Dropzone AI Launches Autonomous Threat Hunter
According to recent industry surveys, over 70% of security teams still rely on manual threat hunting. Many conduct hunts on a quarterly basis, with the average hunt taking 40 hours of cross-tool investigation. That’s time that most teams simply don’t have. Dropzone’s solution aims to eliminate that bottleneck by automating the entire workflow: from hypothesis to investigation to reporting.
Edward Wu, Founder & CEO at Dropzone AI, said, “For too long, proactive threat hunting has been limited by manual workflows, fragmented tools, and the cost of doing it even once a day.
“24/7 threat hunting has simply not been realistic for 99% of organizations. Today, LLM-powered software can replicate expert hunting intuition and techniques at scale, allowing our AI Threat Hunter to bring continuous, autonomous expert-level hunting within reach without adding headcount.
“This is another important step toward the Agentic SOC and for the vast majority of organizations that could never staff a dedicated threat hunter, it makes continuous hunting possible for the first time.”
The AI Threat Hunter operates as a fully autonomous agent within Dropzone’s Agentic SOC platform. Users can either select from 250+ pre-built hunt packs or describe a custom objective in plain language. Over 60-90 minutes, the agent is able to perform federated searches across SIEM, EDR, cloud, and identity platforms.
Compare that to a human analyst. They might spend a full workweek on a single hunt. In one documented case, the AI reduced 464,000 events to just 9 fully investigated findings. Importantly, it also documented the evidence for each finding and provided the reasoning. That speed allows organisations to deliver a higher level of protection with the trust that the results are more thorough.
The breadth of the hunt packs is also critical. Rather than constrain users to a specific set of tools, Dropzone delivers support for other vendors without rewriting queries. Microsoft Sentinel, Splunk ES and CrowdStrike are just some of the supported platforms. That agnostic approach gives organisations freedom to use tools they already trust. It also reduces the challenge of integration.
Competitors like Palo Alto Networks’ Cortex XSOAR offer some automation, but they often require custom scripting or platform-specific tuning. Dropzone’s approach removes that friction. The same hunt pack runs identically whether you’re using Splunk or Sentinel. For heterogeneous environments, that’s a significant advantage.
Focusing on continuous improvement is a better option than simple automation. Every hunt surfaces visibility gaps, detection opportunities, misconfigurations, and policy violations. Importantly, these are identified even when not related to active threats. This turns threat hunting from a reactive exercise into a proactive security optimisation tool.
For example, a hunt might reveal that OAuth consent grants are being abused across your cloud environment. This is a common attack vector that many teams overlook. Or it might flag legacy MFA gaps that create exploitable weaknesses. It helps security teams strengthen defences before attackers strike.
Dropzone also positions this as a Human-AI partnership model. This is about supplementing analysts with additional capabilities that they can draw on. Human analysts remain focused on strategy and high-value projects while the AI handles the heavy lifting of data correlation and initial investigation. This aligns with the broader industry shift toward using AI for augmented security.
Dropzone is determined to make this as effective as a traditional SOAR platform. In that case, the analysts build and maintain playbooks while also learning from their experiences. Dropzone’s agent also learns from each hunt, refining its approach over time. It also documents every step. This makes findings auditable and explainable, which is critical for compliance and internal review.
The timing is significant. As ransomware and supply chain attacks grow more sophisticated, organisations need continuous visibility. The AI Threat Hunter fills that gap by running 24/7, adapting to new threats as they emerge.
For example, when the AI Threat Intel Analyst detects a new CVE or trending campaign, it automatically builds a hunt pack and hands it to the Threat Hunter. A zero-day vulnerability discovered Sunday night could have a full investigation report ready by Monday morning. That speed is unmatched by manual processes.
Dropzone is not the only player in autonomous security. CrowdStrike offers Falcon OverWatch, which provides managed threat hunting services. But that requires outsourcing to CrowdStrike’s analysts, rather than automating your own team’s capabilities. Splunk’s Phantom platform offers automation but lacks the AI-driven analysis and vendor-agnostic design of Dropzone’s agent.
The closest comparison might be Palo Alto’s Cortex XSOAR, which offers playbook automation. But XSOAR still requires significant configuration and doesn’t offer the same level of autonomous reasoning. Dropzone’s agent builds its own hunt packs from natural language requests. That makes it more readily accessible and allows anyone in the SOC to develop new hunt packs.
That accessibility will allow SOCs to use Dropzone’s AI Threat Hunter as part of their training for new analysts. They will be able to build a hunt pack to look for specific alerts. They can also use the analysis and reports from the AI Threat Hunter to understand what was found and how. While they are not actively learning from investigating, they are learning how it took place.
Security vendors are rushing into the idea of Agentic SOCs. Dropzone’s vision extends beyond a single agent with the AI Threat Hunter as part of a broader “Agentic SOC” strategy. This will see multiple AI agents work together to automate detection, investigation, and response. It’s an approach that is getting traction across both commercial and government sectors.
As LLMs continue to improve, these agents are likely to become even more autonomous. As the threat from agentic AI grows, we will need AI defences that operate at the speed of AI attacks. But this should not create two domains – human-human and AI-AI. The only way this will be effective is if humans and machines work as a unified team.
Dropzone AI’s Threat Hunter is delivering a continuous threat hunting solution. It is accessible to organisations of all sizes, which will have great appeal to MSPs and SMEs. That shift in focus from tools for bigger organisations will create a better overall security environment.
For business leaders, this means better risk management without added headcount. For technical teams, it means more time for strategic work and less time chasing alerts. And for the industry, it signals a move toward truly autonomous security.
Organisations must hunt for threats. Waiting for them to happen is not an acceptable security approach. Can Dropzone’s AI Threat Hunter be the solution that underpins a wider move to threat hunting among SMEs?
The post Dropzone AI Launches Autonomous Threat Hunter appeared first on Enterprise Times.
Concord police arrested a man they say was exposing himself in a private apartment complex.…
Mojang Studios has returned for a March 2026 edition of Minecraft Live, and we're here…
Crimson Desert developer Pearl Abyss has issued a message to players addressing complaints around the…
In a franchise as dense and prolific as Resident Evil, there’s bound to be a…
Having existed for three whole decades, the Resident Evil series naturally has a number of…
Between unusually candid developers and an obsessive fan community that has spent years unearthing franchise…
This website uses cookies.