SOCCRATES · Project

AI-Powered Cybersecurity Platform That Detects and Responds to Attacks at Machine Speed

digitalPilotedTRL 7

Imagine your company's IT security team is like a group of firefighters, but instead of a few fires a week, they're getting hundreds of alarms a day — most of them real. SOCCRATES built an AI-powered command center that automatically maps your entire IT network, spots attackers before they do damage, and figures out the best defensive moves in seconds instead of hours. It's like giving your security team a chess engine that sees every possible attacker move and picks the best counter-strategy, all while factoring in which parts of your business would hurt most if hit. The platform was tested in real operational environments with actual security operations centers.

By the numbers

consortium partners

countries represented

total deliverables produced

demo/prototype deliverables

pilot deployment environments

40%

industry partner ratio in consortium

The business problem

What needed solving

Organizations across Europe are drowning in cyber threats while their IT environments grow more complex every day. Security teams can't keep up — there aren't enough qualified cybersecurity experts, and the time between detecting an attack and actually responding is dangerously long. Companies need a way to automate threat detection, understand business impact instantly, and execute defensive responses at machine speed rather than human speed.

The solution

What was built

A complete security operations platform with AI-based attack detection, automated infrastructure modelling, threat trend prediction using machine learning, attack defence graph analysis, business impact assessment, course-of-action generation, and orchestrated response execution. The final platform includes installation and deployment manuals, delivered through 32 deliverables with 11 working demo prototypes.

Audience

Who needs this

Managed Security Service Providers (MSSPs) looking to scale analyst capacityBanks and financial institutions with large internal SOC teamsCritical infrastructure operators (energy, telecom) facing advanced persistent threatsLarge enterprises building or upgrading their Security Operations CentersGovernment agencies and defense organizations needing automated cyber response

Business applications

Who can put this to work

Financial Services

enterprise

Target: Banks and insurance companies with in-house security operations centers

If you are a bank dealing with constant cyber threats against your trading platforms and customer data — this project developed an AI-driven security platform that automatically models your entire IT infrastructure, detects advanced attacks, and recommends defensive actions at machine speed. It was piloted across 2 real operational environments with complex IT setups, proving it can handle the kind of diverse infrastructure financial institutions typically run.

Managed Security Services

mid-size

Target: Managed Security Service Providers (MSSPs) serving multiple clients

If you are an MSSP struggling to protect dozens of client networks with limited analyst staff — this project built a platform specifically tested at an MSSP pilot site that automates threat detection, attack path analysis, and response planning across multiple client environments. With 11 demo components including AI-based attack detection and automated course-of-action generation, it multiplies what each analyst can handle.

Critical Infrastructure

enterprise

Target: Energy utilities and telecom operators with complex OT/IT environments

If you are a utility operator facing growing cyber threats against your control systems and corporate networks — this project created automated infrastructure modelling and business impact analysis tools that understand which attacks would actually disrupt your operations. The platform was built by a consortium of 10 partners across 8 countries, combining AI-based threat prediction with practical response automation.

Frequently asked

Quick answers

What would this cost to implement?

The project's EU contribution amount is not publicly listed in available data. As an Innovation Action with a final platform version and deployment guides, licensing or integration costs would need to be discussed directly with the consortium partners, particularly TNO as coordinator or the industry partners involved.

Can this scale to protect a large enterprise network?

Yes. The platform was specifically designed for and piloted in highly complex and diverse ICT environments. Two pilot sites were used — an organization's internal SOC and a Managed Security Service Provider — both representing large-scale, real-world operational conditions.

Who owns the IP and how can I license this?

The consortium of 10 partners across 8 countries developed the platform. The project objective explicitly states the aim is to exploit the SOCCRATES platform and its components in commercial products. Contact TNO (coordinator) or the 4 industry partners for licensing discussions.

How does this integrate with our existing security tools?

The platform includes an orchestration component and API-based interfaces, as documented in deliverables covering platform orchestration, reconfiguration, and front-end. It was designed to work within existing SOC and CSIRT operations rather than replace them entirely.

Is this actually tested or still just research?

This is well beyond research. The consortium produced 32 deliverables including 11 demo prototypes, progressed from initial to final versions of all components, and deployed the complete platform at 2 pilot environments. Final prototypes with user manuals for installation, deployment, and use were delivered.

What specific threats can it detect?

The platform includes AI-based attack detection for advanced threats, threat identification and trend prediction using machine learning, and tactical threat intelligence integrated with attack defence graph analysis. It covers the full cycle from detection through impact assessment to automated response.

Are there regulatory compliance benefits?

Based on available project data, the platform supports business impact modelling that helps organizations understand which assets and processes are most critical. This capability directly supports compliance with regulations like NIS2 that require risk-based cybersecurity measures and incident response capabilities.

Consortium

Who built it

The SOCCRATES consortium is well-balanced for commercialization: 10 partners across 8 European countries (AT, ES, FI, FR, NL, NO, PL, SE) with a strong 40% industry ratio (4 industry partners including 2 SMEs). Led by TNO, the Netherlands' premier applied research organization, the consortium combines 3 research institutes and 2 universities with hands-on industry players. The geographic spread across Northern, Western, and Eastern Europe gives good market coverage. The mix of research depth and industry presence — plus explicit pilot testing at both an internal SOC and an MSSP — suggests the technology was built with real commercial deployment in mind, not just academic publication.

NEDERLANDSE ORGANISATIE VOOR TOEGEPAST NATUURWETENSCHAPPELIJK ONDERZOEK TNOCoordinator · NL
AIT AUSTRIAN INSTITUTE OF TECHNOLOGY GMBHparticipant · AT
KUNGLIGA TEKNISKA HOEGSKOLANparticipant · SE
STICHTING THE SHADOWSERVER FOUNDATION EUROPEparticipant · NL
ATOS SPAIN SAparticipant · ES
MNEMONIC ASparticipant · NO
INSTITUT MINES-TELECOMparticipant · FR
WITHSECURE OYJparticipant · FI
FORESEETI ABparticipant · SE

How to reach the team

TNO (Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek) in the Netherlands is the coordinator. Look for SOCCRATES project leads at TNO's cybersecurity unit.

Order a report on this consortium See NEDERLANDSE ORGANISATIE VOOR TOEGEPAST NATUURWETENSCHAPPELIJK ONDERZOEK TNO profile →

Next steps

Talk to the team behind this work.

Want to explore how SOCCRATES technology can strengthen your security operations? SciTransfer can connect you directly with the right consortium partner for your specific needs.

Order a report on this topic More in Digital & ICT