Table of contents

Orca’s AI agents: Ecosystem engineers for cloud-native apps

Ecosystem engineers are living things—animals, plants, insects, etc—that physically modify their environment in ways that create, maintain, or destroy habitats for other species. For example, beavers chop down trees to build dams. These dams don’t just serve as their home. They also filter out toxic algae, which allows other animals and living things to thrive in the habitat downstream from the dams. 

Orca’s AI Agents are like ecosystem engineers for your cloud-native applications. They are built to modify the environment of cloud native apps in a healthy, symbiotic relationship with the organization, so that security and development teams can thrive in the cloud. They have reasoning skills and memory. And just as ecosystem engineers live in specific habitats, the AI Agents have specific areas of expertise and impact different parts of your tech ecosystem.

  • The Threat Investigation Agent is like an octopus, which has a decentralized nervous system. This agent hunts for context about an alert across the cloud environment, like the tentacles of an octopus. Context includes exposure graphs, identity permissions, asset and workload details, any sensitive data or secrets involved, and more. The agent uses this context to decide if the alert is malicious, explain its reasoning, and recommend action automatically. It’s smart investigation so your team can start working on the fix.
  • The AppSec Triage Agent is similar to the beaver filtering out toxic algae with their dam and making the ecosystem livable again. This agent removes false positives surfaced by code scanning and adjusts the risk score to reflect the priority for remediation, with the option to automatically dismiss alerts going forward. Fewer false positives, less friction, more harmony in your ecosystem.

Why build AI agents for CNAPP? 

Gartner research shows that there’s been a 60% increase in organizational spending on global security and risk management since 2020. The massive shift to work-from-home drove organizations to re-evaluate how they operate and ensure security coverage across their workforce. 

More coverage and more telemetry hasn’t translated to more confidence in security and cyber resilience. In fact, research from PWC revealed that cloud-related threats are still cited executives’ #1 cybersecurity weakness in 2025. Research from Omdia confirms this in The State of Cloud Security: Navigating Security Offerings From Cloud Service Providers and Security Vendors with 45% of organizations having experienced four or more security incidents in their cloud environment in the last 12 months.

While expanding coverage and visibility is important as the technology landscape evolves, there must be a better way to drive quicker action and impactful business outcomes. The growth of security teams doesn’t grow linearly with the development team. This resource constraint is exacerbated by AI, which changes the rate of change exponentially. To be a business enabler at a fraction of headcount, security teams need a better way to gather insights across data that lives across multiple systems, plan remediation, and act.

What we’re building: Agentic AI for CNAPP

Orca is on a mission to make it easy to secure the cloud. This means capturing your business context and data about your cloud-native apps in one place so that your team and AI agents can work together to investigate threats, triage alerts, and stop attackers from compromising your cloud-native applications.

For years, how apps get built has been functionally separated from how infrastructure gets secured. This creates challenges in how mitigation steps and remediation plans get actioned. Without business context for both pre-production and production environments, security gaps sit in a holding pattern until teams agree on next steps. In a perfect world, security issues get resolved at the root, but in reality, leaders sometimes choose to implement mitigation controls to reduce risk. 

Because Orca unifies security across the whole lifecycle of cloud-native apps, AI agents can take on more work, freeing up team members to apply human ingenuity in higher impact areas. This requires a tighter approach across 3 key areas: context, AI, and action.

Diagram illustrating Orca AI architecture where a Unified Data Model drives insights through reasoning and expertise to initiate platform actions.

Unified Data Model: Context is the foundation

Many AI-native agentic security solutions have been entering the market, but they all run into the same issue – they lack the data and context that AI agents need to make reliable conclusions. 

At the core of the Orca Platform is the Unified Data Model. Orca has been building a strong contextual foundation that ingests and normalizes data across all types of data sources security teams regularly interact with:

  • Cloud control plane 
  • SideScanning
  • Identity and access management systems
  • Code repositories & CI/CD scans
  • Network access telemetry
  • Agents and sensors
  • Threat intelligence feeds 
  • and more 

Orca AI: The brain that drives insights

Orca AI is the cognitive engine that processes data into insights. We’re thinking of how this brain drives security outcomes in three ways:

  • Reasoning: Orca AI doesn’t just regurgitate data; it takes context into consideration when explaining the urgency of a security issue. Just as a person would explore systems of data to understand exposure risk, permissions, event logs, and more, Orca AI analyzes this information to provide an opinionated stance on why and how to fix security problems.
  • Memory: Orca AI remembers decisions that have been made, end-user feedback, and uses it all as context to refine future recommendations.
  • Expertise: Just as your team members focus on specific areas of mastery, Orca AI also has specialized areas of security expertise to protect your cloud-native applications across cloud, code, and real-time threats.

Action: Where work is initiated

Once you have insights on the most critical areas of risk, it’s time to start executing. 

  • Orca as a Smart Platform: Sometimes it’s as simple as triggering a ticket to get created in Jira or another ticketing system. Other times, you’ll need to address groups of alerts together. Either way, the Orca Platform gives you AI-driven remediation recommendations and the ability to trigger actions through robust integrations with SIEM/SOAR, notification channels, ticketing systems, and more.
  • AI Assistant: As the scholar for all of your data in Orca, any employee can chat with the AI Assistant to understand what’s at stake with an alert, create summaries and reports, and further prioritizing what they need to focus on.
  • AI Agents: These AI team members can research data in the Unified Data Model, provide recommendations, and even trigger workflows to address risk. They do the heavy lifting so your team can focus on more strategic activities.

Transparency builds trust

At Orca, we understand the hesitance to give AI agents the keys to the kingdom and autonomy to change your environment. The trust of our customers is paramount as we create a more secure future in the cloud, together. 

To build on a strong foundation of trust, Orca’s AI agents start with recommending action, backed by transparent reasoning. This keeps a human in the loop, in the near term, to validate conclusions and next steps as we work towards autonomous behavior from observation to action.

About Orca

The Orca Platform delivers a unified cloud security experience that helps organizations identify, prioritize, and remediate risk across their cloud environments, applications, and AI. Interested in seeing how we help you command your cloud? Schedule a personalized 1:1 demo.

Table of contents