Command Zero Inc. has released new application programming interface (API) endpoints and a Model Context Protocol (MCP) server for its autonomous security operations center (SOC) platform. This allows customers to programmatically control threat hunts, investigations, and remediation processes, moving beyond the vendor's console.
The new endpoints integrate Command Zero's investigation engine into existing security orchestration, automation, and response (SOAR) playbooks and internal tooling. The MCP server enables AI agents to directly query the platform, manage cases, and build dashboards via a chat interface.
The release features four core API surfaces: investigation endpoints for managing threat hunts, business context endpoints for integrating data from systems like ServiceNow and HR, catalog and schema endpoints for querying entity types, and remediation endpoints for executing actions.
Use cases include SOAR playbooks that initiate investigations upon alert triggers, custom threat hunting frameworks that generate and run autonomous hunts based on threat intelligence, and automatic syncing of client business context for managed security service providers.
"This release puts Command Zero’s investigation engine in the hands of our customers and our technical alliance partners," stated co-founder and CEO Dov Yoran.
This move comes as security providers enhance agentic capabilities and new autonomous SOC platforms emerge. "Security leaders and architects are at an architectural juncture," noted Dave Gruber, principal analyst for cybersecurity at Omdia, highlighting that APIs and MCP allow customers to integrate autonomous investigations into existing workflows without major replacements.
Command Zero, a venture capital-backed startup, plans to expand its API offerings based on customer feedback and will publish sample integrations soon. The company has raised approximately $31 million in funding.