D3 Security has unveiled its Morpheus AI solution, an autonomous SOC product designed to sit on top of any security product stack and perform autonomous alert investigation, triage, and AI-guided remediation. Or, as D3 Security President Gordon Benoit explained to MSSP Alert, "We trained it to become a SOC analyst."
Morpheus AI uses data ingested from D3's own framework added to multiple integrations with SIEM, SOAR, identity, authentication, EDR, NDR, CSP, email, and 800+ other tools and products and combines that with a large language model to provide incredible amounts of context. When an alert comes in, Morpheus AI can quickly identify high-risk incidents, prioritize, correlate cross-stack insights, and reduce mean-time-to-triage (MTTT) from hours to seconds, the company said. D3 says Morpheus AI can have 95% of alerts triaged in under two minutes.
This is huge for MSSPs, Benoit said, because Morpheus can provide 100% alert coverage, deliver context-aware responses, and offer built-in threat-hunting logic to explain its actions to those working in the SOC, to MSSPs and to their clients, he said.
"Context, context, context: It's all about context," Benoit said. "Morpheus's strength is its ability to gather all the context necessary when an alert comes in from across the tech stack and take that pressure away from the MSSP to ingest, understand, and prioritize every alert. Morpheus can ingest a million alerts a day, and it can do about, minimum, 10 times the work that a SOC analyst would do," Benoit said. "So, you know, at the end of the day, they can take those resources that are freed up and deploy them on other things for their customers. Every alert is triaged, we have built the playbooks, you can see all the steps taken," he said.
Morpheus also includes built-in audit features to show its logic and track every step and action, enabling MSSPs to offer complete transparency to clients about the actions taken and decisions made. Morpheus can run as a fully autonomous solution or can be adjusted for varying levels of human intervention, Benoit said.
"You can go full autonomous mode, sure, but most customers don't go fully autonomous," Benoit said. "Or you can have Morpheus present its findings and its remediation plan for review, and then they can say, 'Yes, execute,' and then it'll go through a process like a SOAR automation. It's similar to a self-driving car in that you can see it's doing the work, and you can always grab the wheel if you see something that's not quite right," he said.
For MSSPs, that autonomous capability gives them greater freedom and flexibility and can allow them to support more customers and increase their profit margins as well, Benoit added.
"Morpheus really allows those MSSPs to up their response and remediation game. When you're cutting down alert flow, that's a huge plus for customers. And from an MSSP perspective, it allows that MSSP to offer managed response, MDR, and MXDR. So it opens up a whole new world of profitable, scalable managed services that maybe that MSSP couldn't provide or struggled to provide previously," he said.
Benoit said that a beta program will start in June or July, and the solution is slated for general availability in August 2025. While competitors have also integrated AI capabilities into their SOC solutions, Benoit said D3 Security is aiming much higher than just creating an AI assistant or adding AI-enabled features.
"From the beginning, we said we're going to make Morpheus into the greatest SOC analyst in the world -- OK, that sounds extreme -- but that's our goal," Benoit said. "That's why it's hard and that's why we're taking our time to make sure it is the best of the best -- and the MSSPs and customers are going to be the ones who tell us if we meet that goal, but we think if you're gonna have a goal, make it a good one!"
