ThreatBook has launched two AI security products, Flocks and SafeSkill, as part of a broader rebrand at the cyber security company.
Flocks is aimed at security operations centres, while SafeSkill focuses on checking AI agent skills used inside enterprises. The products target two distinct pressures in cyber security: overloaded security teams and the risks created by wider corporate use of AI tools.
Flocks is an AI-native security operations platform that brings together investigations, workflows, tools, scheduling and governance in one system. It is intended to reduce alert backlogs, shorten investigations and limit the need for analysts to switch between multiple screens and systems.
The platform runs as a long-running agent session and can invoke specialist agents, skills and workflows as needed. It is open source and can be deployed inside a customer's own environment.
That approach is aimed at organisations that want to retain control over how large language models are used in security operations. Flocks stores no customer data and can run on models chosen by the customer, including sovereign deployments.
SafeSkill tackles a different problem. It is designed to inspect and evaluate AI agent skills that companies import for tasks such as information gathering, code writing and automated emails.
Its functions include inspection before import, marketplace filtering, download scanning and inventory remediation. The platform is positioned as a way to detect tampering or hidden risks in third-party AI skills before those tools are used inside an organisation.
Two fronts
The launch reflects a broader shift in cyber security, as vendors apply generative AI and agent-based systems to defensive work while also responding to new attack paths created by the same technology. Security teams are under pressure to process growing volumes of alerts, while companies are also starting to treat AI tools and AI supply chains as assets that need their own controls.
Both Flocks and SafeSkill sit on top of ThreatBook's existing security stack, which includes machine learning, threat intelligence and other security tools. Within that structure, Flocks adds an agentic layer for security operations, while SafeSkill is aimed at AI governance and supply chain security.
ThreatBook also linked the products to its broader threat intelligence work, saying they provide threat visibility across the enterprise and draw on a system that examines more than 14 billion attack records each day.
Commenting on the strain of fragmented security operations, Chase Li said analysts are often forced to work across too many disconnected tools.
"All too often, SOC team members are frantically searching for a wide range of tools, while switching between multiple screens, systems and workstations. This has become the norm today - as have the security gaps that emanate this complicated way of working," said Chase Li, Co-founder and Managing Director for International Business, ThreatBook.
He said Flocks is designed to replace that model.
"Flocks replaces this paradigm with single, easily-manageable and unified threat intelligence solution that's open source - enabling agents to understand a multitude of tasks simultaneously, while organizing capabilities proactively, and turning work into reusable organizational assets. Flocks allows security professionals to build their own neural networks to further empower their security operations, which underscores the immense capabilities the solution brings to enterprises," said Li.
Li added that the system is designed to run inside the enterprise environment.
"In other words, Flocks is not traditional software or a static platform: it is a security-trained, agentic Tier-1 analyst. It deploys inside the enterprise environment, stores zero customer data, and runs on the customer's chosen LLMs, including sovereign deployments. Security teams train it through natural language, and it can be extended with custom specialist agents tuned to the roles each SOC needs," said Li.
AI skill risks
SafeSkill addresses growing concern that AI agent skills can be manipulated to expose credentials, alter outputs or create hidden access routes into enterprise systems. As businesses rely more on pre-built skills and integrations, scrutiny of those components is becoming part of software supply chain security.
ThreatBook said its curated Skill Hub contains more than 100,000 verified skills. SafeSkill is being used to identify hidden threats in those skills and support AI supply chain defences.
Feng Xue linked the product to a rise in attacks involving tampered AI skills.
"Increasingly, attackers are leveraging skill tampering to hijack identities, steal API secrets, and implant backdoors, among a whole host of other nefarious acts. These highlight the acute vulnerability of today's AI agent skills, and outline the pressing need for these to be shielded from such threats," said Feng Xue, Co-founder and Chief Executive Officer, ThreatBook. "SafeSkill's curated Skill Hub already holds over 100,000 verified Skills, and we continue to deploy SafeSkill to identify new, hidden threats in skills, while significantly bolstering AI supply chain defenses."
The twin product launch marks a new stage in ThreatBook's development as it expands beyond its earlier security tools and threat intelligence services.
"Flocks and SafeSkill exemplify both the precision and ease with which security operations are now able to precisely detect and respond to today's myriad of severe and fast-evolving threats. They also demonstrate the deep threat intelligence capabilities ThreatBook brings to our customers, not only in the AI-powered security space, but also across AI security and governance, and broader security services as well," said Xue.