Blog
-

5 min read

Introducing Neo, an AI security engineer for complex security tasks

Announcements
Introducing Neo, an AI security engineer for complex security tasks

Share

Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on your team.

Neo is built as a framework, not as a black box. It combines the reasoning of large language models with purpose-built execution tools, isolated sandboxes, a memory layer that learns your code, architecture and naming, and deep integrations into your organization. You can see what it is doing, control what it can touch, and tune how it behaves.

In a recent evaluation, Neo independently completed an L5 principal security engineer interview case study and passed. It handled the full scenario end-to-end: understanding the environment, investigating and prioritizing issues, and proposing a complete remediation plan. That is the bar we are building for.

Neo is launching in limited availability for enterprise security engineering teams that have hit the limits of generic LLM tools and are ready for a production-ready system deployed within their own environment.

Why Neo and why now

When we first started experimenting in this space, it was natural to reach for code assistants like Claude Code or Cursor. However, coding assistants are built for short coding loops: one developer, one file, and a 5–15 minute task like “fix this bug.” They assume a small, focused context and a clear end.

Security workflows are the opposite. They involve a large volume of long-running tasks (like triaging findings, investigating incidents, and testing new features) that often run in parallel, span many systems, and need to be paused and resumed without losing state.

When teams try to force tools like Claude Code into these workflows, they get a glimpse of what’s possible, but they hit limits quickly. Agents lose context, can’t run long enough, and experiments never turn into reliable, repeatable programs.

Neo exists to solve that. It’s designed for security workloads from the ground up with the infrastructure, context, and memory needed for long-lived tasks, plus built-in tools for real security work across terminals, networks, APIs, and browsers. Neo also supports fully automated background execution. Tasks can be auto-triggered by events like new findings, changes in code, deployments, or scheduled checks, so work kicks off the moment something happens (and not when someone remembers to run it.)

What enterprise security teams are already doing with Neo

Vulnerability backlog triage and closure

  • Today: Tickets stream in from scanners, bug bounty reports and pen tests, leaving engineers to spend hours manually deduplicating, reproducing, and tracking down owners.
  • With Neo: Findings are automatically pulled from your trackers then clustered and prioritized with your asset and business context. Neo then reproduces issues in an isolated sandbox, captures evidence, drafts remediation steps, and updates tickets until issues are verified closed so engineers focus on decisions instead of mechanical triage.

Pre-release feature reviews and targeted testing

  • Today: Security wants to review and test every important feature before it ships, but reviews are shallow - or skipped entirely - because the team can’t keep up with the pace of change.
  • With Neo: Point it at a feature through your design docs, PRs, diagrams, and staging endpoints. Neo automatically builds a threat model, creates a test plan, runs targeted checks against the right services and APIs, and files concrete, reproducible findings complete with regression tests for every release.

Continuous compliance and audit preparation

  • Today: Security engineers maintain spreadsheets and checklists for SOC 2, ISO, and internal policies, then scramble in the weeks before an audit to collect fresh evidence and prove controls are in place.
  • With Neo: Controls and frameworks are mapped to your systems and evidence sources. Neo runs periodic checks, collects and normalizes evidence into auditor-ready files, and flags gaps or drift early, turning audits from fire drills into predictable, routine workflows.

These are starting points, not limits. The most interesting workflows we have seen are specific to each team’s stack and process.

How Neo actually works

At a high level, a Neo workflow looks like this:

  1. You describe an objective, for example, “review our current compliance progress and verify evidences,” or “review this feature before launch”.
  2. Neo gathers the right context from your tools, Memory, and Files and designs a multi-step plan with the appropriate agents and tools.
  3. Agents execute in sandboxes, running commands, hitting APIs, and driving browsers through tightly scoped connections while streaming logs in real time.
  4. Artifacts such as results, traces, screenshots, and reports are saved to Files for reuse, and Memory is updated so the next workflow starts smarter instead of from zero.

Under the hood, all of this is powered by a small set of primitives you can think of as engineering building blocks.

Custom agents

Agents are specialists for end-to-end security workflows. At runtime, Neo can assemble a task-specific agent using your knowledge base and external research, tuned to a repo’s tech stack, business context, and product logic. Each agent bundles how it thinks (policies and prompt), what it can do (tools and connections), and what it knows (pinned knowledge), and it can self-update as it executes.

Memory

Memory is how Neo builds and maintains a working understanding of your environment. It learns your services, naming conventions, architecture, and business context so terms like “payments API” or “core auth service” carry the right meaning without you re-explaining them in every task. For a security team, this means consistency and reuse, which is knowledge from triage, feature reviews, and regression campaigns that carry forward into future workflows.

Sandboxes and tools

Sandboxes are the protective execution layer between your infrastructure and agent operations. Each task runs in an isolated environment with the tools and dependencies it needs, with network access, system calls, and resource usage controlled and monitored. Neo ships with a suite of purpose-built tools for dynamic work such as terminal and filesystem access, HTTP clients, DNS and network utilities, API helpers, planning utilities, and headless browser automation. Logs and outputs stream back in real time, and the environment is torn down when the task completes, so Neo can act like a hands-on operator without putting production systems or credentials at risk.

With Neo, you are designing and running systems that automate real parts of your security work and can be versioned, reused, and improved like any other piece of engineering.

Safety, transparency and control

Neo is built to operate inside your security stack, so safety is part of the design, not an afterthought.

  • Isolated execution. Hands-on work happens in cloud-hosted sandboxes, not directly on your production systems. Network and system access are limited and observable, and you decide what the sandboxes can reach.
  • Data stays yours. We do not train or fine tune models on your data. We only use providers with strict zero retention policies, and any personalization stays isolated to your workspace through Memory and Files.

Every action Neo takes is logged, so you can review what happened, why it did something, and how it reached a result. You stay in the loop. Neo can propose actions, collect evidence and draft changes, and you decide what to integrate, what to automate fully, and where to keep a human in the path.

Availability and who this is for

For this first phase, Neo is in limited release. We are prioritizing security engineering teams at large organizations that:

  • Run a serious security program across multiple services, CI/CD, issue tracking, cloud providers, and existing security tools.
  • Have already experimented with LLMs or code assistants for security and run into limits around consistency, memory, orchestration, and scaling beyond a small pilot.
  • Want to delegate real work to an AI system but need clear safety boundaries, auditability, and control before they can build programs and workflows on top of it.

Neo is priced on usage based on model tokens and the infrastructure required to run your workloads. It supports multiple LLM providers and gives you access to the latest high-performing models out of the box.

What’s next

Neo is built to own real security workflows today. From here, the roadmap is about depth, coverage, and usability so more of your day-to-day security work can be delegated.

Over time, we will explore bringing Neo to the broader ProjectDiscovery community of individuals and small teams.

If you want an AI security engineer that can sit inside your stack, learn your environment, and take on real security work alongside your team, we should talk.