Torq launches Agentic Builder as $1.2bn unicorn tightens grip on enterprise AI SOC market

Torq, a privately held agentic security operations company valued at $1.2 billion following its $140 million Series D funding round closed in January 2026, has unveiled Agentic Builder, a major product extension to its Torq AI SOC Platform that converts natural language instructions from security engineers and architects into fully tested, production-ready AI agents and automated workflows. The announcement, made on March 18, 2026, positions Torq as the first platform to automate not just security response at the analyst level but also the engineering and architecture work required to build, deploy, and maintain security automation at scale. The development comes as the Security Operations Center software market faces a decisive inflection, with legacy SOAR vendors struggling to adapt to AI-native architectures and Fortune 500 enterprises increasingly demanding autonomous rather than advisory security tooling. Torq now counts LEGO, Marriott, Prudential, Carvana, PepsiCo, Procter and Gamble, Siemens, and Uber among its enterprise customers.

How does Torq Agentic Builder turn natural language security intent into production-grade AI agents without manual engineering work?

Agentic Builder operates as an extension of Torq Socrates, the orchestration layer inside the Torq AI SOC Platform, and is designed to eliminate the manual planning, coding, troubleshooting, and maintenance burden that traditionally falls on SecOps engineers when building or updating security automation. The workflow begins when a security professional describes a desired outcome in plain language. From that description, Agentic Builder analyses the request against the organisation’s existing semantic memory, business context, security standards, and available tool integrations. It then selects the relevant connectors, defines parameters and governance guardrails, generates orchestration logic, and produces a custom Torq AI Agent configured to handle the specified security scenario.

Critically, the system does not push that agent directly to production. Before deployment, Torq Socrates runs the newly created agent against real-world data, simulates step-by-step execution, and validates outputs including email previews, case management descriptions, and user interface screens. Security architects can examine those outputs, identify gaps, and refine the agent’s behaviour until it meets organisational standards. Once deployed, Torq Socrates monitors the agent continuously in production and recalibrates its behaviour automatically as conditions, threats, or system configurations change. That self-correcting loop addresses one of the most persistent criticisms of legacy SOAR implementations: workflows that degrade silently as enterprise environments evolve and require constant manual intervention to remain functional.

What competitive pressure is Torq responding to with Agentic Builder and why does the engineer-level automation gap matter for enterprise SOCs?

The analyst-level automation problem, reducing alert fatigue and automating routine Tier-1 triage tasks, has been Torq’s commercial foundation since the company pivoted to AI agents following the generative AI inflection of late 2022. Torq claims its platform now handles 90 to 95 percent of Tier-1 alerts autonomously and has cut investigation times by up to 90 percent at major enterprise deployments. However, the bottleneck that has persisted even in advanced AI-SOC environments is the engineering layer: the skilled SecOps architects who design, build, integrate, and maintain the workflows that AI agents then execute. These engineers are scarce, expensive, and typically consumed by technical maintenance rather than risk strategy. Agentic Builder’s stated purpose is to shift that burden from humans to machines.

The competitive context matters. Palo Alto Networks has positioned Cortex XSIAM as its autonomous SOC answer, adding Cortex AgentiX in October 2025 as a no-code agent builder trained on over a billion real-world playbook executions. CrowdStrike has responded with Charlotte Agentic SOAR and the AgentWorks builder, enabling natural-language creation of custom security agents within the Falcon ecosystem. Both incumbents are packaging agentic tooling as extensions of existing platform relationships, which gives them significant cross-sell leverage with existing enterprise accounts. Torq’s structural counter-argument is that those builds are still constrained by single-vendor architectures, whereas Torq’s open platform integrates across more than 300 third-party tools and supports bring-your-own-model approaches, including models from Anthropic, Google, and OpenAI. For multinational enterprises running heterogeneous security stacks, that breadth can be decisive.

What does the Cursor comparison signal about Torq’s positioning strategy in the enterprise developer and security tooling market?

Torq’s choice to position Agentic Builder as the Cursor of security operations is a deliberate borrowing from the software development world. Cursor, the AI-augmented code editor, became a reference point in 2024 and 2025 for what it looks like when an AI tool transforms the productivity of technically skilled professionals rather than merely assisting them. The implied claim is that Agentic Builder does for SecOps engineers what Cursor did for software developers: collapsing the distance between intent and working output, substantially reducing the time from idea to deployable system.

The comparison also signals something strategically important about Torq’s audience targeting. The company is not pitching Agentic Builder as a replacement for security expertise but as an amplifier of it. The workflow still requires a security professional to articulate a desired outcome with operational precision. What Agentic Builder removes is the translation layer, converting that intent into working technical architecture. That framing is useful for enterprise procurement, where CISOs and security directors are more receptive to tools that enhance their teams than to tools that imply reducing headcount.

How does Torq’s $332M total funding and $1.2B valuation stack up against the broader agentic AI security operations investment landscape in 2026?

Torq’s unicorn milestone, achieved with its January 2026 Series D, brings total capital raised to $332 million across rounds that include $50 million in December 2021, $42 million in January 2024, $70 million in September 2024, and the $140 million January 2026 round led by Merlin Ventures. Merlin’s involvement is particularly noteworthy because the firm serves as the venture affiliate of Merlin Group, which has nearly three decades of experience placing technology into US government and public sector markets. That relationship suggests Torq’s near-term growth ambitions extend into federal cybersecurity, a segment where the combination of scale, compliance sophistication, and autonomous operation at high classification levels represents a substantial commercial opportunity.

