Cyber investigations platform provider Command Zero Inc. today released a set of application programming interface endpoints and a Model Context Protocol server for its autonomous security operations center platform that allows customers to drive threat hunts, investigations and remediation programmatically rather than through the vendor’s console.

The new endpoints let security operations teams wire Command Zero’s investigation engine into their existing security orchestration, automation and response playbooks, orchestration pipelines and internal tooling. The MCP server wraps the same APIs so that MCP-compatible artificial intelligence agents can query the platform directly, run health checks, triage open cases and build dashboards from a chat interface.

The release covers four core API surfaces. Investigation endpoints let teams list, start, extend, update and retrieve investigations against any investigation template, while business context endpoints pull data in from ServiceNow Inc., continuous threat exposure management platforms, human resources systems and other sources at large scale, removing the need for manual console entry.

Catalog and schema endpoints query entity types, data sources and investigation templates and remediation endpoints list templates and execute actions from external systems.

Use cases include security orchestration and automation and response playbooks that start an investigation the moment an alert fires. There are also custom threat hunting frameworks that generate hypotheses from threat intelligence and run autonomous hunts on a schedule. And managed security service providers can sync client business context across tenants automatically.

“The best security platforms are the ones teams can build on,” said co-founder and Chief Executive Dov Yoran. “This release puts Command Zero’s investigation engine in the hands of our customers and our technical alliance partners.”

The launch lands as security providers race to add agentic capabilities to existing tools while a wave of new autonomous security operations center platforms competes for the same budget. “Security leaders and architects are at an architectural juncture,” said Dave Gruber, principal analyst for cybersecurity at Omdia. He added that opening up investigation capabilities through APIs and MCP lets customers weave autonomous investigations into existing tools and workflows rather than ripping and replacing them.

The release today covers the core surface that Command Zero says that its customers need to start building, but they are just the beginning. The company is planning to release more API endpoints shaped by anchor customers’ and partners’ feedback. Command Zero will also publish sample integrations and reference implementations in the coming weeks.

Command Zero is a venture capital-backed startup that has raised about $31 million in funding, including $21 million when it launched in July 2024. Investors in the company include Andreessen Horowitz, Insight Partners, Okta Ventures, SE Ventures and Crosspoint Capital.

Image: Command Zero