Building the World's Most Experienced Incident Responder

Building the World's Most Experienced Incident Responder

That's our thesis at Spacewalk: combine the instincts of top-tier operators with the horsepower of top-tier AI researchers, and use it to wipe out the bottom 50% of work that currently eats up senior responders' time. Today, the people best equipped to contain a serious incident spend half their day on benign queue work bubbling up from the SOC. Push that down with agentic AI, and your most experienced humans finally get to do the work only they can do.

The bottleneck has moved, and most teams haven't noticed

We've been spending time recently with our larger, more targeted customers, and a pattern is emerging that we think the wider industry is about to feel.

Most Fortune-scale security organizations now run a tiered model. Tier 1 triage is outsourced to an MSSP or absorbed by an AI SOC. Those layers scale just fine with the growing volume of alerts and attacks. That's not the problem.

The problem is downstream. Two of our Fortune 200 customers are watching an ever-growing backlog land on their incident response teams, who ironically spend less and less time actually doing response.

70% of senior IR capacity is going to triaging escalations out of the MSSP and AI SOC layer.

That's a structural problem, not a tooling one. Incident responders are inherently more knowledgeable, more experienced, and more expensive. There are fewer of them on any given team, but they're the true defense at the organization. They're the people who can reason about an attack alongside the internal context and tribal knowledge of the business. Burning that capacity on false-positive triage is exactly the wrong place to spend it.

And the pressure is about to compound

Anthropic's own technical disclosure shows Mythos in an agentic harness autonomously discovering zero-days and chaining them into working exploits, with engineers who hold no formal security training producing end-to-end attack chains. AISI's independent evaluation had it completing a 32-step corporate intrusion (recon through full network takeover) on a range sized for roughly 20 hours of expert human effort.

The kill chain compresses but does not transform. Lateral movement, credential abuse, privilege escalation, and persistence remain the structural weaknesses. They just execute faster, cheaper, and at a scale the current Tier 1 / IR division of labor was not built for.

Our answer: an Agentic Incident Commander

Spacewalk's mission is to put that same class of agentic capability in defenders' hands.

Our Agentic Incident Commander spins up teams of agents to reason about a scenario, automating threat hunts and standing up sub-teams of agents (and sub-sub-teams) to pull threads, validate hypotheses, and build out the kind of robust, evidence-based analysis that, until now, only seasoned IR staff have been able to produce.

When the Commander determines a scenario warrants human input, it surfaces its findings to the team. If incident response is warranted, IR takes over and drives the system and the agentic team forward from there.

The goal is concrete: **10 to 50x the caseload a single IR team member can manage.** Not so dissimilar to how each of our own engineers now runs numerous Claude Code instances in parallel.

We're scaling the bottleneck that matters most: not the aperture at the top, but the pressure point.

Hear more on Risky Business

Our co-founders Tim Wenzlau (CEO) and Chris Fuller (CPO) recently sat down with Patrick Gray on the latest Snake Oilers episode of Risky Business to walk through this thinking and why incident response is overdue for an agentic AI rethink.

‍

Their conversation kicks off at the 15:31 mark of Snake Oilers: Ent AI, Spacewalk and Mondoo, which dropped May 1, 2026.