In January 2026, Torq announced a $140 million Series D round led by Merlin Ventures, pushing its valuation to $1.2 billion and bringing total funding to $332 million. The headline isn’t the round itself — cybersecurity unicorns close mega-rounds regularly. What matters is what the money funds: the consolidation of a new category that Torq is actively defining, the AI Security Operations Center. Five years after launch, the Israeli startup founded by Luminate and Twistlock alumni has become the reference point for what comes after SOAR, with Fortune 500 clients including Marriott, PepsiCo, Procter & Gamble, Siemens, Uber, and Virgin Atlantic running autonomous security operations on its platform.
From Hyperautomation Startup to a $1.2B Cybersecurity Unicorn
Torq was founded in 2020 by Ofer Smadari, Eldad Livni, and Leonid Belkind, three operators with deep pedigree: Smadari co-founded Luminate (acquired by Symantec), and the team had previously shipped Twistlock (acquired by Palo Alto Networks for ~$410M). The founding bet was specific. SOAR — the existing category for security orchestration, automation, and response — had structural problems. Long deployment cycles, brittle playbooks, a reliance on professional services, and a stubborn refusal to handle the volume and complexity that modern SOCs actually generate. Torq’s pitch was a no-code, any-code hyperautomation platform that could replace SOAR rather than coexist with it.
The growth curve has been steep. In 2023, the company reported 300% revenue growth and 500% customer growth, hitting $120 million in total funding. By September 2024, a $70 million Series C closed at $192 million cumulative. Sixteen months later, the Series D pushed total capital raised past $332 million. The numbers map to a clear product narrative: legacy SOAR is being displaced, and Torq has won the early innings of the replacement market.
| Milestone | Year | What it signaled |
|---|---|---|
| $50M founding round | 2021 | Validation of the post-SOAR thesis |
| Launch of Socrates AI Agent | 2023 | First AI agent to autonomously close Tier-1 tickets |
| 300% revenue growth + IDC and GigaOm validation | 2023 | Analyst-grade legitimacy |
| $70M Series C (Evolution Equity Partners) | 2024 | Scale-up capital for enterprise expansion |
| HyperSOC 2.0 launch + RevRod acquisition | 2025 | Multi-agent architecture, native MCP support |
| $140M Series D, $1.2B valuation | 2026 | Category leadership in the AI SOC space |
What Makes Torq’s AI SOC Platform Different
Three architectural choices separate Torq’s platform from both legacy SOAR vendors and from the broader “AI-for-security” category that includes CrowdStrike, Palo Alto Networks, and Fortinet.
- Any-code, not low-code: Security engineers can build complex workflows visually, but they can also drop into Python or JavaScript when the use case demands it. Legacy SOAR forced teams to choose between rigid templates and brittle custom code. Torq treats both as first-class.
- Agent-first, not playbook-first: The platform is built around autonomous AI agents that reason about alerts in real time, not around pre-defined playbooks that have to be maintained as the threat landscape shifts.
- Native MCP support: HyperSOC 2.0 supports the Model Context Protocol natively, which means agents can plug into external tools, knowledge bases, and identity systems without the brittle API plumbing that defined the SOAR era.
These choices reflect the broader shift documented in our analysis of AI advancements in cybersecurity — the move from rule-driven automation to agentic systems that make context-aware decisions.
Socrates and Multi-Agent AI: The End of Legacy SOAR
Torq’s signature AI agent, Socrates, launched in 2023 and is positioned as cybersecurity’s first true Tier-1 analyst AI. The performance claim Torq publishes is concrete and measurable: Socrates closes ~90% of Tier-1 tickets autonomously, freeing human analysts to focus on Tier-2 and Tier-3 work. For SOCs drowning in alert fatigue — a real and chronic operational problem — that ratio is the difference between a sustainable team and a burned-out one.
HyperSOC 2.0, launched in 2025, extends the single-agent model to a multi-agent system. Instead of one general-purpose AI handling triage, specialized agents now coordinate across the alert lifecycle: enrichment, classification, correlation, response, and post-incident analysis. The strategic acquisition of RevRod in 2025 added depth to the multi-agent stack and accelerated the path to what Torq calls “100% triage” — the goal of zero unhandled alerts.
