SOC-as-a-service provider e2e-assure has announced the launch of the updated Cumulo, the UK’s only sovereign, AI-first, IT/OT connected SOC platform, designed to help organisations defend against a new generation of AI-driven threats, where adversaries increasingly operate with autonomy and speed that traditional SOC models were not built to counter.
The UK-owned and developed proprietary platform answers the recent call by GCHQ Director Anne Keast-Butler for “a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence” by creating a truly sovereign solution for e2e-assure’s SOC services.
With AI natively integrated throughout the platform, the technology can build context continuously as security data is generated, taking detection and response to new levels and facilitating ground-breaking defence capabilities. The SIEM remains the system of truth: a deterministic, evidence-grade record of every event, while AI runs as a parallel capability on top of it.
Cumulo introduces the zero-day SOC, meaning that live/new threat intelligence can be applied immediately as detection rules, eliminating the risk from emerging threats. It combines predictive modelling capability with sovereign local AI models and expert human oversight for millisecond detection of known and emerging indicators of compromise. This is performed while ensuring SC-cleared security teams remain at the core of every decision and maintaining a ‘human in the loop’ structure, avoiding AI autonomy.
“Cumulo represents a shift away from traditional SOC and SIEM environments that are largely human-centric and reactive because they rely on sequential alert triage and retrospective investigation. Instead, Cumulo uses an AI-first security operating system,” said Rob Demain, CEO of e2e-assure. “Threats are now moving faster than human-led workflows can keep pace with, leaving security teams struggling. At the same time, many AI approaches in security are still constrained by legacy architectures that force them to rebuild context after the fact. We built Cumulo to change that by continuously building understanding as data is generated, while keeping expert analysts at the centre of decision-making.”
The Cumulo platform provides a continuously maintained digital twin of each customer environment via passive discovery across IT and operational technology (OT) systems, enabling safe attack simulation, risk identification before exploitation, and immutable preservation of analytical integrity. This is particularly valuable within operational technology and critical infrastructure environments where live testing is often impractical or carries unacceptable operational risk.
The customer-dedicated local large language models (LLMs) are deployed within sovereign environments and trained on each organisation’s specific environment to enable accurate, context-aware reasoning that reflects the realities of each customer estate. Because inference occurs within customer-controlled infrastructure, organisations retain full sovereignty over sensitive security data and reduce reliance on external cloud AI services. This sovereignty is not only a compliance consideration but, for industries such as CNI, an operational necessity. Defensive AI capabilities that depend on third-party infrastructure can be subject to disruption or access restrictions beyond an organisation’s control. By keeping models local, organisations ensure their defensive capability remains available regardless of external circumstances.
“For organisations responsible for critical national infrastructure and essential services such as energy, water, transport, telecommunications, and government operations, resilience isn’t just about identifying threats faster; it’s about ensuring your ability to defend remains intact during a crisis,” added Demain.
“As more security capabilities move into the cloud, questions around sovereignty, dependency, and operational continuity continue to mount. For organisations operating in regulated or high-dependence environments, reliance on external AI infrastructure can introduce risks around data residency, transparency, and continued access to critical defensive capabilities. Cumulo addresses these challenges by keeping sensitive operational knowledge within customer-controlled environments, reducing exposure to external disruption and helping organisations maintain visibility and cyber defence capability even during major incidents, connectivity outages, or wider infrastructure disruption.”
Cumulo also introduces a layered AI architecture that separates sensitive operational reasoning from broader intelligence and research capability. A local model layer handles environment-specific detection and analysis, a security intelligence layer aggregates and correlates threat data at scale, and a frontier model layer is used for non-sensitive enrichment and broader analytical tasks. This structure ensures that sensitive data remains contained while still enabling advanced AI capability where appropriate, supporting both compliance and performance requirements.
To address the growing volume of security data, Cumulo uses multiple AI models that cross-check every investigation from different perspectives, building an auditable view of each alert, known as the Cumulo Analyst Helper (CAH). An anti-hallucination layer validates findings against threat intelligence and deterministic detection engines before results reach an analyst. The customer’s own security and operations experts, who understand their estate and risk appetite, remain in the loop throughout. The platform carries the volume so people are free for the high-value judgement.
Cumulo is being introduced through a multi-tier product model designed to support different stages of security maturity and organisational need. Standard delivers a proactive SOC capability, providing AI-driven investigation and autonomous threat hunting that detects by behaviour rather than signature alone, alongside threat intelligence, centralised reporting, and compliance dashboards. Enterprise extends the platform into a predictive SOC, adding unified IT and OT monitoring, digital twin capability, live compliance dashboards, and advanced cross-environment correlation for complex environments requiring deeper operational insight. This predictive model continually stress tests an evidence-accurate twin of your estate, ranks and costs the fixes, and closes the gaps before a real attacker arrives.
For more information visit: www.e2e-assure.com/cumulo.
