Over the past few months, we ran an experiment: putting our engineers directly in the field with customers, what many call a Forward‑Deployed Engineering (FDE) model. It’s been one of the fastest ways we’ve found to turn an ambitious product vision into real, sustained customer value.

The Vision We’ve Been Building Toward

From the beginning, we’ve written extensively about what an autonomous security agent should look like, how it should behave, and which problems it must solve first. We chose runbook automation as our North Star, eliminating manual tasks and toil and speeding up the labor‑intensive investigations that define SecOps.

As AI tooling matured and our own experience deepened, that vision sharpened into agents that can:

• Work autonomously toward a task and make progress without constant hand‑holding
  
  
• Call tools iteratively, evaluate outcomes, and refine their plans
  
  
• Recover gracefully from errors or unexpected results by trying alternate paths
  
  

We launched these capabilities as a major upgrade to our product in the third quarter of this year, and demoed them during Black Hat USA in August. The response at our booth was energizing: seeing the demos made the potential of this paradigm feel immediately concrete to security teams.

Why We Tried Forward‑Deployed Engineering

Positive signals are great, but value only becomes real when it lands in the messy complexity of a customer’s environment. To make sure we were solving their actual problems, we adopted a forward‑deployed approach: engineers from our core development team partnered directly with customers and prospects to deliver end‑to‑end, working proofs of concept.

In practice, the “last mile” often wasn’t about algorithms; it was about gaps in data access. Without the right hooks into a customer’s systems, even a strong agent is constrained. Closing those gaps via integrations, permissions, and other data pathways truly unlocked the utility of the agent.

What We Learned (Fast)

Working shoulder‑to‑shoulder with users taught us far more, far faster, than any internal roadmap exercise could:

• Data is the throughput limiter. Access and integrations determine how valuable the agent can be on Day 1.
  
  
• Daily‑driver workflows matter. We saw firsthand how teams want to “drive” the product each day, including what should be automatic, where human judgment fits, and how handoffs need to look.
  
  
• Organizations are complex. Roles, approvals, and audit requirements vary widely. Supporting these structures in‑product is essential, not a nice‑to‑have.
  
  
• Resilience is a feature. Real environments are noisy. Agents must handle partial failures, missing data, and changing conditions without giving up.
  
  

These insights didn’t just validate our original vision for autonomous agents; they refined it. The core idea was on point, but the last mile is where value is earned.

How We’re Scaling the Model Sustainably

We’re a small team, so we can’t maintain a permanent, dedicated FDE organization. Instead, we ran an all‑hands sprint and will continue with a rotating subset of engineers working in that mode. This rotation has had two big benefits:

1. Product intuition across the team. Engineers who work directly with customers develop sharper instincts about what truly matters, and they carry that back into core development.
   
   
2. Empowered decision‑making. Instead of waiting on roadmap cycles, engineers closest to the problem can drive the next product improvements needed to deliver value.
   
   

The Takeaway

Our experiment proved out the vision and, maybe more importantly, taught us how to land it. Forward‑deployed work has helped us close the last mile, turning AI-native security agents from a compelling demo into daily, dependable leverage for SecOps teams.

If you’re exploring technical operations automation or interested in building a proof of concept, we’d love to talk. Contact us today.