Frequently Asked Questions

SOC AI Agent is DolutechAI's autonomous Security Operations Center platform: an orchestrator delegates each event to one of eight specialist agents (network, auth, web, cloud, endpoint, malware, exfiltration/C2, compliance) and drives SOAR response in real time.

Dolutech SOC Model V1 is the proprietary cybersecurity language model inside that platform — built on an open-weight foundation, specialized with 22,000+ curated examples via SFT, high-quality DPO, and continuous RL from production workflows.

In practice: the model analyzes and classifies security data; the agentic layer orchestrates specialists, incidents, and playbooks. The waitlist offers early API access to the same model that powers the platform.

The orchestrator classifies each event by log type and context, delegates to one of eight specialists, and consolidates analysis before creating or updating an incident.

JSON/REST API, Wazuh SIEM/XDR, Splunk HEC, CEF (ArcSight), Syslog (RFC 5424/3164), webhooks, WordPress SOC Collector plugin, Cloudflare, Go agents for Windows/Linux, and custom connectors.

Playbooks define triggers (category, score, severity), conditions, and actions. Run fully automatic or require manual approval before remediation.

A proprietary network sharing only real threats — IOCs with SOC hits and confirmed incidents. Public feed data is not shared.

Immutable audit trails, retention policies, exports for data subjects, and breach notification reporting (e.g. GDPR Art. 33).

Indicators are correlated with logs and incidents. IOC Feed and TI History show matches; Threat Network reinforces community-validated IOCs.

Yes. Go agents for Windows and Linux, plus the WordPress SOC Collector plugin with IP blocking.

Perimeter and CDN events correlate web attacks with internal incidents and can trigger blocking playbooks.

Automatic playbooks can respond in under one second. Specialist-per-log-type analysis keeps false positives very low (~0.02% in tuned environments).

Yes. Send events via Syslog, CEF, Splunk HEC, JSON API, or Wazuh. SOC AI Agent correlates, analyzes with AI, and responds via SOAR without replacing your SIEM.

Yes. Configure thresholds, playbooks, whitelist, connectors, retention, and auto/manual modes per environment.

MDR (Managed Detection and Response) is the managed detection and response service we deliver with SOC AI Agent. We monitor your environment 24/7, detect threats, and respond autonomously — no internal SOC team required.

Human-in-the-loop is the mechanism by which the autonomous agent, upon identifying a critical context or sensitive action, automatically escalates to a human analyst to validate the decision before execution. It ensures day-to-day autonomy and reinforced safety when risk demands it.

The agent escalates when severity, critical environment, potential action impact, or analysis confidence indicate that human validation improves safety — for example, critical incidents, sensitive assets, or invasive remediation. Human analyst availability depends on your chosen plan.

The agent operates autonomously on all plans. Some plans include human analysts who participate in the human-in-the-loop flow when the agent escalates. Availability depends on your plan — contact us to find the right fit for your environment.

It is our proprietary language model — built on an open-weight foundation and specialized for cybersecurity through SFT on 22,000+ curated examples (CVEs, incident reports, SOC playbooks, IOC intelligence), followed by high-quality DPO and continuous RL. It powers the AI engine inside SOC AI Agent.

Generic models are trained on broad internet data and often hallucinate security advice. SOC Model V1 is a proprietary specialization — SFT on curated security data, DPO aligned with analyst preferences, and continuous RL from real production workflows. Not a prompt on a generalist.

SFT (Supervised Fine-Tuning) teaches the model cybersecurity tasks on curated examples. DPO (Direct Preference Optimization) aligns outputs with analyst preferences — better triage answers over worse ones. Continuous RL means the model keeps improving from feedback in our live agentic pipeline, not just from one-time training.

We are rolling out early access in phases. Join the waitlist to get priority access and early-bird pricing when the API launches.

SOC Model V1 is the core LLM inside SOC AI Agent. The orchestrator and 8 specialist agents use it to classify events, analyze logs by domain, and propose SOAR actions. The waitlist gives you early access to the model API directly.

Training data is specialist-curated from public CVE databases, anonymized incident patterns, and internally validated security datasets. We do not train on customer production data without explicit consent.

Security professionals, engineers, analysts, developers, and organizations interested in cybersecurity-focused AI. We review applications to ensure early access goes to teams who will provide meaningful feedback.

SOC AI Bench is our internal performance comparison for Dolutech SOC Model V1 — evaluated through the same production agentic workflow that powers SOC AI Agent in the field.

In our internal benchmark, SOC Model V1 scores approximately 81% on real SOC analysis tasks, compared with other open models such as DeepSeek, Qwen, and Gemma.

Internal benchmark — methodology aligned with our production agentic pipeline. Results reflect real SOC analysis tasks, not synthetic trivia.

Yes. SOC AI Agent includes native SDK integrations for modern app platforms:

Lovable SDK — send events, errors, and security signals from your AI-built Lovable applications.

Replit SDK — stream logs, runtime events, and security telemetry from your Replit apps and services.

Vercel — deployment and perimeter integrations for web application security context.

These complement standard ingestion paths such as JSON/REST, Syslog, Splunk HEC, Wazuh, and more.

SOC AI Agent includes 16 core modules organized for operations, threat intelligence, and administration:

Operations: Dashboard, Endpoints, Logs, Incidents, SOAR, AI Chat, Manual Analysis.

Threat Intelligence: Threat Intelligence, Threat Map, IOC Feed, TI History.

Administration: Connectors, Whitelist, Team, Settings, My Profile.

Together they provide end-to-end autonomous detection, investigation, and response.

Yes. DolutechAI donates SOC AI Agent to verified non-profit organizations through our free licensing program.

Security should not be a budget blocker for organizations that change the world — we provide enterprise-grade autonomous SOC protection at no cost for eligible NGOs.

Learn more and apply at dolutech.ai/nonprofit.