ThreatBook Launches Flocks and SafeSkill to Advance Agentic AI Cybersecurity

ThreatBook Flocks and SafeSkill: What the Press Release Doesn’t Say

Most security announcements aren’t written for people who run AI agents. They’re written for CISOs who need something to show the board. This one is different — and if you’re anywhere near the agentic AI space, the implications deserve a closer read than the headline suggests.

On May 6, 2026, ThreatBook launched two products: Flocks, an agentic AI platform for security operations, and SafeSkill, a tool that vets AI agent skills before they touch your environment. The press release leads with the security operations angle. We’d argue the more important story is buried further down — specifically, the part about how attackers are now targeting the skills your AI agent uses to do its job. That’s a problem every organization deploying AI agents needs to understand right now.

We’ll get to that attack vector in a moment. First, the facts.

What ThreatBook Actually Launched

Some threats hide in plain sight — good thing Beacon knows how to shine a light on them.

ThreatBook describes itself as “the agentic security company” — a deliberate repositioning that signals where the market is heading. Both products are part of a company-wide brand relaunch, and together they address two distinct problems: AI being used for security, and security being used for AI.

Flocks is the first half. It’s an open-source, locally deployed security operations platform built around autonomous AI agents. According to ThreatBook, it integrates 7 specialist agents and more than 150 cybersecurity tools into a single operational loop. The whole thing runs on your infrastructure — not ThreatBook’s servers — and can use whatever AI model your organization has approved, including sovereign deployments. Setup is a single click on Windows, Mac, or Ubuntu. It processes up to 10 million tokens per day, which means it can handle significant alert volume without cloud dependency.

SafeSkill is the second half — and the part we find more immediately relevant to anyone in the broader AI agent ecosystem. It’s a security inspection platform for AI agent skills: the individual capabilities and integrations you add to an AI agent to extend what it can do. SafeSkill inspects every skill before it enters your environment, covering pre-import inspection, marketplace filtering, download scanning, and inventory remediation.

Why This Matters for Anyone Running Agentic AI

Let’s be direct: Flocks is a serious enterprise security operations product. It addresses a real problem — according to ThreatBook’s own data, approximately 80% of security operations center analyst time goes to alert review, device dashboards, and status updates rather than actual investigation. That’s not a productivity inefficiency. That’s an 80% tax on skilled, expensive humans who were hired to stop attacks but spend most of their day reading dashboards. The math is brutal.

But Flocks is enterprise infrastructure. The SafeSkill story hits closer to home for anyone exploring or building on agentic AI platforms.

Here’s what most guides on AI agents won’t tell you: the skills and integrations you add to an AI agent are a supply chain. And like any supply chain, they can be poisoned. Third-party AI agent skill usage is growing at 40% per month in enterprise environments — which means organizations are adding capabilities to their agents faster than anyone is vetting them. Platforms like ClawHub and GitHub, where many of these skills originate, don’t have rigorous inspection processes. A skill that appears to add useful functionality can contain a backdoor that’s indistinguishable from normal behavior.

This is the threat vector we hinted at earlier. Attackers aren’t just targeting your network perimeter or your endpoints anymore. They’re targeting the skills your AI agent uses to operate — the integrations that let it gather information, write code, send emails, or call external APIs. Techniques like dynamic code execution, prompt injection embedded in skill logic, and credential exfiltration through .env file access are all documented attack methods that standard scanning tools won’t catch. SafeSkill’s threat intelligence database backs this inspection with over 100 billion malicious samples, with 1.2 million new samples added daily.

For organizations trying to prove AI safety to auditors or regulators, there’s an additional layer. Right now, most enterprises deploying AI agents cannot formally demonstrate that those tools are safe — because there’s no structured inspection process generating the reports that compliance reviews require. SafeSkill’s Skill Hub holds over 100,000 verified, whitelisted skills, providing a curated baseline that auditors can actually reference.

We’ve been tracking the agentic AI space closely — if you want the broader landscape, our roundup of agentic AI companies shaping 2026 covers the players worth watching. The pattern across the space is consistent: as AI agents get more capable and more widely deployed, the attack surface expands proportionally. ThreatBook is early in recognizing this publicly and building specific tooling around it.

What to Do If You’re Running or Evaluating AI Agents

• Audit your current agent skills now. If you’re running any AI agent — on any platform — inventory every skill, plugin, or integration currently active. You probably have more than you think, and some were added without a formal review process.
• Treat skill imports like software dependencies. The same rigor you apply to third-party code libraries should apply to AI agent skills. This means checking sources, not just functionality. “It does what I need” is not sufficient vetting.
• Watch SafeSkill’s Skill Hub for your stack. If your agents use skills from public marketplaces, cross-reference them against ThreatBook’s verified list. The 100,000+ whitelisted skills represent a meaningful starting point for governance.
• If you’re in enterprise security operations, Flocks is worth evaluating. An open-source, locally deployed platform that doesn’t send your data to vendor infrastructure is a meaningful architectural advantage, particularly for regulated industries or sovereign deployment requirements.
• Build vetting into your procurement process now. AI governance frameworks are catching up fast. Organizations that establish structured skill inspection processes today will be ahead of compliance requirements, not scrambling to meet them.

What the ThreatBook Launch Signals for the Agentic AI Market

• AI agents are now an attack surface, not just a tool. The skills, integrations, and capabilities you add to an AI agent can carry malicious payloads — and most current detection tooling isn’t built to find them.
• The supply chain problem is compounding fast. Third-party skill usage growing at 40% per month means the window for establishing secure baseline practices is closing. Organizations that wait are accumulating risk.
• Compliance is coming to AI agent deployments. Enterprises currently can’t prove AI tool safety to auditors. That gap will become a formal requirement. The time to build inspection processes is before the mandate, not after.
• The agentic AI platform market is bifurcating. Tools for using agents and tools for securing agents are emerging as distinct categories. Understanding both sides of that equation matters for anyone choosing an AI agent platform.
• Open-source, locally deployed architectures have a governance advantage. Flocks’s zero-data-retention, customer-LLM model is a direct response to enterprises that can’t send security data to third-party clouds. Expect more platforms to move this direction.

The teams that establish AI agent governance now — vetting skills, auditing integrations, building structured inspection into their workflows — won’t just be more secure. They’ll be the ones who can actually move fast when the compliance requirements land. Everyone else will be frozen, trying to reconstruct what they installed and why. The attack surface for AI agents isn’t theoretical anymore. It showed up in over 1,000 packages in public marketplaces. The question is whether your organization noticed.