Command Zero - 92% of organizations lack standardized cyber investigation processes, Command Zero research reveals

Command Zero Press Release

Command Zero Accelerates SecOps Pipelines with APIs and MCP Server

04/29/2026

‍

New endpoints let Security Operations teams build their own tools and embed autonomous

investigations into existing pipelines.

‍

AUSTIN, TX — April 29, 2026 — Command Zero today released a broad set of API endpoints and a Model Context Protocol (MCP) server for its Autonomous & AI-Assisted SOC platform. Customers can now drive threat hunts, investigations, manage business context, and trigger remediation programmatically by connecting to Command Zero’s LLM-based agents.

“With aggressive growth in the availability of agentic SecOps capabilities, security leaders and architects are at an architectural juncture – facing a decision to either adopt agentic feature sets being added to existing security tools and platforms, or to instead invest in net-new autonomous SOC platforms – further increasing complexity to an already overwhelming SecOps tools environment. Command Zero is solving this architectural challenge, adding APIs and MCP server access to powerful autonomous investigation capabilities that can be woven into existing tools, workflows, and UI.” -Dave Gruber, Principal Security Analyst at Omdia

SOCs consist of dozens of separate tools and need seamless connectivity between tools to overcome complexity. With API endpoints and MCP servers, customers can wire the Command Zero platform into their SOAR playbooks, orchestration pipelines, and internal tooling without waiting on vendor roadmaps. Technical alliance partners can build integrations in minutes.

‍

What's in the release

‍

Investigation APIs. List, start, extend, update, and retrieve investigations against any investigation template.
Business context APIs. List, upload, and retrieve context at scale. Pull data in from ServiceNow, CTEM platforms, HR systems, and other sources — no manual console entry.
Catalog and schema APIs. Query entity types, data sources, and investigation templates to align external systems with the platform's data model.
Remediation APIs. List remediation templates and execute remediation actions from external systems.
MCP server. A wrapper around the APIs that lets Claude and other MCP-compatible agents query Command Zero directly. Analysts can run health checks, list investigations, triage open cases, and build custom dashboards from an AI chat interface.

‍

^"Opening Command Zero’s advanced investigation engine to developers changes what's possible. Teams can now use advanced capabilities of the platform as the substrate for custom threat hunting frameworks, CTI-driven analysis, and bespoke tooling. The MCP server extends that to AI agents — which matters as agentic SecOps moves from pitch decks to day-to-day practice." - Richard Stiennon, Chief Research Analyst at IT-Harvest

‍

What customers can build

SOAR playbooks that start a Command Zero investigation the moment an alert fires, then feed upstream response data back into the case as it develops.
Custom threat hunting frameworks that ingest threat intelligence, generate hypotheses, deploy them as questions in Command Zero, and run autonomous hunts on a schedule.
Internal SOC dashboards built in Claude that summarize weekly activity, automation rates, and open investigations in natural language.
MSSPs syncing client business context across tenants automatically, instead of populating each environment by hand.

‍

"The best security platforms are the ones teams can build on. This release puts Command Zero's investigation engine in the hands of our customers and our technical alliance partners. They can wire us into their pipelines, extend us with their own flows, and connect us to the AI agents working collaboratively with their analysts. That is how a platform earns its place in the SOC. These APIs and MCP servers unlock a new class of joint solutions with our partners." — Dov Yoran, Co-founder and CEO, Command Zero

‍

What's next

Richard Stiennon, Chief Research Analyst at IT-Harvest

The current release covers the core surface customers need to start building. More API endpoints will follow, shaped by anchor customers’ and partners’ feedback. Command Zero will also publish sample integrations and reference implementations in the weeks following the launch.

‍

About Command Zero

Command Zero is the Autonomous & AI-Assisted SOC platform, built to transform security operations in complex enterprise environments. The platform accelerates threat hunting, triage, analysis and response. Command Zero enables all users to perform at the highest level by ensuring consistent, repeatable, auditable investigations with automated reporting.

‍

Command Zero was named a Top 10 Finalist in the 2025 RSA Innovation Sandbox and serves some of the largest organizations in the world. The company is headquartered in Austin, TX with presence in Calgary Alberta, Canada.

Learn more at https://www.commandzero.ai and follow the Command Zero LinkedIn page.

‍