In this interview from RSAC 2026, Nick Schneider, chief executive officer of Arctic Wolf, joins theCUBE's Dave Vellante and Christophe Bertrand to discuss the launch of the Aurora Superintelligent Platform and the company's evolution into what it calls the world's largest commercial SOC. Schneider details how the platform combines a proprietary knowledge graph — built from more than a decade of operating a SOC across 10,000-plus customers and analyzing over 10 trillion security events per week — with a "swarm of experts" architecture that deploys agentic workflows for detection, triage and response. He explains how a layered trust framework, including an AI orchestrator, an AI judge and a human in the loop, ensures that autonomous agents operate within each customer's individual risk tolerance, spanning near-fully autonomous triage to fully human-validated actions.
The conversation also explores how Arctic Wolf protects its own infrastructure, applying the same principles it prescribes to customers — backed by its own threat intelligence labs, detection engineering teams and the full weight of its SOC capability. Schneider breaks down the company's growth strategy, pointing to continued international expansion across EMEA, Australia and Japan alongside a broadening product portfolio that now includes Aurora Endpoint, the UpSight anti-ransomware add-on and Sevco, a CAASM/CTEM solution. He also addresses the shifting mid-market threat landscape, noting that AI has dramatically lowered the technical barrier for attackers and enabled spray-and-pray campaigns against businesses that were previously too small to target. From improving gross and operating margins to a deliberately patient approach on the timing of a public offering, Schneider provides a candid look at how Arctic Wolf is positioning itself as the definitive leader in AI-driven security operations.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
In this interview from RSAC 2026, Nick Schneider, chief executive officer of Arctic Wolf, joins theCUBE's Dave Vellante and Christophe Bertrand to discuss the launch of the Aurora Superintelligent Platform and the company's evolution into what it calls the world's largest commercial SOC. Schneider details how the platform combines a proprietary knowledge graph — built from more than a decade of operating a SOC across 10,000-plus customers and analyzing over 10 trillion security events per week — with a "swarm of experts" architecture that deploys agentic work...Read more
exploreKeep Exploring
What is the "Agentic SOC" (the super-intelligent platform) — what components make it up, how does it work, and what benefits does it provide?add
What is the current state of the market for agentic AI in security operations centers (SOCs), what challenges prevent organizations from building and trusting agentic SOCs themselves, and how does your platform address those challenges?add
How will AI affect the roles and work of SOC operators and security teams?add
How do you build and use internal knowledge graphs to train AI agents for security operations, and why are those knowledge graphs necessary?add
When did the organization become the largest commercial security operations center (SOC) in the world, and how was that determined?add
>> Hi everybody. Welcome back to RSAC 2026. You're watching theCUBE's live coverage of this event. My name is Dave Vellante and I'm here with Christophe Bertrand and Jon Oltsik's also in the house. This is our CEO series. We're excited to have Nick Schneider back, CEO of Arctic Wolf Networks. Nick, good to see you. It's been a year. It seems like it's been quite a year.
Nick Schneider
>> Great to see you.
Dave Vellante
>> Yeah.
Nick Schneider
>> It's been a busy year, but I'm glad to be here.
Dave Vellante
>> I mean, last time we talked, you had done the silence acquisition, expanding internationally, the whole cipher for AI and wow, things are happening so fast. Give us the update. We're hearing a lot about AI SOCs. I want to ask you about that, but give us the update on Arctic Wolf.
Nick Schneider
>> Yeah. So we just at the show here announced our super intelligent platform. And really what we mean by that, it's a few component parts. So one, we've built out a knowledge graph that really makes use of a long history, 10 plus years of operating arguably the world's largest SOC. So it makes use of the data, but also it makes use of the context that we get from operating that SOC through the intelligence of the humans that actually operate it. And then on top of that, we've built what we call our swarm of experts. So agents that are doing things that you typically would need to get done within a SOC, but doing it agentically. And then on top of that, we've built what we call our trust framework. So that's a combination of leveraging AI to ensure that the agents are doing what you'd expect, but also leveraging humans to do the same thing. And all of that together is what we're calling our Agentic SOC. And it's in production today. All of our customers get use of it. And the outputs that they should garner are a combination of better efficiency and better effectiveness when it comes to cybersecurity.
