Today we're making Mallory generally available: an AI-Native Threat Intelligence Platform built for exposure investigation and modern intel workflows. At its core, it's built around the one question security teams ask every day: "Are we affected?"
Why Mallory
Threat intel has never been more important, and it has never been noisier. The inputs are scattered across advisories, breach chatter, ransomware leaks, vendor write-ups, and a hundred other sources. The entities don't line up. The workflows live in too many tabs. You spend more time assembling the picture than analyzing it.
The stakes are high. Answer too slowly and you either overreact and burn the team, or underreact and carry risk you didn't intend.
We built Mallory to close that gap. Get from signal to context to action, with a team of three or thirty.
What we're launching today
Launching today, Mallory is a platform for exposure investigation and modern intel workflows. A few things it does well out of the gate:
- Tracks thousands of sources following actors, malware, and TTPs, connecting them to real-world activity, with evidence.
- Contextualizes to you: connect your tenant, sources, and workflows so the platform becomes more specific to your team over time.
- Makes investigation easy, interactive and automatic: ask questions, follow threads, and set up schedules to track entities and stories you'd otherwise have to assemble manually.
Under the hood, we've put a lot of energy into the unglamorous foundations: entity resolution, source coverage, and building an interface where agents can actually work with the data instead of hallucinating around it.
Who it's for
Mallory is for modern security teams harnessing AI who need to move quickly and need the best intel to power their automated and manual workflows:
- CTI teams that want to do more analysis and less plumbing.
- Security operations and hunt teams that need intel translated into concrete hypotheses.
- CISOs who want to enable their team to do more with less. Mallory delivers answers, with receipts.
How we're going to market
We're starting with a product that's easy to adopt and one that can grow with you.
- A Team (hosted) tier, priced per seat with an allocation for model usage.
- An Enterprise tier that enables BYOM and self-hosting.
- A Community tier for personal use: researchers and independent users who need better data and can harness that data with their own models.
This is the beginning, not the end state of our packaging, and we already have a number of OEM partners we'll talk more about in the coming months.
Thank you
This launch is the result of a lot of trust. To our early believers: Decibel Ventures, Aviso Ventures, LiveOak Ventures, and the angels who backed us early. Thank you for the conviction and the willingness to fund a necessary change.
To the design partners and early users: you shaped this product, and will continue to do so. Thank you for the time you've generously offered, and the willingness to share real problems.
And to the team: thank you for putting your heart and soul into this effort. We are just getting started.
What's next
Moving forward, we're going to keep doing what we've been doing since day one, shipping new functionality weekly and working hand in hand with our design partners. You can expect us to keep updating the changelog and shipping weekly.
If you're responsible for answering "are we affected?" and want to move faster, we'd love to hear from you.
- jcran