up? How do I know what my blast radius is, or where’s my patient zero?’”

Moving at agentic speed

This is made worse by attackers using AI to quickly adapt their techniques, making the static, rule-based detection models that most SIEM solutions use ineffective.

“We’re dealing with agentic adversaries, and they have come up with the ability to know and quickly be able to identify what the rule is there and change their approach on the fly,” says Mical.

“You’ve got to use AI to be just as dynamic as the adversaries are.”

Strike48’s answer is Prospector Studio, a no-code platform for building and deploying AI Agents across security and IT operations. Rather than replacing analysts, these Agents handle the tasks that burn teams out, such as triaging alerts, detecting threats, collecting forensics, and compiling reports, all at machine speed.

“You can put these instructional prompts into the Agents you build, to say, ‘These are the steps I need you to follow if you see something bump in the night,’ and it does it at machine speed, not human speed,” says Mical.

The goal is what Devo calls “alertless SOC,” where Agents handle triage and investigation autonomously, escalating to humans only when human judgment is required.

Making a “single pane of glass” a reality

Agents can compress investigations from hours to minutes, but they lack the kind of contextual reasoning that humans take for granted.

“[AI] doesn’t take into consideration what’s the impact to the business, like a human would,” says Mical. “If I shut off my CEO’s user account, that might have a little bit of an impact.”

This is why Devo’s approach with Strike48 is augmentation, not replacement. Analysts can build Agents with deterministic guardrails to constrain what the Agent can do and get a full audit trail of every action, so the Agent can respond at the same speed the threats operate, while keeping the human in the loop for high-impact decisions.

“[AI] gives you the ability to quickly uncover anomalies and…investigate them at speeds that no human, or even team of humans, could ever even dream of accomplishing.”

The result, Mical believes, is what the industry has promised forever. “I always laugh. Being in the industry since its birth, we’ve always heard the promise of a single pane of glass…and no one has ever been able to truly deliver it,” he says. “Now, with the agentic ecosystem that we have, I truly think there’s a light at the end of the tunnel.”

*Note: Insight Partners has invested in Devo.