Dave Vellante
>> I think there was a lot of misconceptions about Arctic Wolf early on. They put you in the MSSP bucket.
Nick Schneider
>> Yeah.
Dave Vellante
>> None of us like to be put into a bucket, but that bucket is highly labor-intensive, one of everything. And you, I think, started a trend, one of the first to really drive automation, free the AI herd around the world. And now you have this AI SOCs is the big thing. You got companies like Vega and Profit and Dropzone all trying to come after what you started. And again, historically the MSSPs have been very much human-focused. You educated me early on, "No, Dave, we have a different philosophy and business model. We're very software heavy." You guys made some acquisitions in that regard. You've got some internal IP, organic IP. What's your take on the rise of AI SOCs? You guys are obviously participating, you see this competition coming in. How are you feeling about it?
Nick Schneider
>> Yeah, so I think the market is actually bifurcated at some level. So you have folks that are looking at Agentic for use in their SOC, and then you have a subset of the market. It's actually the larger portion of the market that's looking to leverage AI for security more broadly. But just like other aspects of cybersecurity, they don't have the expertise to build out an agentic SOC themselves or to train and tune these models or agents themselves. And that's what we've built on top of our platform. I think there are some building blocks that are required to be able to do this in a way that the customer trusts the output. I think sometimes we get caught up in AI and artificial intelligence, but at the end of the day, we know that they have to be trained and they will learn over time. But just like a human, you wouldn't put somebody that's never done something before to train your kid how to play baseball or teach your child how to read. Same thing's true of a SOC, right? So from our perspective, we've spent 10 plus years building out a security operation. We've done it at massive scale. We have over 10,000 customers. We're analyzing 10 trillion plus security events per week. We can leverage all that data and all that expertise to be able to build agents, be able to build workflows, be able to build a framework that is being trained, tuned, and put into the market in a way that we know that we can trust it in our SOC and therefore the customers can trust it in theirs.
Christophe Bertrand
>> So I wanted to double click on that. I think it's a very important topic. A lot of people are worried about AI taking their jobs away, all of these agents essentially doing their work. Well, actually they're doing a lot of work that they didn't get the time to do and making them more capable now of going into the next level of resolution, whatever the problem may be. So what's your take on where the market is with the skill sets that people will have to now maybe revisit being now a little bit pushed up the ladder with more ability to decide being the humans in the loop leveraging AI versus being crushed by AI?
Nick Schneider
>> Yeah. I think it will do a few things. So first, I think anybody that's operating within a SOC or frankly in a business, period, is going to have to make use of AI in a way that makes sense for the job that they're doing. I don't think that's any different for a SOC operator than someone in finance or sales or whatever profession you're in. I think within the SOC, there are certain roles historically that were very noisy, but relatively low value. And it's those use cases that I think are going to get automated or leveraged by AI in a more material way. What that does is freeze up those teams time to do things that are more complicated. I don't think it's necessarily do everything, but they're there to make sure that what's happening or the output of the AI is being transposed to the customer within their own environment in a way that is accurate to how they would do it.
Christophe Bertrand
>> And what are you doing to de-risk the potential problems that could come up? Some level of hallucination, maybe something goes wrong with an agent or multiple agents. As agents become more capable, they will start talking to each other, making more and more decisions. So how do you de-risk this for the end user and for the people in charge of managing the environment?
Nick Schneider
>> Yeah. So again, I take it back to, how would you do it if the agents were humans? You'd need a manager, right? So we have what we call our orchestrator. That layer takes the agents and makes sure that they're working together in a fashion that will get the customer the best outcome. And then on top of that, we have the AI judge and then the human in the loop. And the AI judge is validating that what you'd expect from the AI's workflow is actually happening. So if it was supposed to follow six steps, but it only followed five, "Hey, you didn't do all the steps and we know you didn't through all these other workflows that we've processed." And then the last piece is like the human in the loop or the human on the loop. So ensuring that a human with expertise and deep expertise in a specific domain or a specific skillset is also validating what's happening with the agents and how they're interoperating within the environment. And I think customers at this point are still very much in tuned to wanting to make use of AI and leverage AI for efficiency and leverage AI for the efficacy of their solutions, but they're also like, "But I'm not sure I'm ready to go all the way. I'm not sure I want to be the first person on the plane with no pilots. Let's keep someone with their hand on the joystick." And that's the same in cyber, I think.
