For CISOs and security organizations running distributed estates across IT and OT. Why the cloud-SIEM model breaks as agents — and agentic threats — appear everywhere, and how an edge-native, identity-driven AI SOC keeps detection, response and governance on your own ground.
The Security Operations Center evolved for two decades — NOC, SOC, AI/ML-assisted detection, threat intelligence, SOAR — toward a cloud-SIEM, managed-service model. That model assumed telemetry could leave the site and that threats were authored by humans. Both assumptions break in 2025 and beyond: AI agents now act everywhere — yours automating operations, adversaries' automating attacks — and distributed IT/OT estates cannot ship sensitive, high-volume telemetry to a metered cloud. We argue for an edge-native, identity-driven AI SOC: a self-learning reasoning core that runs on-site on owned silicon, detecting in the ingestion path; a knowledge graph that replaces isolated alerts with traced blast-radius; and an identity-driven core that gives every human, service and agent a scoped identity and policy — connected or air-gapped. Unovie delivers this through two offerings — GPU EdgeGateway, which governs agentic AI traffic, and the AI SOC (AISOC), which detects and responds on your floor — bound by a portable identity edge. The result: detections that compound on your environment, response that survives outages, compliance evidence that is continuous, and data that never leaves your boundary.
The SOC has been climbing the same ladder for twenty years. In 2025 the ladder ended, and the ground changed.
Each rung added capability to a fundamentally reactive posture: the network operations center became a security operations center; rules gained machine-learning assists; threat intelligence enriched alerts; and SOAR automated the runbooks. Useful, incremental, human-paced. The 2025+ inflection is not another rung — it is a change in who acts. Agents are now on both sides of the wire. Adversaries automate reconnaissance, exploitation and lateral movement at machine speed; defenders deploy their own agents to triage, hunt and remediate. The volume, velocity and autonomy of action all step up at once.
The SOC's job is no longer to collect logs and correlate them later. It is to reason over relationships in the ingestion path, act autonomously within guardrails, and govern an estate where humans, services and agents all take actions that must be attributed.
The 2022–2025 reference design was a cloud-SIEM, managed-service model: ship everything to a regional SIEM, correlate centrally, bill per query. For a distributed IT/OT enterprise that model now works against you.
| Assumption of the cloud-SIEM model | Reality for distributed IT/OT in 2026+ |
|---|---|
| Telemetry can leave the site | OT, IoMT, video and process data are large, sensitive and often regulated — egress is a data-exfil and compliance risk |
| Cost scales gracefully | Cloud-SIEM fees recur on every event and query; agentic volume multiplies them without a ceiling |
| The link is always up | Plants, depots, substations and vehicles operate through outages; a cloud round-trip stalls incident response |
| Generic detections are enough | Vendor rules miss your environment; OT protocols and device behavior need locally-learned models |
| Detection is a search problem | At machine speed, delayed search and scheduled correlation are too late — detection must happen at ingest |
The OT estate compounds every one of these: long-lived devices, brittle protocols, safety constraints, no patch window, and air-gapped or intermittently-connected enclaves where a cloud dependency is simply unavailable. A modern SOC for this world has to run where the data is born.
The traditional SOC is twenty fragmented tools, each a console and a silo. The modern architecture consolidates them into four cognitive platforms feeding a single reasoning core that takes autonomous action.
Each legacy control does not disappear; it is absorbed into a platform and made cognitive. The point is consolidation of data flows, not just consoles:
| Control | What it was | What the reasoning core makes it |
|---|---|---|
| CSPM | Finds cloud misconfig & drift | Generates and tests infrastructure-as-code PRs to auto-close drift |
| SIEM | Centralized log search & retention | Correlates events as a graph, not sequential log scans |
| SOAR | Hard-coded mitigation playbooks | Playbooks reason over live topology instead of static scripts |
| EDR | Endpoint detect & remediate | Explains endpoint anomalies and auto-scopes remediation |
| MITRE ATT&CK | Manual tactic mapping | Auto-maps detections to adversary tactics in real time |
| MEC (edge) | Compute at the network edge | Compiles hyper-local models that detect anomalies at the edge |
| IDAM | Identity, RBAC, MFA | Adapts access policy to user, service and agent context in real time |
The reasoning core is not a chatbot bolted onto a SIEM. It is a frozen open model adapted by external stores, improved by a verifier-graded loop, and run entirely on-device.
