Sometimes SOAR Is a Few IF/THEN Statements, and That's OK
February 2026 · 6 min read ENGINEERING PHILOSOPHY
There's a quiet pressure in cybersecurity right now to label everything as AI-powered. Vendors race to attach "machine learning" to every feature, and buyers have learned to expect it. But at Sensilla, we think the more honest conversation is about knowing when AI is the right tool and when a well-written IF/THEN statement does the job just fine.
Where We Started: Graph Theory and the Grid
Our technology has deep roots in AI and ML. Back in 2018, we were leveraging graph theory to assemble what we call the Grid, a network graph that displays a company's network as a living thing, independent of topology. The Grid renders communications, alerts, vulnerabilities, and business processes in a single view. The goal was simple in concept and hard in execution: let a SOC operator see the entire network at a glance and assess the state of the system in a second or two. We wanted our operators to go fast, respond to real incidents quickly, and discount false positives without burning cognitive energy.
That required real AI. Behavioral baselines, anomaly scoring, entity resolution across thousands of nodes, none of that works with static rules. The Grid is a genuinely novel application of graph-based machine learning to network security, and we're proud of it.
Where We Are Now: NLP for Speed
Our most recent developments push further into AI territory with natural language processing. We use NLP to help SOC operators go even faster, generating incident summaries, accelerating threat research, interpreting complex event chains, and drafting communications. When an analyst needs to understand a multi-stage attack at 2 AM, having an AI-generated narrative that synthesizes log data, threat intel, and network context into plain language saves real time. These capabilities are built on purpose-trained models, not generic chatbots with a security skin.
The IF/THEN Statement That's Been Running Since Day One
But here's the thing we don't hide from: there are still many places in our product where an IF/THEN statement did the job and hasn't been touched since it was written. A conditional check that routes an alert to the right queue. A threshold comparison that triggers a notification. A formatting rule that normalizes log timestamps. These aren't glamorous. They don't make for exciting marketing slides. But they work reliably, predictably, and without the overhead of a model that would add complexity without adding value.
We could wrap those features in AI branding. We could imply that a neural network is involved when it isn't. Plenty of companies do. But we'd rather be straight about it: these features exist because our team has deep domain expertise in security operations. They were born from years of watching how SOC analysts actually work, what breaks under pressure, and where simplicity beats sophistication. That experience is worth more than a marketing label.
The Distinction That Matters
Putting a skin on ChatGPT doesn't make you an AI company. It makes you an AI-using company. That distinction matters, especially in security, where the consequences of getting it wrong aren't a bad recommendation or a weird image. They're breached networks, stolen data, and operational disruption.
It's become common to say that AI is now the "knowledge" center and humans provide the "taste." There's some truth to that in creative fields, content generation, and general productivity. But in IT security, humans still provide the context. A model can flag an anomaly. It takes a human to understand that the anomaly is a developer testing a deployment script at an odd hour, or that a spike in DNS queries correlates with a newly onboarded SaaS tool rather than a C2 channel. Context is the difference between a false positive and a real incident, and context still lives in human judgment.
Honest Technology
We're highlighting all of our features; the graph-theory-powered Grid, the NLP-driven analyst tools, and yes, the IF/THEN statements that have been quietly doing their job for years. We think that honesty is itself a differentiator. When a vendor tells you everything is AI-powered, you should ask what that actually means. When we tell you something is AI-powered, we mean we built the model, we trained it on security-specific data, and it does something that rules alone can't do. When we tell you something is a conditional check, we mean it's a battle-tested piece of logic born from domain expertise. Both have value. Both deserve to be acknowledged.
Real security platforms aren't built by picking the trendiest technology and applying it everywhere. They're built by picking the right technology for each problem and having the expertise to know the difference.