The vendor is also ‘investing heavily into channel,’ Torq CEO Ofer Smadari tells CRN: ‘We believe that this is the only way to grow.’
Torq is seeking to double down on driving growth of its agentic SOC (Security Operations Center) platform with the help of the channel, building on the proven effectiveness of the AI-powered capabilities, according to Torq Co-founder and CEO Ofer Smadari.
In a recent interview with CRN, Smadari said that Torq continues to stand out even as the market for agentic SOC tools gets crowded with a number of new startup entrants as well as offerings launched by major established vendors.
[Related: 10 Hot Agentic SOC Tools In 2026]
At this point, Torq is still the sole vendor in the agentic SOC space that is operating at true enterprise scale, with numerous Fortune 100 customers using the platform and an average of 1 billion automated actions running weekly, he said. Smadari also pointed to Torq’s 2023 launch of its first security agent, Socrates, as evidence that the company has long had a first-mover advantage in the space.
All in all, “we are the only one that is running a real enterprise environment, [with] Fortune 100 [customers], at scale. And those customers are renewing and they keep buying more. They’re relying on us,” he said. “We are the only one that has achieved a pure enterprise penetration.”
Meanwhile, when it comes to working with solution providers and MSSPs, Torq is “100 percent channel-based” in the U.S., and partners will continue to be the centerpiece of the company’s growth strategy, Smadari said.
Ultimately, “we believe that this is the only way to grow,” he said. “We are investing heavily into channel.”
Smadari also discussed Torq’s acquisition last month of Jit, a startup that brings AI context graph capabilities to the Torq platform. The acquisition followed the vendor’s funding round of $140 million in January, which extended Torq’s valuation to $1.2 billion.
What follows is more of CRN’s interview with Smadari.
What prompted the acquisition of Jit, and how will this help to expand your agentic SOC platform?
We are looking to enhance our platform and add more capabilities in order to [resolve] things faster. One of the ways that you can achieve that today is with the right context of assets.
Imagine that you’re working for me as a contractor. You have access to just a single resource. And my SOC team is getting an alert. I have high-privilege access to sensitive information, and you don’t. So this context is very meaningful. [You don’t want] every alert to have a full manual investigation, because it’s [only] a potential threat. But from the other end, you don’t want to say, “Hey, this is a low-severity alert,” [when it actually isn’t]. So the context is very useful.
What do you think that’s going to mean as far as the completeness of your platform?
Today we have three to four big components. We have the auto-triage—it’s a [capability] that can correlate and analyze alerts in real time and [renders] a verdict in seconds—reduce the noise. So we’ll use our graph for doing that, to improve [triage] dramatically.
The other way we are going to use it: we have our automation layer, which is fully agentic today, with the ability to build agents just with prompting. Those agents can consume this contextual data as well. The difference is huge, because agents that are consuming the right context are a lot [more effective].
The other part is case management. We are running cases, we are collecting lots of data on everything that our agents [have done] before, everything that analysts did before. WWe are addressing the incumbents like Palo Alto [Networks], Splunk, Google — today, just in a POC period, we can collect everything that the analysts did for the past five years with Palo Alto [Networks] and learn what they did and what they did wrong.
The other piece is our secondary investigation agents that can consume and have a full feedback loop back to the triage. So everything is connected, and it’s dramatically changing the way that the SOC is working.
As far as the threat landscape, there’s so much concern now about vulnerabilities that AI can discover, from tools like Claude Mythos. How will your platform make a difference there?
I believe that there will be much more threats, not just Mythos. There’s new attack vectors that are going to be built for phishing, for malware, for endpoint, for cloud security. So imagine how much automation and response will be needed in the next 24 months ahead. We keep building—we are adding more engineers, we are adding more core capabilities, just to add more value to our customers. We can remediate almost any threat. We have some customers [where] the number of security events they have in a day is 1 billion. And I was talking with the CISO, and he believes that in two years, [it will be] 2 billion security events a day. So how can you consume and understand all of that and focus on the right things? Agentic data context will change everything.
So everyone’s going to have to get to a real-time security response pace, which you can only do through automation, because humans are never going to keep up?
Yes, agentic automation. The difference between dealing with AI speed that is being used by the bad guys and building a platform that can run at the speed of AI—[we] can adjust to the right [attack] vector every time. Imagine that you’re a CISO and you’re running an incumbent [tool]. How can you deal with the fast pace of new attacks happening every day, with agents that are requesting permissions from other agents? How can you respond to that with just static playbooks?
The agentic SOC space has gotten very popular for startups—do you feel like you have had a first-mover advantage there?
We have been in the market for four and a half years. If you look at when we announced Socrates, which was our first agent—it was in July or August 2023. No one else did it back then. And we are the only one [that is] running 1 billion actions on a weekly basis, on average. I don’t think anyone else is doing that. Even ServiceNow, they just announced that they are doing 54 billion automations in a year—and we are doing close to that. And we don’t have [nearly as many] enterprise customers as they do. So we are the only one that is running a real enterprise environment, [with] Fortune 100 [customers], at scale. And those customers are renewing and they keep buying more. They’re relying on us. We are the only one that has achieved a pure enterprise penetration.
What are the major opportunities with Torq for partners right now?
[A significant portion] of our revenues are coming from MSSPs and MDR [managed detection and response]. They are using us to provide value to their customers. Some of those MDRs—Optiv, GuidePoint and WWT—they are using us both for their internal security operations and for their services, and they are working with us to get more customers in. Especially in the U.S., we are 100 percent channel-based. We are getting every deal [with] the channel, always. We believe that this is the only way to grow. We are investing heavily into channel.
