Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on your team.

Neo is built as a framework, not as a black box. It combines the reasoning of large language models with purpose-built execution tools, isolated sandboxes, a memory layer that learns your code, architecture and naming, and deep integrations into your organization. You can see what it is doing, control what it can touch, and tune how it behaves.

In a recent evaluation, Neo independently completed an L5 principal security engineer interview case study and passed. It handled the full scenario end-to-end: understanding the environment, investigating and prioritizing issues, and proposing a complete remediation plan. That is the bar we are building for.

Neo is launching in limited availability for enterprise security engineering teams that have hit the limits of generic LLM tools and are ready for a production-ready system deployed within their own environment.

Why Neo and why now

When we first started experimenting in this space, it was natural to reach for code assistants like Claude Code or Cursor. However, coding assistants are built for short coding loops: one developer, one file, and a 5–15 minute task like “fix this bug.” They assume a small, focused context and a clear end.

Security workflows are the opposite. They involve a large volume of long-running tasks (like triaging findings, investigating incidents, and testing new features) that often run in parallel, span many systems, and need to be paused and resumed without losing state.

When teams try to force tools like Claude Code into these workflows, they get a glimpse of what’s possible, but they hit limits quickly. Agents lose context, can’t run long enough, and experiments never turn into reliable, repeatable programs.

Neo exists to solve that. It’s designed for security workloads from the ground up with the infrastructure, context, and memory needed for long-lived tasks, plus built-in tools for real security work across terminals, networks, APIs, and browsers. Neo also supports fully automated background execution. Tasks can be auto-triggered by events like new findings, changes in code, deployments, or scheduled checks, so work kicks off the moment something happens (and not when someone remembers to run it.)

What enterprise security teams are already doing with Neo

Vulnerability backlog triage and closure

Pre-release feature reviews and targeted testing

Continuous compliance and audit preparation

These are starting points, not limits. The most interesting workflows we have seen are specific to each team’s stack and process.

How Neo actually works

At a high level, a Neo workflow looks like this:

Under the hood, all of this is powered by a small set of primitives you can think of as engineering building blocks.

Custom agents

Agents are specialists for end-to-end security workflows. At runtime, Neo can assemble a task-specific agent using your knowledge base and external research, tuned to a repo’s tech stack, business context, and product logic. Each agent bundles how it thinks (policies and prompt), what it can do (tools and connections), and what it knows (pinned knowledge), and it can self-update as it executes.

Memory

Memory is how Neo builds and maintains a working understanding of your environment. It learns your services, naming conventions, architecture, and business context so terms like “payments API” or “core auth service” carry the right meaning without you re-explaining them in every task. For a security team, this means consistency and reuse, which is knowledge from triage, feature reviews, and regression campaigns that carry forward into future workflows.

Sandboxes and tools

Sandboxes are the protective execution layer between your infrastructure and agent operations. Each task runs in an isolated environment with the tools and dependencies it needs, with network access, system calls, and resource usage controlled and monitored. Neo ships with a suite of purpose-built tools for dynamic work such as terminal and filesystem access, HTTP clients, DNS and network utilities, API helpers, planning utilities, and headless browser automation. Logs and outputs stream back in real time, and the environment is torn down when the task completes, so Neo can act like a hands-on operator without putting production systems or credentials at risk.

With Neo, you are designing and running systems that automate real parts of your security work and can be versioned, reused, and improved like any other piece of engineering.

Safety, transparency and control

Neo is built to operate inside your security stack, so safety is part of the design, not an afterthought.

Every action Neo takes is logged, so you can review what happened, why it did something, and how it reached a result. You stay in the loop. Neo can propose actions, collect evidence and draft changes, and you decide what to integrate, what to automate fully, and where to keep a human in the path.

Availability and who this is for

For this first phase, Neo is in limited release. We are prioritizing security engineering teams at large organizations that:

Neo is priced on usage based on model tokens and the infrastructure required to run your workloads. It supports multiple LLM providers and gives you access to the latest high-performing models out of the box.

What’s next

Neo is built to own real security workflows today. From here, the roadmap is about depth, coverage, and usability so more of your day-to-day security work can be delegated.

Over time, we will explore bringing Neo to the broader ProjectDiscovery community of individuals and small teams.

If you want an AI security engineer that can sit inside your stack, learn your environment, and take on real security work alongside your team, we should talk.