Powered by digital twin technology and custom-built AI models for each customer, Cumulo responds to GCHQ’s recent call for an AI Cyber Shield, allowing threats and vulnerabilities to be spotted before any incident takes place
Abingdon, U.K., 19 June – SOC-as-a-service provider e2e-assure has today unveiled the latest version of Cumulo, the U.K.’s only sovereign, AI-native SOC platform that connects IT and OT environments. The platform is purpose-built to help organisations protect themselves against a rising wave of AI-powered threats, where attackers are operating with a level of speed and autonomy that legacy SOC models simply were not designed to handle.
The platform, developed and owned entirely in the U.K., directly addresses the recent appeal from GCHQ Director Anne Keast-Butler for “a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence,” delivering a fully sovereign solution that underpins e2e-assure’s SOC services.
With AI woven into every layer of the platform, Cumulo continuously builds contextual understanding as security data flows in, elevating detection and response to an entirely new standard and unlocking defence capabilities that were previously out of reach. The SIEM continues to serve as the definitive source of truth — a deterministic, evidence-grade log of every event — while AI operates as a parallel layer on top of it.
Cumulo introduces the concept of the zero-day SOC, meaning fresh threat intelligence can be converted into detection rules instantly, removing the window of exposure from newly emerging threats. It brings together predictive modelling, sovereign on-premises AI models, and skilled human oversight to achieve millisecond-level detection of both known and emerging indicators of compromise. All of this is done while keeping SC-cleared security professionals at the heart of every decision through a ‘human in the loop’ framework, ensuring AI never operates autonomously.
“Cumulo marks a fundamental departure from traditional SOC and SIEM setups, which are largely human-driven and reactive because they depend on sequential alert triage and after-the-fact investigation. Cumulo instead runs on an AI-first security operating system,” said Rob Demain, CEO of e2e-assure. “Threats today are outpacing the speed of human-led workflows, leaving security teams overwhelmed. At the same time, many AI tools in security are still held back by legacy architectures that force them to reconstruct context after an event has already occurred. We designed Cumulo to solve this — continuously building understanding as data is generated, while keeping expert analysts firmly at the centre of every decision.”
The Cumulo platform maintains a continuously updated digital twin of each customer’s environment through passive discovery across both IT and operational technology (OT) systems. This enables safe attack simulation, identification of risks before they can be exploited, and immutable preservation of analytical integrity. This capability is especially valuable in operational technology and critical infrastructure settings, where live testing is often too risky or simply not feasible.
The customer-dedicated local large language models (LLMs) are hosted within sovereign environments and trained on each organisation’s unique infrastructure, enabling precise, context-aware reasoning that accurately reflects the realities of each customer’s estate. Because inference takes place within infrastructure controlled by the customer, organisations maintain complete sovereignty over sensitive security data and reduce their dependence on external cloud-based AI services. This sovereignty is not merely a compliance matter — for sectors such as critical national infrastructure, it is an operational imperative. Defensive AI capabilities that rely on third-party infrastructure can be disrupted or restricted by factors outside an organisation’s control. By keeping models on-premises, organisations guarantee that their defensive capability remains available regardless of external conditions.
“For organisations responsible for critical national infrastructure and essential services — energy, water, transport, telecommunications, and government operations — resilience is not just about detecting threats more quickly; it is about making sure your ability to defend holds up during a crisis,” Demain added.
“As more security functions migrate to the cloud, concerns around sovereignty, dependency, and operational continuity are growing. For organisations in regulated or high-dependence environments, relying on external AI infrastructure can create risks related to data residency, transparency, and ongoing access to critical defensive tools. Cumulo tackles these challenges by keeping sensitive operational knowledge within environments controlled by the customer, minimising exposure to external disruption and helping organisations retain visibility and cyber defence capability even during major incidents, connectivity failures, or broader infrastructure outages.”
Cumulo also features a layered AI architecture that separates sensitive operational reasoning from broader intelligence and research functions. A local model layer handles environment-specific detection and analysis; a security intelligence layer aggregates and correlates threat data at scale; and a frontier model layer is used for non-sensitive enrichment and wider analytical tasks. This design ensures sensitive data stays contained while still enabling advanced AI capability where it is appropriate, meeting both compliance and performance needs.
To manage the ever-growing volume of security data, Cumulo employs multiple AI models that cross-examine every investigation from different angles, creating a fully auditable record of each alert known as the Cumulo Analyst Helper (CAH). An anti-hallucination layer checks all findings against threat intelligence and deterministic detection engines before any results are presented to an analyst. The customer’s own security and operations specialists — who know their environment and risk appetite inside out — remain involved at every stage. The platform absorbs the volume so that people can focus on the high-value judgements that matter most.
Cumulo is being rolled out through a multi-tier product model designed to support varying levels of security maturity and organisational requirements. The Standard tier delivers a proactive SOC capability, providing AI-driven investigation and autonomous threat hunting that detects by behaviour rather than signature alone, along with threat intelligence, centralised reporting, and compliance dashboards. The Enterprise tier extends the platform into a predictive SOC, adding unified IT and OT monitoring, digital twin capability, live compliance dashboards, and advanced cross-environment correlation for complex environments that demand deeper operational insight. This predictive model continuously stress-tests an evidence-accurate replica of your estate, ranks and costs the remediation steps, and closes the gaps before a real attacker ever arrives.
For more information visit: www.e2e-assure.com/cumulo
About e2e-assure
e2e-assure has delivered expert SOCaaS solutions powered by its AI SOC platform, Cumulo, to government and CNI organisations for over a decade. Its 24/7/365 U.K.-based Security Operations Centre, staffed exclusively by NPPV3 and security-cleared cyber professionals, is dedicated to rapid, expert response for nation-critical organisations.
Unlike providers tied to specific technologies, e2e-assure’s fully owned AI SOC platform, Cumulo, integrates with an organisation’s existing security stack to maximise the value of current investments. With U.K. data sovereignty guaranteed and an unwavering commitment to SOC excellence, e2e-assure helps organisations build resilience, reduce risk, and stay ahead of threat actors with confidence.
