Executive Summary

At RSA Conference 2026, Singapore-based cyber AI firm Protos Labs announced the launch of a freemium version of its agentic AI platform, Protos AI, for cyber threat intelligence (CTI). The platform employs specialized AI agents to automate and scale threat investigations, augmenting human analyst teams. This move challenges the established CTI market by lowering the barrier to entry for sophisticated threat analysis, making it accessible to organizations of all sizes. The freemium offering allows security teams to perform critical tasks like vulnerability prioritization and BEC campaign analysis without significant upfront investment. Protos Labs claims its platform can deliver 15 times faster threat analysis and reduce program costs by 30%, positioning AI as a necessary component of modern cyber defense.

Product Overview

Protos AI is an agentic AI platform designed to streamline the cyber threat intelligence lifecycle. Unlike general-purpose AI assistants, Protos AI deploys a team of coordinated AI agents, each assigned a specific role in an investigation:

• Planner Agent: Defines the scope and plan for an investigation.
• Collector Agent: Gathers evidence from various internal and external sources.
• Analyst Agent: Synthesizes the collected data to identify patterns and insights.
• Reporter Agent: Compiles the findings into a structured, human-readable report.

This structured approach allows the platform to handle routine, time-consuming tasks at scale, freeing up human analysts to focus on strategic decision-making and complex threat validation. The platform maintains a human-in-the-loop model, where analysts approve investigation plans and validate the final outputs, ensuring accuracy and control.

The platform is designed to be vendor-neutral, integrating with an organization's existing security tools and supporting a variety of Large Language Models (LLMs), including Azure OpenAI, Anthropic's Claude, and Google Gemini. It offers flexible deployment options, including public cloud, on-premise, and restricted (air-gapped) environments.

Market Impact

The introduction of a powerful, freemium CTI platform could significantly disrupt the threat intelligence market, which has traditionally been dominated by high-cost subscription services. By democratizing access to AI-driven analysis, Protos Labs is enabling small and medium-sized businesses (SMBs) to build a credible CTI capability that was previously out of reach.

For large enterprises, Protos AI offers a way to augment their existing SOC and CTI teams, automating repetitive tasks and reducing analyst burnout. The platform's ability to deliver faster analysis (a claimed 15x improvement) and lower costs (a claimed 30% reduction) is a compelling value proposition in an environment where security budgets are under constant scrutiny.

This launch reflects a broader industry trend, as highlighted by a late 2025 Futurum Group survey, which found that 62.1% of security leaders now view AI-powered defense as a necessity, not a luxury. Protos Labs is entering the U.S. market with proof-of-concept deployments already underway in the banking, financial services, and manufacturing sectors, indicating strong initial interest.

Use Cases and Features

The freemium version of Protos AI supports several key use cases:

• Vulnerability Prioritization: Analyzing newly disclosed vulnerabilities to determine their relevance and risk to the organization's specific environment.
• Business Email Compromise (BEC) Analysis: Investigating BEC campaigns to identify attacker TTPs and infrastructure.
• Credential Exposure Monitoring: Monitoring for and analyzing exposed credentials to prevent account takeover attacks.

The platform's agentic architecture allows it to perform structured, repeatable investigations, ensuring consistency and thoroughness. Human oversight remains a critical component, with analysts guiding the AI and validating its conclusions, blending the speed of machine automation with the nuance of human expertise.

Mitigation and Security Operations Value

While Protos AI is a tool and not a direct mitigation, its capabilities support several key defensive functions:

• Improved Situational Awareness: By automating data collection and analysis, the platform provides security teams with a faster, more comprehensive understanding of the threat landscape, enabling more effective implementation of mitigations like M1051 - Update Software by prioritizing the most critical patches.
• Accelerated Incident Response: The platform can rapidly analyze artifacts from an incident, such as malicious emails or IOCs, providing context that helps responders act more quickly and effectively. This supports the 'Detect' and 'Analyze' phases of incident response.
• Proactive Threat Hunting: Security teams can use Protos AI to investigate hypotheses and hunt for threats within their environment, turning raw intelligence into actionable search queries for SIEM and EDR tools. This aligns with the principles of M1047 - Audit.

Ultimately, tools like Protos AI aim to help organizations move from a reactive security posture to a more proactive and predictive one, leveraging AI to stay ahead of adversaries.