US startup Tidal Cyber has launched NARC (Natural Attack Reading and Comprehension), a new AI system that automatically extracts adversary behaviors from unstructured cybersecurity data.
NARC ingests cyber threat intelligence reports, incident response records, and findings from simulated attack exercises, converting them into structured adversary procedures.
By mapping not just tactics and techniques but the way attackers operate, the tool helps security teams shift from reactive responses to a threat-led defense posture.
The system maintains an updated intelligence base that can inform detection, response, hunting, and control-validation activities.
It builds relationships between threat groups, software, and campaigns, generating new threat objects linked to existing data for a continuously evolving picture of adversary operations.
According to the company, the tool slashes the time spent manual tagging and mapping threats, turning hours of analysis into minutes.
“NARC represents a fundamental shift in how defenders harness AI,” said Frank Duff, Co-Founder and Chief Innovation Officer at Tidal Cyber.
“We’re bridging the gap between intelligence and action. It’s no longer about collecting more data; it’s about understanding how adversaries operate and ensuring our defenses are aligned accordingly.”
From Procedures to Actionable Defense
NARC integrates with Tidal Cyber’s Threat-Led Defense platform, optimizing detection, incident response, and control validation across an organization.
The platform links threat intel to existing security controls to show which attack methods are detectable, blockable, or remain unprotected.
Rather than stopping at general attack techniques, it breaks threats down into the specific commands and processes used by adversaries.
Drawing from more than 1,500 technical reports, the system continuously updates detailed threat data, turning it into actionable data for defense operations.
It also operates in a continuous cycle: mapping intelligence to real attacker behaviors, measuring defensive gaps, validating which controls succeed, and optimizing configurations and priorities based on the findings.
