The unopinionated AI advantage: Building AI-powered SecOps on your terms

The two AI strategies a security vendor can take are easy to confuse, because both arrive wrapped in the same language about analyst productivity and faster response. One ships you a finished AI that promises to find your threats if you trust it. The other treats AI as raw material and hands you the wiring. Maxime Lamothe-Brassard, LimaCharlie's CEO and the original architect of its SecOps Cloud Platform, spent this session with co-founder Christopher Luft making the case for the second posture, and the argument is sharper than the usual "we believe in flexibility" line. His claim is that for a service provider, the shape AI takes is not a preference. It decides whether the technology scales with your business or strands it.

An opinion about threats is a ceiling on a provider

LimaCharlie's whole pitch is to be the undifferentiated heavy lifter and stay unopinionated about what customers do with the tools. Lamothe-Brassard keeps reaching for the cloud-provider comparison: if you want to build a virtual machine and run everything yourself on AWS, you can, but there is also an easy button when all you need is a known-good database. Luft is careful to head off the misreading that unopinionated means you have to build everything. You can install the EDR, pick a curated rule set, and be running in minutes. The point is that the floor does not become a ceiling.

That distinction is where the AI argument starts, because the tempting move for a security vendor is to ship one magic AI that tells you where you have been hacked and asks you to trust it. Lamothe-Brassard is blunt that some vendors do exactly that and that it is simply not LimaCharlie's thing. His reasoning is structural rather than philosophical. Security spans service providers, enterprises, and product builders, and even among service providers no two are alike, with some running hundreds or thousands of customers. Bake in one opinion about what looks bad and evil, and you have capped how far any of those customers can differentiate. An opinionated AI is the same trap with a model attached. It works for the use cases the vendor imagined and goes quiet on the ones that actually distinguish your service.

Easy AI first, then AI you can wire into anything

The uncontroversial tier came first, and Luft treats it as settled. LimaCharlie's support bot, affectionately called Chuck, runs on the documentation site and feeds the community forum, using grounding to keep it from inventing answers and looping in an engineer when a question needs one. It started as a homegrown RAG system, fragile because the team was managing every piece, until Google shipped a service to handle the plumbing. Luft used it that morning to answer a customer question he was not fully sure about. He calls this level a no-brainer, copilots and chatbots that eliminate toil, and the same logic extends to the rule-writing assistant in the web app, which turns a plain-language request (typos and all) into a working detection and a response action you can replay against historical telemetry before it goes live.

The harder and more interesting tier is where the unopinionated argument earns its keep. Rather than build one agent and call it the product, LimaCharlie built an engine to run the agent you define, fully managed, with nothing to deploy. In Lamothe-Brassard's demo two ordinary building blocks click together. A Python playbook takes a detection, hands it to a summarizer agent that is nothing more than a prompt ("you're a cyber security expert, summarize this detection, include MITRE"), renders a PDF, and emails it through an SMTP server of your choosing. The agent's instructions are yours to rewrite. Point it at an IT team and have it explain which firewall ports to change. The same playbook you trigger by hand to test fires automatically from a detection and response rule in production. His advice is telling: do not build the playbook from scratch, describe what you want to an advanced model and let it accelerate the whole chain. The agent's credentials are scoped deliberately, so automation runs on rails instead of inheriting access to everything.

For an MSSP generating per-customer reports across thousands of tenants, this is the line between bespoke tooling and infrastructure as code. Prompts and agents propagate with variables the same way the rest of the platform does, and Lamothe-Brassard does not soften the stakes: a single web console that works beautifully for one enterprise is a non-starter at 5,000 customers, where this kind of automation is, in his words, life and death.

The agent works inside your environment, not around it

The connective tissue is LimaCharlie's now-public Model Context Protocol server, which gives an agent structured, observable access to telemetry, detection logic, and automation without opening the door too wide. You define the context and decide what the agent reads and does. Luft shows Claude Code connecting to an organization through a scoped API key, then summarizing 24 hours of activity on a Linux box he had left public for years, which the model flags for likely SSH brute-force attempts.

Eric Capuano of the Digital Defense Institute pushes the same plumbing much further, and his demo is the strongest evidence for the whole thesis. He layers his own instruction files, LCQL examples, sample events, and a detection-rule corpus onto Claude Code, plus a chat archive of investigations that went well so the agent can replay what worked. Running live, the agent pulls recent detections, suspects Cobalt Strike from rundll32 making outbound connections without a DLL in its command line, iterates through LCQL queries, inspects loaded modules to find wininet.dll, confirms beaconing to a Google Cloud-hosted C2 address across two hosts, and writes an incident summary Capuano confirms is 100 percent accurate against his lab. It stops cold before isolating anything, because he authorized read-style commands like LCQL queries and endpoint enumeration but reserved impactful actions for himself. His larger point is that the agent is decent out of the box and gets sharper every time he feeds it context, while the permission model keeps a confident model from acting on its confidence.

That is the case in miniature. An opinionated AI hands you its judgment and its limits in the same package. An unopinionated one inherits your governance, your context, and your data, and improves on your terms. Asked where this goes, Lamothe-Brassard admits nobody knows, then names the only durable hedge: refuse to overindex on today's complexity, integrate new standards like MCP at the infrastructure level, and stay positioned to absorb whatever the labs ship next. For a provider, that posture is the difference between adopting AI across every customer and waiting for a vendor to decide which use cases are allowed to exist.