Torq’s valuation trajectory also reflects the broader market repricing of agentic AI security vendors. Companies that can demonstrate measurable operational outcomes, such as Torq’s reported 300 percent revenue growth in 2025 and customer deployments delivering full-cycle automation within 48 hours of onboarding, are commanding premium valuations as enterprise buyers shift budgets from advisory AI tools toward systems that demonstrably reduce headcount requirements and response times. Other existing investors including Evolution Equity Partners, Notable Capital, Bessemer Venture Partners, Insight Partners, and Greenfield Partners all participated in the Series D, signalling continued confidence across the cap table.

What are the execution risks for Torq as it moves from alert automation into the more complex territory of autonomous workflow engineering at enterprise scale?

The transition from automating analyst-level tasks to automating engineer-level architecture introduces a more demanding accountability profile. When an AI agent incorrectly classifies a phishing alert, the cost is a missed threat or a false positive, both recoverable. When an AI system designs a flawed workflow that misroutes security events or creates unvalidated automation paths across production systems, the consequences can include undetected breaches, compliance failures, or operational disruptions across the enterprise security stack. Torq’s response to this risk is the pre-deployment validation engine inside Torq Socrates, which tests agents against real data before they go live and requires human approval of outputs. Whether that validation framework is rigorous enough for the most sensitive workflows, particularly those touching identity, containment, or network isolation actions, will be a central question for large enterprise customers evaluating Agentic Builder.

Torq’s go-to-market model introduces additional pressure points. The company is growing at high velocity, reporting EMEA headcount growth of 400 percent across 2025 and planning to hire an additional 200 employees globally in 2026, expanding from roughly 350 current staff. Rapid scaling in enterprise software frequently tests customer success capacity, and the complexity of deploying agentic AI at Fortune 500 scale demands deep implementation support. Torq’s self-service model, a differentiation it highlights against legacy SOAR implementations requiring extensive professional services, must hold at significantly larger account sizes and more complex environments than it may have encountered to date.

How does Torq’s RSAC 2026 showcase of Agentic Builder reflect the broader industry agenda around autonomous security operations this year?

Torq is scheduled to demonstrate Agentic Builder at RSA Conference 2026, running from March 23 to 26 at Moscone Center in San Francisco, where it will occupy Booth 527 in the South Expo Hall. The timing positions the launch at the industry’s most prominent security venue, where Palo Alto Networks, CrowdStrike, Splunk, and IBM Security will all be competing for CISO attention with their own autonomous operations narratives. For Torq, the RSAC platform offers an opportunity to demonstrate Agentic Builder live against enterprise-scale scenarios and make the case that a purpose-built agentic platform outperforms the AI extensions that incumbents have added to legacy SOAR foundations.

The broader RSAC agenda in 2026 is expected to be dominated by the question of whether AI security tools have matured past the pilot stage into operational infrastructure. Torq’s ability to present verified customer outcomes from LEGO, Marriott, and Prudential alongside its existing deployments at Carvana, Siemens, and Virgin Atlantic will be central to that credibility case. The addition of large consumer and financial services brands to Torq’s customer list signals that the platform is meeting the compliance, auditability, and integration requirements of industries with demanding regulatory environments, not just the high-velocity technology sector where agentic AI tools typically find early adoption.

Key takeaways: What Torq’s Agentic Builder launch means for the AI SOC market, enterprise security teams, and legacy SOAR vendors

• Torq has moved the AI SOC automation frontier from analyst-level triage to engineer-level workflow design, targeting the skilled SecOps architect shortage that persists even in advanced enterprise security operations.
• The Cursor comparison signals a deliberate positioning strategy that frames Agentic Builder as an amplifier of existing expertise rather than a replacement for it, which is a more defensible enterprise procurement narrative than headcount reduction.
• Pre-deployment validation via Torq Socrates, including real-data testing and output review before live activation, is the primary governance mechanism differentiating Agentic Builder from simpler natural-language-to-automation tools. Its adequacy for high-stakes workflows remains to be stress-tested at scale.
• Merlin Ventures’ leadership of the $140 million Series D strongly implies that Torq is positioning for US federal and public sector expansion, a segment where autonomous SOC capabilities, compliance auditability, and scale are premium requirements.
• The 300 percent revenue growth reported for 2025 and 48-hour-to-value onboarding claims at Valvoline represent the most commercially relevant metrics Torq can offer prospective enterprise buyers weighing the platform against incumbent offerings.
• Palo Alto Networks and CrowdStrike have both launched no-code agentic builder tools, but their architectures are optimised for customers inside their respective ecosystems. Torq’s cross-vendor open architecture remains its primary structural differentiator in heterogeneous enterprise environments.
• Torq’s planned hiring of 200 additional employees in 2026 against a current base of roughly 350 staff represents a near-doubling of headcount that will test customer success infrastructure at the same time the platform is moving into more complex engineering-layer territory.
• New enterprise customers LEGO, Marriott, and Prudential demonstrate meaningful penetration into regulated consumer and financial services sectors, indicating that Torq has cleared the compliance and auditability bars that historically restricted agentic AI tool adoption in those industries.
• The agentic AI security operations market now has over 40 identified participants according to IDC, but the Series D funding scale and Fortune 500 customer roster place Torq in a small group of platforms with the capital and customer validation to compete at enterprise infrastructure level.
• For legacy SOAR vendors and the enterprises still running them, Agentic Builder’s core proposition, collapsing months of engineering work into minutes, represents the clearest articulation yet of why static playbook architectures face structural obsolescence rather than incremental competitive pressure.