← Newsroom
InterviewJuly 28, 2025

Inside Crogl’s Compound AI System: Monzy Merza Talks SOC Automation on N2K CyberWire

Crogl co-founder and CEO Monzy Merza sat down with Dave Bittner from N2K CyberWire to dig into a problem that's all too familiar in modern security operations: too many tools, too few people, and a flood of alerts that never stops.

The conversation unpacked how Crogl is reimagining the analyst experience through a compound AI system that delivers measurable outcomes.

Tool Fragmentation in the SOC

When an alert hits, security analysts often have to pivot between dozens of disconnected systems — data lakes, EDR tools, SIEMs — each with its own schema and query language, leading to significant inefficiencies and cognitive overhead. The average organization uses more than 45 security tools, and analysts are forced to manually stitch insights across disparate sources. Crogl's approach is to reduce that friction entirely by building a semantic knowledge graph that overlays existing infrastructure.

The Compound AI System

Merza introduced the concept of a "compound AI system" — a layered architecture combining LLMs, agentic workflows, relational databases, and retrieval-augmented generation (RAG). Unlike other security tools with LLMs bolted on, Crogl delivers a compound AI system that includes LLMs and smaller models as well as agentic AI orchestration that leverages results from a knowledge engine to execute investigations and make recommendations on escalating issues, rather than requiring human-generated prompts.

Knowledge Graph at the Core

Crogl complements LLMs with a knowledge graph that maintains the context of the streams of security data flooding the SOC — leading to what Crogl calls an autonomous enterprise knowledge engine. The compound AI system is designed to operate across varied data schemas without requiring normalization. As Merza said, "Data normalization is strictly optional."

Ticket-Centric Outcomes

The outcome: "work on tickets in a responsible way such that it's documented, it's inspectable, and it is auditable." Crogl works directly on tickets across your SIEM, SOAR, and ITSM platforms — triaging, investigating, and documenting every step in real time.

Deployment Flexibility

Crogl works not only in hybrid cloud settings but also in fully air-gapped, customer-managed environments, where data privacy and control are paramount. "We have a customer today that's running Crogl in an internet-disconnected environment, fully functional. So it's a self-contained, customer-managed system."

Augmenting, Not Replacing

Crogl doesn't aim to replace analysts — it enhances them. "Security professionals get into this field because they want to protect and contribute. We're helping them do just that." The compound AI system delivers repeatable, auditable outcomes that let teams focus on what matters most: the high-judgment decisions that require human expertise.

More from Crogl

Coverage

July 28, 2025

Navigating the Next Security Inflection Point: Monzy Merza on the Future of Security and SOC Automation Tools with theCUBE’s Jon Oltsik

Crogl CEO Monzy Merza joins theCUBE’s Jon Oltsik to discuss the failures of legacy SOAR tools, the future of autonomous SOCs powered by compound AI systems, and why data normalization is a naive proposition.

Read More →Coverage

May 21, 2025

Q&A with The Last Watchdog: How Adaptive AI Is Reshaping Security Operations

Crogl CEO Monzy Merza shares insights with Pulitzer-winning journalist Byron Acohido on why AI in the SOC isn’t about speed — it’s about smoothing process and adapting to the real world.

Read More →

Want to See Crogl in Action?

Talk to the team.

Contact Sales