Query Workers: AI Security Agents With No Data Boundary

Query logo

AI agents built on the Security Data Mesh — reaching every source, including the data that never made it into your SIEM.

The industry spent two years bolting AI onto SIEMs. We spent that time building a foundation that reaches the full environment. Workers are the payoff: AI that operates where the data actually is.”

— Matt Eberhart, CEO - Query

ATLANTA, GA, UNITED STATES, March 30, 2026 /EINPresswire.com/ -- Every AI security agent announced at RSAC last week operates within a single vendor's data perimeter — purpose-built to reason across their platform and bounded by it. Query Workers are built on a different foundation.

Query today announced Query Workers, AI-powered security agents built on the Query Security Data Mesh — the company's patented federated architecture that reaches security data wherever it lives, without copying, moving, or centralizing it.

In one early deployment, a Worker identified a C2 beacon that had been actively communicating with an external attacker for 30 days. It correlated endpoint detections, identity anomalies, cloud storage malware, and data loss prevention alerts across four separate tools in a single automated session, surfacing a persistent threat that had gone undetected and delivering a prioritized containment plan before an analyst opened the queue.

"The industry spent two years bolting AI onto SIEMs and calling it progress. We spent that time building a foundation that reaches the full environment. Workers are the payoff: AI that operates where the data actually is, not where a vendor put it," said Matt Eberhart, CEO of Query.

Query Workers launches with three workflows:

- The Investigation Worker runs structured multi-stage alert triage and investigation across the full mesh, producing evidence-backed findings with recommended disposition.
- The Threat Hunting Worker executes hypothesis-driven hunts, systematically searching across every connected source and classifying what it finds.
- The Identity Threat Assessment Worker sweeps eight identity attack patterns, from credential stuffing to privilege escalation, across every connected identity provider.

Each Worker is composed from specialized skills called as needed based on what the investigation uncovers: classification, scoring, enrichment, identity analysis, network analysis, and more. Each Worker runs a structured workflow where the right skill fires at the right stage, and every step is logged.

"Every alert that goes uninvestigated is an exposure you can't account for," said Mike Bousquet, Chief Product Officer at Query. "Query Workers close that gap and produce a complete evidence chain: every query logged, every IOC documented, every disposition and recommendation backed by data. Your analysts inherit answers, not assembly work."

Every Worker run produces a complete, auditable evidence package:

- Investigation Report — findings, recommended disposition, mapped attack techniques, timeline, and response-ready next steps
- Query Log — every search executed, every data source queried, every result count, replayable and auditable
- IOC Ledger — every indicator discovered, typed, sourced, and enriched through threat intelligence
- Senior Analyst Review — on high-severity findings, an automated nine-check quality review runs before results are presented, covering evidence completeness, logic verification, missed indicators, severity calibration, and blind spots

Workers do not take actions, they produce findings and recommendations and your analysts make the call.

"Query's mesh gave us federated access to all the security-relevant data in our stack without forcing us to centralize it first," said Rudy Ristich, CISO & Chief Privacy Officer at Avant. "Workers running on that mesh changes what my team can actually do — issues that used to take hours to investigate are pre-packaged in minutes and my analysts are making decisions instead of assembling data."

Query Workers also supports BYO Agent access, allowing teams running custom-built workflows or third-party AI agents to connect to the Security Data Mesh and query across the full environment with normalized data underneath. Teams that have already invested in AI capabilities don't have to choose between what they've built and the data foundation that makes it more effective.

Availability

Query Workers is available now. Learn more at query.ai/product/agents or contact the Query team at query.ai/contact-sales.

Mike Bousquet
Query.ai, Inc.
+1 512-731-1184
press@query.ai
Visit us on social media:
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.