The autonomous SOC, built for the desert.
Eleven security tools. One unified portal. An AI analyst that investigates, acts, and leaves a cryptographically signed receipt for every decision — so the audit trail is part of the product, not an afterthought.
Mission
“To make cutting-edge security operations something teams can adopt without tearing out the tools they already trust. Elm — our SOAR — and Truthsayer are the wedge: they connect into the SIEM, EDR, ticketing, identity, and email systems a company already runs, so Sandworm augments the existing stack instead of replacing it. From that foothold, teams grow into the full eleven-tool platform on one codebase — every tool built on frontier-grade detection and AI, and wrapped in a modern, genuinely usable interface, because security software shouldn't feel like a second job.”
The problem we saw
The average company runs 30 to 60 disconnected security products that do not talk to each other. A typical analyst receives around 200 alerts a day, most of them noise. The average company takes roughly 200 days to discover a breach. And most of the famous recent breaches — MGM, Caesars, Okta, MoveIT — were not technically sophisticated. An attacker called the help desk and asked for a password reset.
Think about how a building is secured today: a fire alarm from one vendor, sprinklers from another, cameras from a third, locks from a fourth, and one guard juggling five screens. By the time the guard confirms a real fire, the building is half gone. Sandworm wires all five together and adds an AI that watches them all at once, decides if it is real, and — if you let it — locks the doors and calls the right people, all before the human guard finishes their coffee. And every decision the assistant makes comes with a receipt.
The incumbent platforms are pre-AI data lakes with AI bolted on after the fact. They were never designed to run in a sovereign or air-gapped environment. They do not ship a signed audit trail for every autonomous action. And they do not make the product better for every customer when a new customer joins — not without sharing that customer's raw data.
What makes it different
Every decision comes with a receipt
The AI must cite the specific evidence behind every conclusion before it acts. It physically cannot hallucinate. Every autonomous action is cryptographically signed so auditors can verify it years later.
Federated threat intelligence with mathematically proven privacy
Each new customer makes the product better for every other customer — without anyone sharing raw data. Differential privacy is enforced mathematically, not by policy.
Runs where competitors cannot
Mendicant — our AI analyst, in every tool. It runs on frontier models today; in parallel we are building a from-scratch C++ engine with no dependency on PyTorch or TensorFlow, designed to run in regulated, air-gapped, and sovereign environments where OpenAI and Anthropic are legally unavailable. Frontier-scale sovereign inference is on the roadmap.
Same product, three different trust levels
Platform for teams scaling up. Sovereign for regulated industries and defense. One codebase, one support team, one migration path as you grow.
The team
Based in the Kennesaw / Atlanta metro — Atlanta Tech Village, ATDC, Georgia Tech, and Kennesaw State cyber ecosystem.
Jacob Hendrick
Co-founder & CEO
Built the entire platform end to end — all 11 tools, all 22 backing services, and is building Mendicant, a from-scratch C++ AI engine. The pace is the moat.
Benson White
Co-founder & VP Engineering
Systems-level engineering: multi-region federation, data-plane scalability, and the infrastructure that makes the platform production-ready.
Isaac Uzoije
Co-founder & CFO
Incorporation, finance, and operations. Keeps the business running so the engineers can keep building.
“The pace is the moat.”