Grid by LimaCharlie is now self-serve: put AI agents to work across your stack

Grid is now available self-serve at grid.limacharlie.io. You bring a credit card and a problem you want solved, with no minimum, no maximum, and usage-based pricing. Because Grid is built like a cloud provider, you can start on your own and have a working solution running in your environment in about 30 minutes.

Grid by LimaCharlie lets you describe a security problem in plain language and then builds and runs the solution against the tools you already operate, with a full audit trail on every action. It combines AI with the broader LimaCharlie toolset to deliver detection, investigation, response, automated queue review, detection engineering, and more, which keeps cost sane and gives you precise control over what every automated decision costs.

What Grid does

Grid starts from the problem you want solved. You describe a security outcome in plain language, and Grid builds and runs the solution against the tools you already operate, then keeps it working over time. That might be detection and response for an attack you just read about, automated review across the queues your analysts grind through, a daily detection engineering routine, or a breach simulation program you package and resell. You state the outcome, and Grid delivers it as a working solution running in your environment. Approval queues are the most immediate example, because every team has them and they never stop: email quarantine review across Defender, Proofpoint, and Mimecast, application allow listing in ThreatLocker, DLP policy violations in Purview, privileged access requests, phishing report triage, and SIEM and EDR alert review. Each one follows the same pattern, where something gets flagged or requested, it enters a queue, a person reviews the context and makes a decision, and the decision gets logged. Grid automates that pattern across every tool in your stack rather than one vendor's queue in isolation. Whatever the problem, the work that used to consume analyst hours becomes a configuration decision, and your analysts move on to the work clients actually pay for.

How Grid works: a charter and a forward deployed engineer

The first step in Grid is a chat interface, because that is where AI works most comfortably. You describe the problem you are trying to solve. From there, Grid does something more durable than building a one-off automation: it creates a charter and an AI forward deployed engineer (FDE).

The charter is the North Star for the work. It captures the goal and your operating parameters, including the constraints that matter operationally. You might specify that an investigation should never cost more than two dollars or take longer than two minutes. Those parameters get baked into the charter and govern everything the FDE builds.

The FDE concept comes from enterprise software, where a vendor embeds an engineer with deep platform knowledge alongside the customer, gives them direct accountability for outcomes, and has them build whatever is needed to deliver results. Grid applies that model with an AI agent in the embedded role. The FDE does not perform the security work itself. It designs, builds, and continuously supervises the worker agents that do, configuring the triggers, data flows, and cases required to deliver the outcome in your charter.

That supervisory role is what solves the day two problem. Building a day one solution is the easy part. The harder part comes tomorrow, when Microsoft renames a field in an Entra audit log and the automation breaks. With only a day one build, a person has to notice the failure, diagnose it, and patch it. The FDE handles that continuously. It checks how things are running, and when it sees cost drifting above the charter (for example, an investigation creeping from $1.50 to $3 because data acquisition from several Azure APIs got expensive), it builds a deterministic Python playbook in LimaCharlie to fetch that data and instructs the AI to call it, driving the cost back inside the charter.

A few concrete problems people bring to Grid:

• A new Microsoft Entra OAuth consent attack you do not fully understand yet. Describe it, and Grid researches how the attack works, connects your tenant's audit logs into LimaCharlie, and stands up detection, investigation, and response for it. For a service provider, that becomes a new line item to offer customers.

• A ThreatLocker allowlisting queue generating roughly a hundred requests a week at around $14 per request. Paste in the L1 playbook you already use, and Grid automates the queue end to end, escalating the ambiguous cases to a Slack, Teams, or Telegram channel for a human yes or no, then finishing the request based on the answer.

• Daily detection engineering. Have Grid research new threat reports and intrusion activity, implement detections in an internal test tenant, wait a day to confirm fewer than one false positive, then push the detections to every customer tenant.

Cost and ROI you can actually see

AI is powerful, and if AI is the only tool you have, you end up pushing everything through tokens and paying for it. Because Grid is built on LimaCharlie, it has a large set of deterministic capabilities to lean on, so AI gets used where it adds judgment and the rest runs cheaply and predictably.

