AI Agents AI Gadgets & HW AI Models - LLM AI Open Source AI Security AI for Coding AI for Gaming AI for Images AI for Music AI for Videos Artificial Intelligence Editor's Choice NVIDIA AI Other News Robotics Tech Face-off Tech Satire

ThreatBook Unveils Flocks and SafeSkill AI Security Platforms

By Artūras Malašauskas May 07, 2026 5 min read Share:
ThreatBook launches two AI-native security products targeting SOC workload reduction and AI agent supply chain risks amid broader company rebrand.

The cybersecurity firm ThreatBook has introduced two new AI security products, Flocks and SafeSkill, as part of a broader company rebrand. The announcement came on May 7, 2026, positioning the vendor to address two distinct pressures in modern security operations: overloaded security teams and the risks created by wider corporate use of AI tools.

Flocks is an AI-native security operations platform designed for security operations centres. It consolidates investigations, workflows, tools, scheduling and governance into one system. The platform runs as a long-running agent session and can invoke specialist agents, skills and workflows as needed. It is open source and can be deployed inside a customer's own environment.

That deployment model matters for organisations that want to retain control over how large language models are used in security operations. Flocks stores no customer data and can run on models chosen by the customer, including sovereign deployments. This approach directly addresses data sovereignty concerns that have become non-negotiable for many enterprises (a problem that has plagued users for years, frankly).

According to ThreatBook's official press release, the platform is designed to reduce alert backlogs, shorten investigations and limit the need for analysts to switch between multiple screens and systems. The physical reality of SOC work involves constant context switching—clicking between SIEM consoles, ticketing systems, threat intelligence feeds, and communication tools. Flocks aims to collapse that friction into a single interface.

Chase Li, Co-founder and Managing Director for International Business at ThreatBook, said analysts are often forced to work across too many disconnected tools. "All too often, SOC team members are frantically searching for a wide range of tools, while switching between multiple screens, systems and workstations. This has become the norm today - as have the security gaps that emanate this complicated way of working," Li stated.

Li added that Flocks replaces this paradigm with a single, easily-manageable and unified threat intelligence solution that's open source. The system is designed to run inside the enterprise environment, storing zero customer data and running on the customer's chosen LLMs. Security teams train it through natural language, and it can be extended with custom specialist agents tuned to the roles each SOC needs.

SafeSkill tackles a different problem entirely. It is designed to inspect and evaluate AI agent skills that companies import for tasks such as information gathering, code writing and automated emails. Its functions include inspection before import, marketplace filtering, download scanning and inventory remediation. The platform is positioned as a way to detect tampering or hidden risks in third-party AI skills before those tools are used inside an organisation.

ThreatBook said its curated Skill Hub contains more than 100,000 verified skills. SafeSkill is being used to identify hidden threats in those skills and support AI supply chain defences. This addresses growing concern that AI agent skills can be manipulated to expose credentials, alter outputs or create hidden access routes into enterprise systems.

Feng Xue, Co-founder and Chief Executive Officer of ThreatBook, linked the product to a rise in attacks involving tampered AI skills. "Increasingly, attackers are leveraging skill tampering to hijack identities, steal API secrets, and implant backdoors, among a whole host of other nefarious acts. These highlight the acute vulnerability of today's AI agent skills, and outline the pressing need for these to be shielded from such threats," Xue said.

The twin product launch reflects a broader shift in cyber security. Vendors are applying generative AI and agent-based systems to defensive work while also responding to new attack paths created by the same technology. Security teams are under pressure to process growing volumes of alerts, while companies are also starting to treat AI tools and AI supply chains as assets that need their own controls.

Both Flocks and SafeSkill sit on top of ThreatBook's existing security stack, which includes machine learning, threat intelligence and other security tools. Within that structure, Flocks adds an agentic layer for security operations, while SafeSkill is aimed at AI governance and supply chain security. ThreatBook also linked the products to its broader threat intelligence work, saying they provide threat visibility across the enterprise and draw on a system that examines more than 14 billion attack records each day.

Independent reporting from SecurityBrief Asia corroborates the product specifications and executive quotes. The coverage confirms the launch date and the strategic positioning of both products within ThreatBook's broader portfolio.

ThreatBook has been recognized as a Strong Performer in the 2025 Gartner Peer Insights Voice of the Customer for Network Detection and Response for the third consecutive year. The company claims to track 200+ APT groups and identify 80M+ malicious IPs daily. These metrics matter because they establish the intelligence backbone that powers both Flocks and SafeSkill.

The products exemplify both the precision and ease with which security operations are now able to precisely detect and respond to today's myriad of severe and fast-evolving threats. They also demonstrate the deep threat intelligence capabilities ThreatBook brings to customers, not only in the AI-powered security space, but also across AI security and governance, and broader security services as well.

Whether enterprises actually adopt these tools at scale remains the real question. The market is crowded with AI security promises, and many organizations are still figuring out how to integrate AI agents into their existing workflows without introducing new vulnerabilities. The open-source nature of Flocks may help with adoption, but the real test will be whether it actually reduces the cognitive load on SOC analysts rather than adding another layer to manage.

The launch marks a new stage in ThreatBook's development as it expands beyond its earlier security tools and threat intelligence services. Both products represent a shift from passive monitoring to active, agentic response. That's a meaningful change in how security operations function, but it also introduces new complexity that teams will need to learn to manage.

Arturas Malas Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn
Share:

Comments

Sign in to comment:
    <