Cybanetix Launches Managed AI Service: AI-Native MDR Powered by Four-Vendor Stack

Cybanetix launched its Managed AI Service on June 2, 2026. The British security operations provider is introducing a model that aggregates technologies from NOMA, SentinelOne, Microsoft, and Exabeam under its 24/7 SOC, featuring a declared response time of under 15 minutes. The service targets three critical areas for CISOs: employee AI usage, model governance, and the behavior of AI agents embedded in business processes. The announcement comes amid intensifying regulatory pressure, with the EU AI Act in force, ISO 42001 standards gaining traction, and most enterprises still lacking a structured security response for these three domains.

Three Domains, No Single Solution: Why Cybanetix is Betting on a Multi-Vendor Stack

Merlin Gillespie, CTO of Cybanetix, stated that no single product currently addresses model posture, red teaming for anomalous behavior, runtime detection, and the evidence required for auditors and regulators simultaneously. The Managed AI Service attempts to bridge this gap through a specialized, layered architecture.

NOMA handles AI discovery, access control, red teaming, and detection and response, with results mapped to ISO 42001, the EU AI Act, and NIST AI RMF. SentinelOne Prompt Security and Microsoft Purview for AI provide user-level controls, while Exabeam manages agent behavior analytics. Cybanetix supplements these technologies with consultancy, managed services, and a 24/7 SOC featuring correlated playbooks, exposure management, and unified compliance reporting.

The source does not specify the level of native integration between these four vendors. The primary report uses the term "combines" without clarifying whether orchestration occurs via APIs, pre-defined connectors, or custom integrations. This distinction is critical: the difference between a true correlation layer and a bundle of separately managed services impacts the ability to detect threats traversing multiple domains.

Service Scope: From Assessment to Continuous Reporting

The service consists of six components: AI Risk Assessment, technology deployment, AI posture management, MDR (Managed Detection and Response), Continuous AI Risk Reporting, and testing and validation. The testing phase includes real-time prompt injection detection, anomalous behavior monitoring, data exfiltration prevention, and AI red teaming.

Compliance reporting covers seven frameworks: ISO 27001, SOC 2, NIS2, Cyber Essentials Plus, EU AI Act, ISO 42001, and NIST AI RMF. The source does not clarify whether Cybanetix holds active certifications for these standards or if the service merely provides mapping and documentary evidence. This distinction carries operational weight: a CISO responding to an audit or a regulatory authority must know if compliance is certified by the provider or remains the client's responsibility.

"AI tools such as co-pilots, coding agents and LLM-powered workflows are now embedded across every business function and represent the fastest growing, least-protected entry point in the enterprise. CISO's need AI posture management, model provenance, red teaming for rogue behaviour, real-time runtime detection, and the evidence trail to satisfy regulators and auditors. No single product does that, whereas the Managed AI Service covers all those bases to provide a truly credible AI security programme" — Merlin Gillespie, CTO at Cybanetix

Business Context: MDR Growth and Workforce Expansion

A TechRound report from February 4, 2026, cited as corporate context, indicates that Cybanetix has seen record growth in recurring MDR revenue, with approximately 90% of ARR (Annual Recurring Revenue) derived from SOC contracts. The company's workforce grew by 38% over the past year. While these figures do not specifically refer to the Managed AI Service launched in June, they indicate an expanding operational and commercial foundation. The source does not provide updated figures as of the launch date.

Regarding the sub-15-minute response time, the primary source uses the phrasing "capable of responding to alerts in under 15 minutes." However, the CEO cited by TechRound uses the word "guarantees." The source does not resolve this terminological discrepancy; it remains unclear whether this is a contractual SLA commitment or a stated operational capability.

Strategic Implications and Unresolved Questions

The dossier does not document the pricing or the pricing model for the Managed AI Service. It does not specify the number of initial or pilot customers, nor does it provide a general availability date distinct from the announcement date. Furthermore, the report lacks independently verified performance metrics, such as incident reduction rates or false positive benchmarks, and does not detail the correlation architecture between AI alerts and existing EDR/identity systems.

The level of integration between the four vendors in the stack remains unspecified. The source does not clarify if Cybanetix acts as a service integrator or if it has developed proprietary orchestration layers. The primary article makes no mention of compliance certifications obtained by the service itself, focusing instead on framework mapping.

For CISOs, these limitations mean that evaluating the service requires direct verification of three points: the actual depth of correlation between technology layers, the contractual nature of the response time, and the certification status regarding the cited standards.

FAQ

What is AI-native MDR, and how does it differ from traditional MDR?

Traditional MDR focuses on threat detection and response for endpoints, networks, and identities. The model proposed by Cybanetix extends this approach to three AI-specific domains: user consumption, model governance, and autonomous agents. The difference lies not just in scope but in the data monitored: prompts, model behaviors, and AI agent actions require different telemetry and playbooks than classic EDR systems.

Why use four vendors instead of a single platform?

The CTO's statement explicitly notes that "no single product" meets all the cited requirements. The decision to aggregate specialized tools—NOMA for AI security, SentinelOne and Microsoft for user controls, and Exabeam for behavioral analytics—reflects the current fragmentation of the market. The risk, which the source does not document as mitigated, is that integration complexity may shift from the client to the provider without being architecturally resolved.

Does the EU AI Act make this service mandatory?

No. The EU AI Act imposes governance and documentation obligations for high-risk AI systems but does not prescribe specific vendors or services. While the Managed AI Service's compliance reporting maps to this regulation, the source does not indicate whether Cybanetix provides certified compliance or merely documentary support for the client's own compliance efforts.

Information is based on the cited sources and is current as of the time of publication.

Sources

• https://www.helpnetsecurity.com/2026/06/02/cybanetix-managed-ai-service/
• https://www.securityweek.com/russian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say/
• https://unit42.paloaltonetworks.com/cyber-extortion-economy/
• https://techround.co.uk/news/cybanetix-sees-record-growth-in-recurring-mdr-revenue-powered-by-ai-led-security-operations/
• https://www.helpnetsecurity.com/2026/05/14/ai-governance-gap-video/
• https://ads.securityweek.com/getad.img/;libID=5273448
• https://ads.securityweek.com/redirect.spark?MID=179018&plid=3599592&setID=605204&channelID=22611&CID=1756486&banID=524510163&PID=0&textadID=0&tc=1&rnd=5648339&scheduleID=3812109&placementScheduleId=3812109&adItemScheduleId=0&adSize=300x250&metadata=%5B%5D&mt=1780390803630990&sw=800&sh=600&spr=1&referrer=https%3A%2F%2Fwww.securityweek.com%2Frussian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say%2F&request_uuid=c57075ca-db56-4265-9244-ae2aa2667c5b&hc=6741ff437e320c497edbfb53e630e0eb931e7269&location=