Dave Vellante
>> So Aurora Superintelligence, so your marketing folks went for it with that term, right? We think of AGI and that's a controversial term, so I like it. And then the Aurora Agentic SOC. And you talked about human in the loop. I've been using the phrase AI in the loop. And I want to ask you about that. So first of all, these platforms, what problem are you solving that maybe you weren't able to solve before previous to these announcements and how much of it is human in the loop versus AI in the loop?
Nick Schneider
>> Yeah. So the problem is a common problem in cyber, which is primarily speed and efficiency. So we're able to do things faster and with a higher level of efficacy and they're done more efficiently, both for the customer and for Arctic Wolf, quite frankly. So it's solving similar problems, but doing or solving those problems in a different way. I think in addition to that, what we've tried to do is make sure that our customers understand while embedding AI into your security operation or leveraging Arctic Wolf to be a part of your security operation is super important, it's also really important to make sure that you're doing it in a way that meets your risk profile. So like every customer that I talk to has a slightly different risk profile or a slightly different tolerance for how much risk they're willing to take in cyber. And it might be for their C-suite, and it might be for a specific application or a set of assets, but it's not a cookie cutter application to how AI will work in a given SOC. So having the AI in the loop or on the loop allows a customer to say, "Hey, for these use cases, I'm ready for almost fully autonomous actions and triage. For this use case, I need a human in the loop. I don't want anything being done without a human validating what it's going to do." So you have AI as part of the process and part of the workflow, but I think the human is there for that last mile and a gut check as to how much risk a customer is willing to take or a gut check on the efficacy of the action that the AI might take within the SOC, which is super and super important, especially for early adoption, which we're still in the early adoption curve.
Dave Vellante
>> And how does the knowledge graph that you talked about earlier fit into this? What's its role? Where did the IP come from? Is it all organic that you guys developed to explain?
Nick Schneider
>> Yeah, so we've built the knowledge graphs all internally. So it's all internal IP. It's all based off of the data that we have within our ecosystem, which again is across 10,000 customers. It's a massive data platform, 10 trillion security events a week, but then it also leverages all the context of what the humans have done over the past decade within our SOC, all of which is annotated and is able to be used against the data sets that were bring in and then helps us to build these agents. So without the knowledge graph, it'd be like a teacher having never gone to school. You can get into the classroom and tell people what to do, but you don't actually know the context of what you're trying to teach or the context of what you're trying to get across in the classroom. And the same thing is true of AI and a knowledge graph. In order for the AI and the agents to do what you want them to do, they have to be trained on a knowledge set. That knowledge set has to be representative of the environment that they're in, and then they need some context for what they're supposed to do with the data that they're getting.
Christophe Bertrand
>> I have a question for you regarding what you do to protect the protector, meaning obviously you could be the target of attacks and we know on the other end, attackers are leveraging AI. I mean, as a matter of fact, there's probably no attack right now that's not AI powered. So you're fighting fire with fire. I get that. But what do you do to protect yourself? Are there any specific best practices that you have put in place? How do you potentially proactively detect attacks against your own infrastructure? Because to me, that would be where I would want to go to be more efficient as a bad guy.
Nick Schneider
>> Yeah. Yeah. So the same principles that we give to our customers, we give to ourselves, a lot of it still is blocking and tackling, right? So we're really regimented on our baselines and what we're doing with regards to the basics in cybersecurity. We obviously have the largest SOC in the world that is at our disposal for our own business, which clearly helps with our efficacy and our ability to stay on top of new threats. And it's not just like the actions and the agents and the tools, it's also the threat intelligence, the labs teams, the threat hunting, everything that you have put around a SOC to make it work that we have in spades. And I think as David alluded to earlier, that's maybe historically a common misconception of Arctic Wolf, is that we were strictly MDR and we're very much primarily a technology platform with a SOC element to it, but we have all the requisite parts surrounding the SOC to ensure that it's getting the up-to-date information about current threats and up-to-date current information about how you remediate against those threats, all the information and tools to be able to build new or novel detections, like everything that you'd want to ensure that you're up-to-date is part of our solution to the customer, even though it comes across in one SKU, right?
