For more than a decade, SecOps teams have been overwhelmed by alerts, data gaps, fragmented tooling, and the limits of human capacity. Even the most advanced SOCs still operate with a simple truth: humans can’t investigate everything — and many threats never trigger an alert at all.
But what if that limitation disappeared?
In this episode of Scaling Cyber, Almog Ohayon shares how TandemTrace is pioneering autonomous threat hunting — not automation, not copilots, but AI agents fully capable of investigating, hypothesizing, correlating, and validating threats 24/7.
This isn’t a future promise.Almog and his team are already shipping it.
🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts
From Co-Pilot to Pilot: A Paradigm Shift in SecOps
When Almog co-founded Javelin Networks in 2014, cloud adoption was still debated and SaaS was barely a known concept. A decade later, he sees the same trust gap repeating — but this time with AI.
Yet the difference is profound:Today, AI can outperform humans in many SecOps workflows, especially alert triage and threat hunting.
Almog describes a fundamental mindset shift in his journey building TandemTrace:
* Early on, he thought AI would “assist” analysts.
* Two years later, he believes AI agents will lead — and analysts will supervise.
This shift isn’t just philosophical.It changes how products should be designed, how telemetry is ingested, how hypotheses are generated, and how investigations scale.
What Makes TandemTrace Different
While many vendors claim to offer “AI SOC” solutions, Almog explains that most still operate as glorified copilots or alert-enhancers.
TandemTrace, instead, focuses on:
1. Autonomous Threat Hunting
Agents build hypotheses on their own. They correlate threat intel with environment context. They re-analyze events without waiting for alerts. And they operate 24/7 without human fatigue.
The result:Every alert gets investigated — and so does everything that didn’t generate an alert.
2. Intelligent Telemetry Slicing
Instead of ingesting full data streams (too expensive for LLMs), TandemTrace slices only what’s relevant:
* 10 seconds from this host
* 20 seconds from that process
* Targeted correlations across sources
This precision turns overwhelming logs into actionable micro-snapshots.
3. Blind Spot Detection
The platform doesn’t just run agents — it tells you what visibility you’re missing and how that impacts false positives, threat coverage, and confidence.
For analysts, this is gold.
4. On-Prem Ready from Day One
Particularly critical in Europe, where data sovereignty is a blocker.Almog built for on-prem early after customer feedback — something most AI SOC vendors still haven’t addressed.
A Founder Who Builds Fast, Very Fast
Almog’s speed comes from a combination of:
* Domain expertise from Javelin Networks
* A willingness to pivot
* The use of Claude code and AI agents to accelerate development
* A product mindset shaped by real customer feedback
As he says:
“What used to take 50 developers can now be done by 5.”
For early-stage founders, this episode is a masterclass in building quickly, listening deeply, and iterating relentlessly.
The Market Response (and Curiosity)
Enterprises know AI will transform SecOps — they’re just unsure how.
TandemTrace benefits from:
* Widespread positive experiences with new AI tools
* Curiosity to test AI-native solutions
* A growing desire to reduce manual workload in SOCs
* Pressure to do more with less staff
Almog sees a trend:
Customers want to test immediately. Not read whitepapers. Not run slow evaluations. See the agents work in their environment.
And once they do, the value appears instantly.
“The Best Time Ever to Build”
Almog ends with a message to founders:
* Barriers to building have collapsed
* Claude code + AI tools make small teams unstoppable
* Domain expertise is the real differentiator
* Problems, not competition, should guide product choices
If you’re starting something in cyber — this is your moment.
About This Episode
Part of Season 1 of Scaling Cyber — the series spotlighting cyber founders and leaders building global companies outside the US/Israel hubs.
Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, founder of BridgerWise.Guest: Almog Ohayon, CEO & Co-Founder, TandemTrace.