Customer Adoption: How Torq Embeds in Fortune 500 Security Operations
Torq’s customer list reads like a directory of global enterprise. The published roster spans hospitality (Marriott, Chipotle), consumer brands (PepsiCo, Procter & Gamble), industrial (Siemens), mobility (Uber, Rivian), travel (Virgin Atlantic, Agoda), finance (Blackstone, Nubank), and the cybersecurity industry itself (Check Point, SentinelOne, Armis, Wiz, Abnormal Security).
The Check Point case is the most telling. A pure-play cybersecurity vendor adopting another vendor’s platform internally is the strongest possible signal of product credibility. Internal SOC teams at Check Point use Torq to autonomously triage and remediate security events at scale — meaning Torq’s platform is good enough to be trusted by people who build security products for a living.
The adoption pattern Torq describes as “bottom-up” matters here. Unlike legacy enterprise security purchases driven by CISO mandates and 18-month procurement cycles, Torq is being adopted by SOC engineers who build agents themselves, prove value within weeks, and pull the platform up the budget chain. This is the same go-to-market motion that powered Datadog, HashiCorp, and Snyk — and it tends to produce durable, expansion-heavy revenue.
The Branding Play: Disrupting Cybersecurity’s Visual Conformity
Cybersecurity has a brand problem. Walk the floor of RSAC or Black Hat and you’ll see hundreds of booths in the same visual register: navy blue, hexagons, generic stock photography of padlocks and circuit boards, taglines about “next-generation threats.” Torq decided early that this was an opportunity, not a constraint.
At RSAC 2025, Torq’s booth featured Monster Jam’s Grave Digger truck — an actual monster truck, parked on the conference floor, surrounded by a brand identity that borrows from streetwear and motorsports more than enterprise software. The booth won the show’s Best Emerging Tech recognition, and Forbes labeled Torq a cybersecurity standout. The Grave Digger wasn’t a stunt; it was a deliberate statement that this category isn’t going to be defined by the visual language of the people who lost the last era.
- Conference presence: RSAC and Black Hat presences engineered to break visual norms rather than blend into them.
- Brand voice: Direct, confrontational, occasionally irreverent. Public messaging openly calls SOAR “buried.”
- Cultural references: Streetwear-inspired merchandise, motorsports tie-ins, and visual identity that signals to younger SOC engineers more than to traditional CISOs.
The strategy parallels what AlienVault did with the OTX community before its 2018 acquisition by AT&T, but Torq is careful not to conflate aesthetic boldness with commercial certainty. Leadership repeatedly anchors public messaging to performance metrics — adoption, retention, autonomous closure rates — rather than to the brand itself. The branding is a recruitment magnet and a category-signaling device, not the product. This is consistent with the patterns covered in our analysis of cybersecurity market trends.
Torq vs CrowdStrike, Palo Alto, and Wiz: Where the AI SOC Sits in the Stack
The most common misconception about Torq is that it competes head-on with the major cybersecurity platforms. It doesn’t. Torq sits on top of them, orchestrating their outputs and automating response. Understanding where the AI SOC fits in the modern security stack clarifies why Torq has been able to grow without picking direct fights with $50B+ incumbents.
| Vendor | Core focus | Where it sits in the SOC | Relationship to Torq |
|---|---|---|---|
| Torq | AI SOC, hyperautomation, agentic AI | Orchestration and response layer | — |
| CrowdStrike | Endpoint detection & response (EDR) | Detection layer | Integrates as a data source |
| Palo Alto Networks | Network security, XSIAM, XSOAR | Network + competing SOAR | Partial overlap; Torq displaces XSOAR deployments |
| Fortinet | Network and firewall security | Detection and prevention | Integrates as a data source |
| Wiz | Cloud security posture management | Cloud detection layer | Customer; uses Torq internally |
| Okta | Identity and access management | Identity layer | Integrates as a data source and action target |
The real competitive frontier sits between Torq and other automation-layer vendors: Tines, Swimlane, Splunk SOAR, Sumo Logic, and Palo Alto’s XSOAR. The strategic question for buyers is whether to consolidate on a single legacy SOAR (typically already deployed and underperforming) or to migrate to a purpose-built AI SOC like Torq. The Series D round is, in part, a bet that the market has already answered that question.