Dave Vellante
>> I mean, it's a security cloud, right? In a way. The largest SOC in the world, this is new language. I hadn't heard that before. At what point did you become the largest SOC in the world and how do you know that?
Nick Schneider
>> Yeah, largest commercial SOC. So there are government organizations that have larger SOCs. So we did a bunch of work with the various analysts. Obviously some of the names that you'd expect would be next in line, but when you account for the volume of data that we're ingesting, the size and scope of the integrations and the tools that we're ingesting from, and then just the sheer size of the team. And the team, back to an earlier point, is not just the SOC operators, not just the people doing the work in the SOC, but it's also the thousand plus people we have that are security experts that are doing the work on threat intelligence and detection engineering and everything else that goes into making the platform the platform. And those things together are what you would need to have to have a SOC internally. It's just that if you need to have that SOC and be able to operate it against 10,000 plus customers, you end up with a very big engine.
Dave Vellante
>> Because you would think obviously the hyperscalers would be in that list, the big banks would be in that list and the research suggested that you actually surpass those guys in scale and scope. Well, that's amazing.
Nick Schneider
>> Yeah.
Dave Vellante
>> Did you envision that when you started this business that that was the north star?
Nick Schneider
>> Absolutely, David. No.
Dave Vellante
>> I mean, that is astounding when you think about it.
Nick Schneider
>> Yeah. It's built over now over 10 years and started from a basic premise that like cybersecurity is difficult, super noisy, there's not enough resources, it's hard to find talent, it's hard to keep the talent. And we've been able to bring that vision and bring the solution to that problem to our customers in different ways over that 10 years. But I think the size and the scope with which we've built the business and the platform is a testament to that.
Dave Vellante
>> Impressive. I mean, you set out to solve a problem and service customers and it's turned into something massive. Okay. Everybody hates software now, SaaS apocalypse. All of a sudden annual recurring revenue is, you don't touch that one. ARR will never go out of favor, folks. But so how are you able to get operating leverage in your business? What can you tell us about your business? I always ask you the IPO question, you always answer it the same way, but I'm going to ask it again, but let's start with your business. It's more of a software business than it is a labor business. So you're getting operating leverage, you're getting marginal economics at volume now. You don't have to spend a gazillion dollars on GPUs. I mean, I'm sure you're accessing tokens and you're probably happy to pay for tokens because it's really driving value for your customers, but I'd love to unpack those dynamics.
Nick Schneider
>> Yeah. Yeah. So there's a lot of stuff in the market these days. There's the Databricks announcement today, which is driving the market again. So I think the cybersecurity market is working through what the hyperscalers and what the AI native businesses are going to mean for cybersecurity more broadly. For our organization, we've always had a blend of technology and the human element. And I think within cybersecurity, a lot of what we just talked about is really, really important. So there are certain pockets of software and certain pockets of cybersecurity where I think AI could be very disruptive. They're easy, more binary problems where AI would really shine. It's like truly a data problem. Cybersecurity is not fully a data problem, right? It's not like some SaaS applications where their primary value is search or their primary value is visualization. Those markets would be a little bit more difficult. In cybersecurity, you have to have the expertise. You have to have the expertise in particular to be able to build the functionality or the software solutions or just the solutions in general that your customers are going to expect, or they won't trust it. So for us, the way we're garnering leverage is A, we're continuing to grow. So we're continuing to grow materially in our international regions. I was in Australia last week and we have a growing business there, and EMEA, in Japan, and all throughout North America. So we'll continue to double down geographically. We've added on top of this platform a bunch of new products, right? So we talked about Silence, which is now Aurora Endpoint. We added a product called UpSight, which is an anti-ransomware add-on, which will be coming out in the next quarter or so. We just added a business called Sevco, which is like a CAASM CTEM product. And all these sit on top of the platform, but are really efficient for us to be able to get to a sizable customer base. And then the last piece is the leverage and use of AI. So like in our core business for coding and finance and sales, we're leveraging AI to be more productive. And then within the SOC, the same thing. We're able to get either better results with the same talent or on a ratio basis, on a forward-looking basis, as we add more customers, we don't need to add the same number of talent or the same type of talent as we progress forward and the business becomes more efficient.
