e2e-assure has unveiled the latest version of Cumulo, the U.K.’s sole sovereign, AI-native, IT/OT-connected SOC platform, purpose-built to help organisations counter a rising wave of AI-powered threats. Today’s adversaries act with a degree of autonomy and velocity that conventional SOC frameworks were never designed to handle.
The platform — owned and engineered in the U.K. — responds directly to GCHQ Director Anne Keast-Butler’s recent appeal for “a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence” — by delivering a genuinely sovereign solution within e2e-assure’s SOC offering.
With AI woven into every layer of the platform, the system builds contextual understanding in real time as security data streams in, elevating detection and response to an entirely new tier and enabling pioneering defensive capabilities. The SIEM continues to serve as the authoritative system of record — a deterministic, evidence-grade log of every event — while AI operates as a parallel capability layered on top.
Cumulo introduces what it calls the zero-day SOC: fresh, live threat intelligence can be deployed instantly as detection rules, neutralising the window of exposure to emerging threats. It fuses predictive modelling with sovereign, locally hosted AI models and specialist human oversight to achieve millisecond-level detection of both known and novel indicators of compromise — all while ensuring SC-cleared security teams remain central to every decision and preserving a strict “human in the loop” framework that precludes unchecked AI autonomy.
“Cumulo marks a departure from traditional SOC and SIEM setups that are predominantly human-driven and reactive, since they depend on sequential alert triage and after-the-fact investigation. Cumulo instead employs an AI-first security operating system,” said Rob Demain, CEO of e2e-assure. “Threats now outpace human-led workflows, leaving security teams stretched thin. At the same time, many AI security tools remain shackled to legacy architectures that force them to reconstruct context retroactively. We engineered Cumulo to solve that — continuously building understanding the moment data is generated, while keeping expert analysts firmly at the heart of every decision.”
The Cumulo platform maintains an up-to-date digital twin of each customer’s environment through passive discovery across both IT and operational technology (OT) systems, enabling safe attack simulation, pre-exploitation risk identification, and immutable preservation of analytical rigour. This is especially valuable within OT and critical infrastructure settings, where live testing is frequently impractical or carries unacceptable operational risk.
Customer-dedicated local large language models (LLMs) are deployed inside sovereign environments and trained on each organisation’s unique infrastructure, enabling precise, context-aware reasoning that mirrors the realities of that particular estate. Because inference takes place within customer-controlled infrastructure, organisations retain complete sovereignty over sensitive security data and lessen their dependence on external cloud AI services. This sovereignty is not merely a compliance checkbox — for sectors such as CNI, it is an operational imperative. Defensive AI capabilities tethered to third-party infrastructure can face disruption or access limitations beyond an organisation’s control. By keeping models on-premises, organisations guarantee that their defensive posture remains operational regardless of external conditions.
“For organisations responsible for critical national infrastructure and essential services — energy, water, transport, telecommunications, and government operations — resilience isn’t simply about spotting threats more quickly; it’s about making sure your capacity to defend holds up under crisis conditions,” Demain added.
“As more security functions migrate to the cloud, concerns around sovereignty, dependency, and operational continuity keep growing. For organisations in regulated or high-dependence environments, leaning on external AI infrastructure can introduce risks related to data residency, transparency, and sustained access to vital defensive capabilities. Cumulo tackles these challenges by keeping sensitive operational knowledge within customer-controlled environments, reducing exposure to external disruption and helping organisations preserve visibility and cyber defence capability even during major incidents, connectivity failures, or wider infrastructure breakdowns.”
Cumulo also features a layered AI architecture that isolates sensitive operational reasoning from broader intelligence and research functions. A local model layer manages environment-specific detection and analysis; a security intelligence layer aggregates and correlates threat data at scale; and a frontier model layer handles non-sensitive enrichment and wider analytical tasks. This design ensures sensitive data stays contained while still enabling advanced AI capability where appropriate, satisfying both compliance and performance demands.
To cope with the escalating volume of security data, Cumulo deploys multiple AI models that cross-examine every investigation from distinct angles, constructing an auditable view of each alert — known as the Cumulo Analyst Helper (CAH). An anti-hallucination layer validates all findings against threat intelligence and deterministic detection engines before results ever reach an analyst. The customer’s own security and operations specialists — people who understand their estate and risk appetite — stay engaged throughout. The platform absorbs the workload so that humans can focus on high-value judgement.
Cumulo is being rolled out through a multi-tier product model tailored to different stages of security maturity and organisational requirements. Standard delivers a proactive SOC capability, providing AI-driven investigation and autonomous threat hunting that detects by behaviour rather than relying on signatures alone, alongside threat intelligence, centralised reporting, and compliance dashboards. Enterprise extends the platform into a predictive SOC, adding unified IT and OT monitoring, digital twin capability, live compliance dashboards, and advanced cross-environment correlation for complex settings that demand deeper operational insight. This predictive model continuously stress-tests an evidence-accurate replica of your estate, ranks and costs the remediation steps, and closes the gaps before a real attacker ever arrives.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page
