Command Zero releases APIs to enable programmatic security investigations

Per Silicon Angle, Command Zero Inc. has launched a suite of application programming interface (API) endpoints and a Model Context Protocol (MCP) server for its autonomous security operations center platform. This new offering allows customers to programmatically drive threat hunts, investigations, and remediation efforts, moving beyond the limitations of the vendor's console.

The new API endpoints enable security operations teams to integrate Command Zero's investigation engine into their existing security orchestration, automation, and response (SOAR) playbooks, pipelines, and internal tools. The MCP server allows AI agents to directly query the platform, perform health checks, triage cases, and build dashboards via a chat interface. The release includes endpoints for investigations, business context (pulling data from sources like ServiceNow and HR systems), catalog and schema queries, and remediation actions. Use cases range from automatically starting investigations upon alert firing to enabling custom threat hunting frameworks and allowing managed security service providers to sync client business context across tenants.

This move comes as the industry sees a race to add agentic capabilities and new autonomous SOC platforms emerge. By opening up these capabilities via APIs and MCP, Command Zero allows customers to weave autonomous investigations into their current tools and workflows without requiring a full replacement.

Source: Silicon Angle