Dave Vellante
>> And you're able to fund this with cash flow, the balance sheet, are you raising?
Nick Schneider
>> Yeah. So we are in a position now where we really wouldn't have to take on any more money to operate the business. We are still going to be opportunistic in M&A. So if we were going to do any more from a fundraising perspective in the private markets, it would be primarily to fund M&A.
Dave Vellante
>> I mean, how are you feeling about the private markets? I mean, obviously you mentioned Databricks. Databricks is like the poster child for not going public and potentially for good reason. And the flip side, there are advantages to being public. Have you changed your thinking on going public or what's your current thinking on that?
Nick Schneider
>> Well, today is not a good day to ask that question.
Dave Vellante
>> Clearly, right.
Nick Schneider
>> No. We've built a big business. It's still growing quite well. Our gross margins are improving, our operating margins are improving. I think we see a pretty big opportunity to bring in some new technologies and talent to be able to forge forward as a leader in this new frontier by leveraging AI for security. All that under the backdrop of, I think the market's going to need a little time to suss out which segments of the market are really under threat and which aren't. So we're being patient in that regard.
Dave Vellante
>> But you're comfortable being private, obviously. Maybe your investors are giving you pressure to get liquid, but that's-
Nick Schneider
>> Never.
Dave Vellante
>> That's their problem.
Nick Schneider
>> Never.
Dave Vellante
>> That never happens, does it? And like you say, it's a weird time. I mean, between tariffs and wars and other events over which you have no control. But when it comes to acquisitions, obviously being a public company has some potential advantages, so you're not against it, but the time-
Nick Schneider
>> Not against it. Certainly the public currency would be great. Certainly the marketing and the branding would be great. The timing and making sure that the timing right is really important to us.
Christophe Bertrand
>> I had a quick question, maybe it's a closing question on the business. I think the market is evolving differently depending on which segment you're talking about. So verticals, and you mentioned geos and global. So where do you put your chips? Obviously you have so many resources. Which verticals do you see as your top three or four? Just being realistic about where the adoption of AI in the context of cyber will be the most successful, number one. Number two, which geos do you think are the most promising or is there any difference?
Nick Schneider
>> Yeah. Yeah. So a few things. So I would do geo segment and vertical. So I don't think the verticals will change dramatically. Like the same verticals that are most cognizant of cybersecurity, I think will continue to be cognizant. So anything that has a regulatory requirement, so manufacturing, healthcare, finance will continue to be the big pieces of the pie. I think geographically the problems are the same everywhere. I think what you get in different geographies is the size and type of customer is quite different. I do think from a segment perspective, the advancements in AI have changed the game for a mid-market account. So I think A, can allow a mid-market account to be better protected if they use the right technologies or the right products or services, but B, the bad actors have a whole new set of tools, right? So previously, if they wanted to spend time on a phishing campaign or an attack, they would spend their time on a large account because it takes time to build those things. Well, now it doesn't take time to build those things, and you don't need really any technical skill whatsoever to build a cyber attack. So I think what we're seeing is like there's this opportunity now for bad actors to say, look, I can spray and pray in the mid-market and I can get the same return as a long process in a upmarket account. And I think that as a result will mean that we'll see a little bit more pressure in the mid-market with regards to cyber attacks and certainly the propensity for vendors and or bad actors to protect the market as a whole will remain. There will be attacks and protection for the upmarket businesses, but I think there will also be an uptick in attacks that you hear about in the mid-market.
Dave Vellante
>> Well, Nick, congratulations on your success. I mean, you're grinding away and you're scaling, so it's great to have you part of the community and really appreciate your time.
Nick Schneider
>> Yeah, thank you.
Dave Vellante
>> You bet. All right, keep it right there. This is a continuation of, we're deep into day two at theCUBE here at RSAC 2026, our CEO series. Bipul Sinha is up next. You don't want to miss it. Keep it right there, right back right after this short break.
Dave Vellante
Christophe Bertrand