Detection happens in the ingestion path, on the GPU, while events are still moving — tokenized, classified and enriched before indexing, using a compact transformer classifier rather than regex chains. A streaming bus in broker-only mode feeds parallel GPU workers; an inference server runs the model with dynamic batching; enriched incidents land in a sharded, authenticated index; a dead-letter queue protects failed batches and retention keeps storage bounded. On a single Blackwell-class node this sustains production-grade throughput:
The model learns your environment without drifting. A frozen base never has its weights merged; adaptation lives in external, reversible stores — a knowledge layer (graph + retrieval), composable skills, and lightweight runtime controllers. A verifier-graded loop proposes updates, grades them against schema and grounding, and a regression gate commits only changes that beat the prior baseline on held-out data — otherwise it auto-reverts. Dual-path serving keeps a fast path for real-time detection and a deeper path for reflection.
Because the base is frozen and every self-update is reversible and must clear an automatic regression gate before it goes live, detections only ever improve — the model compounds accuracy on your attacks, on-site, at near-zero marginal cost, with no weight drift and no data egress.
Isolated alerts hide multi-stage attacks. A knowledge graph models the enterprise as a web of relationships, so a low-severity signal can be traced to its true blast radius.
Distributed IT/OT and agentic workloads share one root requirement: every actor needs a verifiable identity and a scoped policy — whether the site is connected or air-gapped. That is the job of a thin identity edge.
Rather than operate a heavy identity provider at every site, the architecture uses a thin authentication edge (an OAuth2/OIDC proxy with server-side sessions and edge RBAC) that delegates identity to the right issuer and injects a consistent identity context downstream. One pluggable setting selects the issuer; everything behind it stays identity-agnostic.
| Connected sites | Air-gapped / disconnected enclaves | |
|---|---|---|
| Issuer | The enterprise IdP — SSO, MFA and lifecycle stay where they already live; no local IdP to run | A self-contained on-prem OIDC issuer with its own user/group store — no external database, no cloud reach |
| Edge | Same thin proxy; same server-side sessions; same RBAC on a roles claim; downstream services receive identity via standard headers | |
| Switch | One pluggable issuer setting — applications and the SOC never change | |
| Secrets | Held in the platform secret store; never committed; sessions in a local cache | |
A portable identity edge gives humans, services and agents one scoped identity model across the whole distributed estate — connected or air-gapped — and becomes the control point the SOC and the gateway both reason over.
Agents are a new class of actor. They act on behalf of users, call tools, read sensitive data and spawn sub-agents — at machine speed. Each action must carry an identity, a scoped credential, a policy and an audit trail.
This is where identity, the gateway and the SOC meet. The GPU EdgeGateway governs the agent's traffic: it routes each request to the right model on owned silicon, runs tools and code in policy-governed sandboxes (no unauthorized file, credential or network access), checks for sensitive-data leakage and prompt injection inline, and meters every call. The AI SOC governs the agent's behavior: it watches agent actions the way UEBA watches users, and uses the knowledge graph to bound what a compromised or misbehaving agent can reach.
| Agentic risk | Control |
|---|---|
| An agent acts with no attributable identity | Identity-driven core issues a scoped identity per agent and human-on-behalf-of relationship |
| An agent over-reaches its tools or data | EdgeGateway sandboxes tools/code and enforces policy-as-code on every call |
| A prompt injection or leak rides the request | Inline safety classifiers (PII, jailbreak, injection) on every turn at the gateway |
| A compromised agent moves laterally | AISOC traces blast radius on the graph and contains by relationship |
| Spend and action go unaudited | Every route metered and attributed; every action logged for review |
Unovie delivers this architecture as two offerings bound by the identity-driven core, all on hardware you own.
An inference-native, agent-first gateway. One routing contract turns signals into decisions across a mesh of local, private and frontier models; the prefix cache is protected; context is selected, not pasted; tools run sandboxed; and every policy change is shadow-tested before it goes live. It is the safe, governed, least-cost path for every agentic request — and the enforcement point for agent identity and policy.
An edge-native, self-learning security operations capability: GPU-native detection in the ingestion path, a knowledge graph for relationship context and blast-radius, a verifier-graded learning loop that compounds accuracy on your environment, and autonomous action — remediation-as-code, graph-traced containment, adaptive policy and continuous compliance evidence. It runs on-site, learns from your own attacks, and never ships telemetry off the boundary.
Owning the detection and inference path is the strongest governance posture available to a distributed enterprise. Sensitive IT/OT and regulated data never leaves the site, so data-exfil and cross-border transfer risk are removed at the source. Controls map continuously to frameworks — NIST guidelines, sector standards such as FHIR for health data — producing continuous compliance evidence rather than point-in-time audits. Because the reasoning core's base is frozen and every self-update is reversible behind a regression gate, the security model never drifts out from under you — the opposite of a cloud detection set that changes on a vendor's schedule. A live asset inventory (CMDB) tracks device firmware, end-of-life and protocol risk across the IT/OT estate, and the knowledge graph keeps identity, asset and vulnerability context joined.