Intezer Connects Claude, Codex and Cursor to Enterprise SOCs via MCP

Security operations centers (SOCs) have spent years accumulating disparate tools that don't communicate with each other. Intezer has just released what it calls a SOC Operating Layer: an integration layer that uses MCP to allow assistants like Claude, Codex and Cursor to query and act on corporate security infrastructure in a structured way, without each team having to build their own connectors from scratch.

The announcement, covered by industry news on June 18, positions Intezer at the intersection between detection and response platform providers (EDR/XDR/SIEM) and the growing ecosystem of AI agents that need operational context to be useful beyond chat.

What this layer actually does

Intezer's SOC Operating Layer functions as an MCP server that exposes platform capabilities, such as malware analysis, alert triage and indicator correlation, as tools that any MCP-compatible agent can invoke. In practice, this means an analyst can open Claude in their usual environment and ask it to check the status of an active alert, enrich a suspicious hash with threat intelligence, or generate an executive summary of incidents without leaving the assistant interface.

The explicit mention of Claude, Codex and Cursor in the announcement is deliberate. All three share native or declared MCP support, which allows Intezer to offer cross-platform compatibility without developing specific plugins for each one. For teams already using several of these tools in parallel, something common in large SOCs where different roles have different preferences, the proposition is that the data layer remains single and consistent regardless of which assistant consumes the information.

Why the enterprise market needs this now

Since Anthropic established MCP as a standard and Claude Code adopted it as a central mechanism for external servers, the number of available integrations has grown significantly. The problem is no longer the absence of connectors, but their fragmentation: each provider builds its own MCP server with different authentication schemes, permission models and levels of abstraction.

In security environments, that fragmentation has direct consequences. An agent accessing data from a corporate SIEM needs assurance that it won't exfiltrate sensitive information, that permissions are properly scoped and that there's a trace of every action. Building those guarantees ad hoc in each integration is costly and error-prone. Intezer's approach is to offer that layer already built and audited, leveraging the company's years of operating in environments where data custody is a requirement, not an option.

Who should adopt it

The clearest profile is mid-size and large organizations with an internal or managed SOC that already uses Intezer as an analysis platform and wants to accelerate AI assistant adoption without building their own integration infrastructure. Security engineering teams evaluating how to incorporate Claude Code or Cursor into incident response workflows are also direct targets.

For integrators and cybersecurity consultancies, a segment that continues to grow in Europe and Latin America, this layer can significantly simplify AI adoption projects for clients with strict compliance requirements, where justifying each integration point during audits consumes time and resources.

What remains unclear in the announcement is the access model: whether the layer is distributed as a self-hosted MCP server, as a managed service by Intezer or as a combination of both. That detail largely determines the real cost of adoption for teams with deployment restrictions in air-gapped environments or with strict policies on data in transit.

---

From our perspective, the initiative is a clear indicator of where security providers are heading: instead of competing with generalist assistants, they're building the infrastructure that makes them usable in regulated contexts. If Intezer can make the layer sufficiently standard and auditable, it could become a reference for other verticals with similar governance requirements for agents.