Anvilogic 'Blueprints' at RSA 2026: Scaling the AI SOC through Natural Language Orchestration
Anvilogic 'Blueprints' at RSA 2026: Scaling the AI SOC through Natural Language Orchestration
At RSA 2026, Anvilogic launched 'Blueprints,' a natural language orchestration layer that allows SOC analysts to create and deploy specialized AI security agents across multi-data platforms without writing code.
The Shift from Manual SOAR to Agentic Security Operations
At RSA Conference 2026, the conversation has moved beyond mere AI 'assistants' to the era of agentic orchestration. Leading this charge is Anvilogic, which unveiled its new 'Blueprints' capability—a natural language orchestration layer designed to transform how Security Operations Centers (SOCs) build and scale their automation.
For years, the promise of Security Orchestration, Automation, and Response (SOAR) was held back by the complexity of Python scripting and rigid schema wiring. Anvilogic’s Blueprints represents a paradigm shift, allowing security analysts to author sophisticated, multi-step automations using natural language. By decoupling the logic of a security investigation from the underlying data storage, Anvilogic is effectively enabling the 'SOC-as-Conversation.'
Natural Language Orchestration: 'Your Best Analyst, at Infinite Scale'
The core value proposition of Blueprints is what Chief Product Officer Mackenzie Kyle describes as "your best analyst, at infinite scale." Instead of requiring specialized automation engineers to maintain code, Blueprints allows a senior threat hunter to describe an investigative process in plain English.
- Declarative Workflows: Analysts can define the 'what' and 'why' of a security task, and the platform generates the 'how' across various tools.
- Specialized Agents: These Blueprints act as specialized AI agents with memory and context, capable of performing domain-specific tasks such as cross-platform threat hunting or automated triage.
- Same-Day Deployment: By removing the coding barrier, SOC teams can move from a newly discovered threat to a fully automated detection and response workflow in a single afternoon.
The Technical Engine: The Enterprise Security Graph
Unlike generic LLM wrappers, Blueprints is built upon Anvilogic’s proprietary Enterprise Security Graph. This graph serves as the contextual glue that understands the relationships between entities, alerts, and data models across a multi-data platform environment.
Because Blueprints run on this graph rather than raw, noisy alert streams, they maintain high fidelity. The platform can reason across a Multi-SIEM and Data Lake architecture—querying logs in Snowflake, correlating them with alerts in Splunk, and executing a containment action in CrowdStrike—all through a unified natural language interface. This architecture addresses the persistent blind spots that arise when security teams are forced to move between siloed data environments.
Multi-Data Platform Strategy and Cost Optimization
A critical takeaway from the RSA 2026 announcement is how Blueprints facilitates a hybrid data strategy. As enterprises increasingly move high-volume logs to cost-effective data lakes like Databricks or Snowflake while keeping high-fidelity alerts in legacy SIEMs, the orchestration layer must be data-agnostic.
Anvilogic’s Blueprints enables this transition without a 'rip-and-replace' migration. By using the Model Context Protocol (MCP) and advanced RAG (Retrieval-Augmented Generation) techniques, these specialized agents can pull context from wherever it resides. This not only improves the speed of investigation but also significantly reduces SIEM ingest costs by allowing teams to automate heavy data-processing tasks directly within the data lake.
Scaling Expert Tribal Knowledge
One of the most profound implications of Blueprints is its ability to capture tribal knowledge. Security expertise is often locked in the heads of a few senior analysts. When a new analyst joins the team, they typically face a steep learning curve to understand the specific nuances of their environment.
With Blueprints, that seniority is encoded into the platform. A junior analyst can invoke a 'Lateral Movement Hunting Blueprint' that was designed by a veteran, inheriting the reasoning steps, query parameters, and investigative judgment of the original author. This democratization of expertise is likely the most significant force-multiplier for the modern SOC, which continues to struggle with a global talent shortage.
Looking Ahead: The Autonomous SOC
As we look toward the remainder of 2026, the launch of Blueprints marks a definitive step toward the Autonomous SOC. While human oversight remains essential for high-stakes decision-making, the rote work of data onboarding, detection tuning, and initial triage is being handed off to these natural-language-driven agents. For the enterprise, this means a shift in focus from 'managing tools' to 'defining outcomes.'