Cyber threats are becoming more sophisticated, and security vendors are responding with smarter, AI-driven tools that go beyond simple detection. This August, two notable launches—Elastic’s AI SOC Engine (EASE) and Black Kite’s Adversary Susceptibility Index (ASI)—show how the industry is leaning into context-aware solutions that turn intelligence into action. These releases mark a shift toward automating threat management, easing the load on security teams, and improving response without sacrificing accuracy.
Elastic AI SOC Engine Injects Context-Aware AI into Existing Defense Stacks
Elastic has launched its AI SOC Engine (EASE), a serverless, cloud-delivered solution designed to modernize Security Operations Center (SOC) workflows without requiring major infrastructure overhauls. By embedding Elastic’s AI and machine learning capabilities within existing SIEM (Security Information and Event Management) and Endpoint Detection and Response (EDR) tools, EASE transforms event triage and threat detection into a faster, more automated process.
Blending AI with Existing SIEM and EDR Tools
EASE does not require agents or system migration to begin functioning effectively. Instead, it offers:
- Agentless integrations for rapid rollout across platforms including Splunk, Microsoft Sentinel, and CrowdStrike.
- AI-powered alert correlation using Elastic’s “Attack Discovery” to automatically cluster and prioritize alerts.
- AI Assistant that helps SOC analysts uncover hidden, multi-stage attacks by connecting seemingly isolated security events.
This approach leverages Elastic’s broader Search AI platform—announced in 2024—as the foundation. That platform unifies retrieval-augmented generation (RAG) with large language models (LLMs) to offer hyper-relevant responses based on rich, operational data. The result is accelerated investigation pathways and substantial alert fatigue reduction.According to Santosh Krishnan, General Manager of Observability & Security at Elastic, the ability to surface “the few alerts that matter” allows analysts to focus their attention and act more decisively. Combined with transparent AI model selection and customizable dashboards, the system emphasizes operational impact and business value.
Designed for Immediate Operational Value
One of the key selling points of EASE is that it allows enterprise teams to enhance cybersecurity posture without a rip-and-replace approach. Rather than pushing organizations to abandon legacy tooling, Elastic injects AI into their existing workflow, embracing a hybrid model that’s both practical and scalable.Key technical features include:
- Attack correlation logic based on Elastic’s machine learning framework
- Context-aware decisions powered by proprietary LLMs
- Interactive dashboards to demonstrate AI effectiveness and ROI
These advancements align Elastic Security with the emerging trend of AI-driven security analytics solutions, marking a significant evolution beyond traditional, rule-based SIEM systems.
Black Kite’s Adversary Susceptibility Index Transforms Third-Party Risk Evaluation
While Elastic focuses on internal threat detection, Black Kite addresses a longstanding challenge for enterprise security teams: understanding and managing third-party risk. Their latest innovation, the Adversary Susceptibility Index (ASI), equips Third-Party Risk Management (TPRM) teams with predictive intelligence on which vendors are likeliest to be targeted by specific threat actor groups.
Moving from Passive Monitoring to Predictive Defense
ASI expands on Black Kite’s previous Ransomware Susceptibility Index (RSI) by:
- Mapping vendor exposure against specific threat actor TTPs (Tactics, Techniques, and Procedures)
- Identifying known vulnerabilities, misconfigurations, and behaviors—such as open RDP ports or historical stealer log leaks
- Continuously correlating this data with intelligence on active ransomware groups and state-aligned threat entities
This capability provides a new dimension in cybersecurity tools for 2025, empowering companies to pivot from generic risk ratings to tailored threat intelligence for each partner or supplier.Ferhat Dikbiyik, Black Kite’s Chief Research and Intelligence Officer, explains that ASI enables security teams to “immediately understand which vendors are most susceptible to groups like LockBit or ALPHV before a breach occurs.” The tool replaces traditional security questionnaires with automated intelligence, streamlining and hardening TPRM workflows.
Custom Risk Vectors by Industry and Geography
ASI also introduces refined sorting and filtering features to allow:
- Vendor prioritization by susceptibility to specific threat actors
- Industry-aware and geography-sensitive risk assessments
- Early, proactive engagement with at-risk suppliers
This allows organizations to tackle the problem of attack surface sprawl not by attempting to secure every vendor equally, but by focusing on the most likely intrusion pathways based on real adversarial TTPs.The ASI system integrates directly with trust portals and publicly available data on vendors, limiting the need for intrusive or time-consuming assessments.
A Shared Vision: Operationalizing AI for Real-Time Cyber Risk Management
Both Elastic and Black Kite demonstrate a broader shift in the cybersecurity industry: from static monitoring to proactive, intelligence-driven tooling. Whether augmenting internal SOC capabilities with AI assistants and smart alerting, or expanding supplier risk models to incorporate threat actor behavior, these releases reflect the importance of contextual awareness and automation in defending complex digital environments.For CISOs and security leaders, these infosec product releases provide:
- Modular upgrades that work with current tooling
- Immediate time-to-value via AI-powered insights
- Precision-driven threat prioritization and focused resource allocation
With adoption of AI in cybersecurity accelerating, tools like Elastic EASE and Black Kite ASI are poised to redefine standard practice. As security operations grow more adaptive and intelligence-aware, organizations that align their strategies with these advancements will be better positioned to anticipate and mitigate emerging threats.
