Anvilogic’s Blueprints replaces SOAR complexity with natural language security automation

Anvilogic has launched Blueprints, a workflow automation capability that captures expert analyst practices and turns them into scalable, repeatable workflows across security teams.

Instead of requiring specialized engineers to build and maintain code, Blueprints lets analysts author automation in natural language, deploy it the same day, and have it execute to automate processes across data onboarding, detection engineering, threat hunting, investigation and response.

“Your best analyst, at infinite scale,” said Mackenzie Kyle, Chief Product Officer at Anvilogic. “Blueprints captures how your most experienced analysts work and converts those methods into repeatable, automated workflows for your AI SOC. Your whole team operates at the top of their game, and gets smarter with every run.”

What is Blueprints?

Blueprints is Anvilogic’s AI automation layer, which allows analysts to create reusable, task-specific AI workflows with pre-configured instructions, context, integrations, and memory. Think of them as specialized AI agents for specific security domains, built by your senior analysts, run by your entire team. The foundation for Blueprints is Anvilogic’s enterprise-proven AI SOC platform containing the necessary data knowledge, the detection engineering and the triage & investigation layers.

Unlike SOAR systems that operate on noisy alert streams, Blueprints run on our Enterprise Security Graph. We have built years of context in the platform to discover and model enterprise SOC artifacts, including events, alerts, normalizations, data models, rules, and workflows, mapping them directly to detection, investigation, and triage workflows.

The problem it solves

Security operations teams often rely on their most experienced analysts to interpret alerts, apply investigative judgment, and coordinate the actions that follow. Over time, these analysts develop a deep understanding of how alerts should be triaged, what context matters, and which actions move an incident toward resolution. However, much of this expertise remains informal and captured in static runbooks, documentation, or individual experience that is difficult to apply consistently across a team.

SOAR platforms promised consistent orchestration and automation, but often introduced a new role: the SOAR engineer. Building and maintaining playbooks required Python scripting, schema wiring, and ongoing integration work, turning automation into a specialist discipline. Blueprints removes that barrier.

“When a new analyst joins your team, they shouldn’t be learning your SOC’s tribal knowledge,” said Karthik Kannan, CEO of Anvilogic. “They should inherit it. Blueprints encode what your senior people know and make it operational at scale. That’s not replacing analysts. That’s multiplying them.”