The model runs on a bring-your-own-key basis. Grid uses the Claude Code agent SDK under the hood, transparently, so your worker agents inherit a rich and capable ecosystem, and you supply your own provider keys. You know exactly what you pay per token, you can negotiate your own rates, and cost stays an externality you control rather than a number a vendor hides.

That transparency carries through to ROI. Every case automatically tracks how much AI was used, and from a handful of metrics you build cost profiles that tell you what you need to know to run the business: your automation rate, how many cases are handled by AI alone versus AI plus a human, and how many analyst hours you are freeing up. You can read those numbers per profile, such as L1 triage, and break them down by model, by detection rule, and per agent. If you run many tenants, you can see all of it at the top level across the whole book of business. That is the difference between adding AI as a cost and using AI to retire work nobody wanted to do in the first place.

Built on LimaCharlie

Grid exists because LimaCharlie already exists. LimaCharlie is security operations infrastructure delivered like a cloud provider, an AWS for security operations, with SIEM, EDR, a data lake, and SOAR-style automation that plug together natively and are fully open through API and CLI. That headless, API-first foundation is what AI works well against, and it is what let us build Grid quickly.

Grid sits on top of that infrastructure without replacing it. You can always pop the hood and work directly in LimaCharlie at full scale. Case management is built in and can mirror to ServiceNow or Halo PSA, giving AI agents and human analysts a shared place to report their work and collaborate, where a human can tag an AI into a case for a deeper investigation. Everything is infrastructure as code, so charters and agent memories are versioned, portable across tenants, and manageable through CI/CD.

That infrastructure is also what has driven real outcomes for service providers. Black Hills Information Security cut their unit cost by roughly 60% running on LimaCharlie. As Andrew Cook, CTO of Recon InfoSec, puts it, "LimaCharlie has just been a force multiplier for us in terms of getting to focus on building SecOps workflows, processes, and technology without having to worry about the infrastructure."

Watch the webinar replay

Maxime Lamothe-Brassard, founder and CEO of LimaCharlie, walks through Grid end to end in the webinar below: the charter and FDE model, the onboarding flow, the AI workbench, case management, and the cost and ROI reporting. Watch the full replay for a complete look at how Grid runs in production.

Get started with Grid

Grid is self-serve and available now. Pick the queue or problem that eats the most analyst time, describe it in plain language, and have a working solution running against your real environment in about 30 minutes.

Sign up for Grid

If you would rather be walked through it, get in touch for a demo. For us, a demo is really an onboarding: come in with credentials and a problem, and we will solve that problem by the end of the call.

FAQ

What is Grid by LimaCharlie? Grid by LimaCharlie is an automation layer that connects to the security tools you already run and resolves the repetitive review decisions across your approval queues, including email quarantine, application allowlisting, DLP, access requests, and alert triage. Every decision is logged with a full audit trail. Grid is built on LimaCharlie's security operations infrastructure and runs the Claude Code agent SDK under the hood.

How is Grid different from a single-vendor automation feature? Every vendor will eventually automate its own queue. Microsoft will automate Defender quarantine, ThreatLocker will automate its own approval queue, and so on. Each of those covers one queue on one platform. Grid automates the same review pattern across every vendor and every queue type in your stack, with shared context and consistent decision logging across all of them.

How long does it take to set up Grid? You can start self-serve and have a working solution running against your environment in about 30 minutes. You describe your problem in a chat interface, Grid connects the data sources it needs, and it builds the detection, investigation, response, or review automation for you.

How much does Grid cost? Grid uses usage-based pricing with no minimum and no maximum. The AI runs on a bring-your-own-key basis, so you control your provider rates and know exactly what you pay per token. Cost profiles inside Grid let you track spend and ROI by case, model, detection rule, and agent.

Does Grid replace my existing security tools? No. Grid connects to the tools your team and your clients already run and automates the review decisions on top of them. It is built on LimaCharlie and does not require ripping out or migrating off your current stack.

Who is Grid for? Grid is built for SOCs, MSSPs, and MDR providers that manage repetitive review work across multiple tools and tenants. Service providers feel the value fastest because the same automation pays off across every client and every queue, though Grid is useful for any team carrying approval queue volume.

Sign up for Grid at grid.limacharlie.io