Dropzone AI has released the AI Threat Hunter, its newest AI agent that enables security teams to proactively search for threats across their environments around the clock. The AI Threat Hunter is the next agent joining the Dropzone’s Agentic SOC team, expanding what AI agents can do across the full spectrum of detection and response.
This new capability is designed to work seamlessly alongside SOC analysts, both human and autonomous, expanding security analytical capacity across the SOC, and will be generally available in Summer 2026.
Security teams have long recognized the importance of proactive threat hunting; however, thorough hunting requires time, specialized expertise, and investigation across multiple tools. A single hunt can take up to 40 hours of cross-tool investigation, and most security operations centers are forced to prioritize daily alert responses over proactive hunts.
As a result, many teams can only conduct threat hunts occasionally, leaving threat hunting limited to the largest and most resourced SOCs. This is where the AI Threat Hunter makes a difference, enabling teams, big or small, to run continuous hunts across their environments while human analysts remain focused on strategy and high-value projects.
Key capabilities of the AI Threat Hunter include:
- 1-click autonomous hunting across the entire security stack: Select from 250+ pre-built hunt packs or describe a custom hunting objective and the agent builds one on demand. The agent then spends the next 60-90 minutes performing federated searches across SIEM, EDR, cloud, and identity platforms, processing hundreds of thousands of rows of telemetry from across the environment.
- AI-driven analysis of large security datasets: The agent iteratively analyzes and filters large telemetry datasets, documenting every filter step and the reasoning behind it, to surface the anomalies that warrant deeper investigation. In one real-world hunt, 464,000 events were reduced to 9 fully investigated findings.
- Automated investigation of suspicious activity: Each anomaly is investigated across connected security tools (EDR, SIEM, identity providers, IP reputation services) with every evidence source and conclusion documented. The agent conducts multiple investigations in parallel, classifying each finding as urgent, notable, or informational.
- Broad threat hunting coverage: Ships with 250+ pre-built hunt packs including one for every MITRE ATT&CK technique plus operational packs covering cloud, identity, endpoint, and user behavior anomalies such as OAuth consent grant abuse, unauthorized RMM tools, and legacy MFA gaps as security signals.
- Vendor-agnostic: Hunt definitions are vendor-agnostic by design: The same pack works across Microsoft Sentinel, Splunk ES, CrowdStrike, and any connected platform without rewriting a single query.
- Actionable security posture insights with every hunt: Beyond threat detection, every hunt surfaces visibility gaps, detection opportunities, misconfigurations, and policy violations—delivering measurable security improvements even when no active threats are found.
“For too long, proactive threat hunting has been limited by manual workflows, fragmented tools, and the cost of doing it even once a day,” said Edward Wu, CEO of Dropzone AI. “24/7 threat hunting has simply not been realistic for 99% of organizations. Today, LLM-powered software can replicate expert hunting intuition and techniques at scale, allowing our AI Threat Hunter to bring continuous, autonomous expert-level hunting within reach without adding headcount. This is another important step toward the Agentic SOC and for the vast majority of organizations that could never staff a dedicated threat hunter, it makes continuous hunting possible for the first time.”
The AI Threat Hunter is built to work in concert with the other agents on the Dropzone AI team. When the AI Threat Intel Analyst detects an emerging threat (a new CVE, a trending threat actor campaign), it automatically builds a hunt pack and hands it directly to the AI Threat Hunter. The result is continuous, autonomous coverage: a zero-day vulnerability surfaces on a Sunday night, and by the time analysts arrive Monday morning, a complete hunt report is already waiting.
Every hypothesis, query, filtering, and finding generated during a hunt is logged and auditable, giving teams full visibility into how conclusions are reached. This coordinated workflow helps organizations identify risks earlier and discover threats faster across their entire environment.
“Dropzone’s AI Threat Hunter performs federated hunts in 1 hour that would take humans up to 40 hours,” said Dropzone AI customer Andrew Marsh, Director of Information Security of Indiana Farm Bureau Insurance. “Now we can hunt continuously across our environment without pulling analysts away from other priorities.”
