When Claude Code Hunts Cobalt Strike: Agentic Security Operations in Action

Security teams enter an asymmetric battle when adversaries freely use AI to wage attacks. The aggressors are armed with top-tier capabilities. Defenders hesitate to adopt AI they can't see, trust, or control.

SecOps teams are drowning in alerts and outpaced by adversaries who are unafraid to automate everything. The solution isn't another dashboard or another AI chatbot offering recommendations. It's agentic security: AI that operates directly within your security stack, governed by your rules and subject to your authorization.

LimaCharlie built a platform to make this possible.

The platform advantage: API-first, AI-native

Most security platforms are built upon layers of unrelated tooling loosely stitched together. LimaCharlie is different. LimaCharlie's Agentic SecOps Workspace connects your entire security stack through a unified API layer, giving security teams centralized control and standardized communication across everything. There's no proprietary nonsense, black-box integrations, or "trust the vendor" abstraction hiding what's happening under the hood.

AI in LimaCharlie isn't bolted on as an additional layer. It's integrated directly into the security stack itself, operating through the same API infrastructure as everything else. This architectural decision has significant implications. 

For example, because the platform is API-first, you can bring any LLM you choose into operations. Want to use Claude Code? OpenAI Codex? A self-hosted model? The platform supports it. The demo below uses Claude Code, but unlike most AI SOC tools, the approach is model-agnostic by design.

This stands in sharp contrast to the black-box, trust-the-vendor approach that characterizes most AI security tools. With LimaCharlie:

• Every action taken by AI is visible, logged, and auditable

• AI operates under your existing permission systems, not a parallel governance structure

• You define what the AI is authorized to do, and what requires human approval

• The platform doesn't lock you into a single LLM vendor or pricing model

• Customization is deep: instruction files, sample events, detection rule libraries, and investigation archives all inform AI behavior

Cobalt Strike hunt: Agentic AI operations in practice

Let’s look at how our architecture enables agentic AI operations. Eric Capuano, co-founder of the Digital Defense Institute, demonstrated a live Cobalt Strike investigation using Claude Code connected to LimaCharlie's command line interface (CLI) No scripts, no pre-staged results. Just an agentic AI working through a genuine security incident in real time.

The operation begins with a simple prompt: Lets get all recent detections in limacharlie worthwhile of investigation. 

Within moments, the AI identified ten high-priority detections tied to suspicious RunDLL32 activity across two Windows systems. It didn't stop at surfacing the alert. It immediately began reasoning about the significance.

The AI recognized that RunDLL32 processes were executing without DLL arguments in the command line, which is a classic indicator of Cobalt Strike beacon behavior. It confirmed both systems were online and began constructing targeted LCQL queries to dig deeper. When initial results were incomplete, it iterated on its logic and extended time ranges to capture full connection history.

What happened next is the type of work that typically takes a senior analyst significant time to complete manually:

• The AI enumerated running processes in real time and confirmed the suspicious PID was still active on the affected system

• It launched a targeted memory string search against that specific process, scanning for known Cobalt Strike beacon indicators including reflective loader signatures and default SMB named pipe strings

• When a command timed out, it adapted, pivoting to enumerate loaded DLLs instead and identifying the presence of wininet.dll, a strong signal that the process had HTTP communication capability consistent with C2 beaconing

• It analyzed network connection logs, observed repeated connections to the same external IP hosted on Google Cloud infrastructure, and confirmed classic beaconing patterns

• It correlated findings across both compromised systems and noted that RunDLL32 had been launched at nearly identical times on each, indicating coordinated compromise

The final summary was precise: 

• Two confirmed Cobalt Strike beacons running inside RunDLL32 

• Active C2 communication to a specific IP and port 

• Process IDs identified on each system 

• Key IOCs documented 

• Recommended isolation and readied execution pending analyst authorization

That last detail matters enormously. 

The AI was given explicit permissions to run safe investigative commands autonomously: querying telemetry, enumerating processes, pulling network data. But actions with operational impact, like isolating a system, required human authorization. The AI prepared the action and waited. The analyst decided.

For SOC teams and MSSPs, this represents a fundamental shift in what agentic AI security operations look like in practice. Investigations that previously required a skilled analyst working through a structured process can now be executed autonomously, accurately, and in a fraction of the time. 

This frees analysts from slowly executing investigation steps. Instead, they set forth tasks, review AI findings, make decisions, and refine the agentic operator instruction set over time. The instruction set improves continuously. Successful investigations can be archived and fed back into the AI's context, so each investigation makes the next one better.

AI operations done responsibly: Transparency, auditability, and guardrails

Agentic AI security creates real governance questions. If AI is taking autonomous action in your environment, you need to know exactly what it did, why it did it, and how to constrain it when necessary.

LimaCharlie addresses this directly. Because AI operates through the same API layer as the rest of the platform, every action is logged, traceable, and auditable. There are no hidden operations. Security teams have full visibility into the AI's decision-making process, the queries it ran, the tools it called, and the conclusions it reached.

Beyond logging, LimaCharlie offers Viberails: configurable guardrails for AI operations. Security teams use Viberails to define precisely what the AI is authorized to do autonomously and what requires human intervention. These aren't vague policy controls. They're operational guardrails that govern AI behavior at the execution level. 

Want AI to investigate freely but never isolate without approval? Done. Want it to generate detection rules but not push them to production? Done. Viberails give security teams the governance structure they need to deploy agentic AI security with confidence.

Every investigation makes the next one faster

The productivity implications of agentic AI security are significant. A well-configured LimaCharlie environment lets junior analysts perform complex AI incident response investigations at senior analyst levels.  

MSSPs managing large customer environments gain the ability to scale operations without scaling headcount. AI agents consistently run thorough investigations across every customer, every alert, every shift.

The platform's flat-fee, per-analyst pricing model reinforces this advantage. There's no per-token billing that penalizes thorough investigation. AI can run as deep as the investigation demands.

Security teams that adopt agentic AI security solutions today are building a compounding advantage. Every investigation refines the AI's instruction set. Every archived workflow makes the next response faster and more accurate. The gap between teams using agentic AI and those relying on traditional approaches will only widen.

Ready to see it in action? 

Start for free at limacharlie.io

Or schedule a walkthrough of how agentic operations can work in your environment.