The Agentic AI Era and What It Means for the SOC
Torq’s CEO Ofer Smadari frames the company’s mission around what he calls the “Agentic AI Era” — a structural shift in how security operations work, not a marketing label. The argument is straightforward: the volume of alerts a modern SOC handles has outpaced human capacity by an order of magnitude, and no amount of staffing or process refinement will close the gap. Only autonomous agents that can reason, act, and learn at machine speed can.
The implications are concrete:
- Tier-1 analyst roles will compress. Repetitive triage work, currently the entry point for most SOC careers, is moving to agents. Career paths into security will shift toward agent design, threat hunting, and adversarial research.
- SOC headcount won’t drop — but its composition will change. Teams will get smaller and more senior, with each analyst supervising a fleet of agents rather than personally triaging alerts.
- Vendor consolidation accelerates. Companies running 30-50 security tools will need an orchestration layer that talks to all of them. The AI SOC sits in that position.
- Compliance and audit reshape around agent decisions. “An AI agent closed this ticket autonomously” becomes a regulated event. Expect frameworks like SOC 2, ISO 27001, and emerging AI regulations to adapt accordingly.
These shifts echo the broader patterns described in expert discussions on AI developments in cybersecurity, where the consensus increasingly points to agentic systems as the next defining architectural layer.
What’s Next for Torq in 2026
The Series D capital is earmarked for three priorities: scaling the AI SOC Platform globally, deepening multi-agent capabilities, and expanding into public sector and government markets, where Merlin Ventures brings specific distribution leverage. Public sector is the obvious next frontier — federal agencies in the U.S. and government bodies in Europe are under acute pressure to modernize SOCs that still rely on manually maintained playbooks.
The strategic risk Torq has to navigate is the same one every category-defining startup faces: incumbents copying the playbook. Palo Alto Networks, CrowdStrike, and Splunk all have the resources and customer access to ship competing AI SOC capabilities, and several have already announced agentic AI roadmaps. Torq’s defense is speed of iteration, depth of its agent architecture, and the bottom-up adoption motion that’s hard to dislodge once it’s embedded in the daily workflow of a Fortune 500 SOC team.
For now, the trajectory is unambiguous. A $1.2 billion valuation, $332 million in capital, Fortune 500 anchor customers, and a category that the entire industry has agreed exists. Five years in, Torq has done what most cybersecurity startups never manage: it has defined the playing field rather than competing on someone else’s.
FAQ: Torq and the AI SOC
What does Torq do?
Torq builds an AI Security Operations Center (AI SOC) platform. It uses autonomous AI agents to triage, investigate, and respond to security alerts at machine speed, replacing the legacy SOAR category. Its flagship AI agent, Socrates, closes approximately 90% of Tier-1 tickets without human intervention.
How much is Torq worth?
As of January 2026, Torq is valued at $1.2 billion following a $140 million Series D round led by Merlin Ventures. Total funding to date is $332 million.
Who are Torq’s customers?
Torq’s published customer roster includes Marriott, PepsiCo, Procter & Gamble, Siemens, Uber, Virgin Atlantic, Blackstone, Rivian, Nubank, Telefonica, ZoomInfo, Chipotle, Agoda, and cybersecurity vendors including Check Point, SentinelOne, Armis, Wiz, and Abnormal Security.
How is Torq different from CrowdStrike or Palo Alto Networks?
Torq operates at the orchestration and response layer of the SOC, while CrowdStrike (EDR) and Palo Alto Networks (network security and XSIAM) operate at the detection layer. Most enterprises run Torq alongside these vendors, using Torq to automate response to alerts generated by them.
What is an AI SOC?
An AI Security Operations Center (AI SOC) is a SOC where autonomous AI agents handle the majority of alert triage, investigation, and routine remediation, with human analysts focused on escalations and strategic work. The category is being actively defined by Torq, with competing approaches from Palo Alto Networks, CrowdStrike, and a new wave of specialized startups.
Is Torq going public?
Torq has not publicly announced IPO plans. The January 2026 Series D round at a $1.2 billion valuation gives the company multi-year runway to scale before any public listing decision.


