e2e-assure launches sovereign AI security platform

e2e-assure has launched Cumulo, a sovereign AI-driven security operations centre platform for IT and operational technology environments. It describes the product as the UK’s only sovereign zero-day SOC platform.

The launch is aimed at organisations that want to keep cyber defence data and AI models within UK-controlled infrastructure, particularly operators of critical national infrastructure and businesses in regulated sectors. Cumulo combines threat detection, incident analysis and environment modelling in a system designed to reduce reliance on external cloud AI services.

The platform is built around a digital twin of each customer environment, maintained continuously through passive discovery across IT and OT systems. That replica is used for attack simulation and to identify risks before they are exploited, an approach e2e-assure says is particularly relevant in operational environments where live testing can disrupt services.

Another element is what e2e-assure calls a zero-day SOC model. In practice, this means live threat intelligence can be turned into detection rules immediately rather than waiting for slower update cycles, with the aim of narrowing the gap between a threat emerging and an organisation being able to detect it.

The system keeps artificial intelligence alongside a security information and event management platform rather than replacing it. In this structure, the SIEM acts as the evidential record of events, while AI analyses data, builds context and supports investigations.

Customer-dedicated local large language models are deployed within sovereign environments and trained on each organisation’s own estate. This is intended to improve accuracy by grounding analysis in local operating conditions while limiting the movement of sensitive security data outside customer-controlled infrastructure.

The launch comes as UK cyber policy places greater emphasis on early threat identification and stronger domestic control over defensive tools. e2e-assure linked the product to GCHQ’s AI Cyber Shield initiative and to broader concerns about dependence on foreign technology providers for security operations.

“Cumulo represents a shift away from traditional SOC and SIEM environments that are largely human-centric and reactive because they rely on sequential alert triage and retrospective investigation. Instead, Cumulo uses an AI-first security operating system,” said Rob Demain, chief executive officer of e2e-assure.

“Threats are now moving faster than human-led workflows can keep pace with, leaving security teams struggling. At the same time, many AI approaches in security are still constrained by legacy architectures that force them to rebuild context after the fact. We built Cumulo to change that by continuously building understanding as data is generated, while keeping expert analysts at the centre of decision-making,” Demain said.

The service retains a human review model, with SC-cleared security staff involved in decisions rather than allowing the platform to operate autonomously. Customer security and operations teams also remain involved throughout investigations, particularly where risk appetite and operational constraints differ between organisations.

Behind that model is a layered AI structure that separates environment-specific reasoning from broader research and intelligence tasks. A local model layer handles detection and analysis tied to the customer estate, while a separate intelligence layer correlates wider threat data. A further model layer is used for non-sensitive enrichment work.

The platform also uses several AI models to review investigations from different perspectives, creating what e2e-assure calls an auditable view of each alert through its Cumulo Analyst Helper. Findings are then checked against threat intelligence and deterministic detection engines before reaching an analyst, in an effort to reduce false or misleading outputs.

Product tiers

Cumulo is being offered through a tiered model aimed at different levels of security maturity. The standard version includes AI-led investigation, autonomous threat hunting, threat intelligence, centralised reporting and compliance dashboards.

The higher tier adds unified monitoring across IT and OT systems, digital twin functions, live compliance dashboards and cross-environment correlation for organisations with more complex operational estates. e2e-assure says the model is intended to help users identify and rank vulnerabilities across interconnected environments before they are exploited.

The company has provided managed security operations services to government and critical infrastructure customers for more than a decade. Its security operations centre is staffed by UK-based cleared cyber professionals, and the Cumulo platform is fully owned by the business rather than tied to a single third-party technology stack.

“For organisations responsible for critical national infrastructure and essential services such as energy, water, transport, telecommunications and government operations, resilience isn’t just about identifying threats faster; it’s about ensuring your ability to defend remains intact during a crisis,” Demain said.

“As more security capabilities move into the cloud, questions around sovereignty, dependency and operational continuity continue to mount. For organisations operating in regulated or high-dependence environments, reliance on external AI infrastructure can introduce risks around data residency, transparency and continued access to critical defensive capabilities. Cumulo addresses these challenges by keeping sensitive operational knowledge within customer-controlled environments, reducing exposure to external disruption and helping organisations maintain visibility and cyber defence capability even during major incidents, connectivity outages or wider infrastructure disruption,” he said.