Tidal Cyber Launches NARC: The First Automated AI Engine to Extract Adversary Procedures for Threat-Led Defense
Reston, VA – November 3, 2025 — Tidal Cyber, the leader in Threat-Led Defense, today announced the launch of yet another milestone with the official launch of NARC (Natural Attack Reading and Comprehension), the first automated AI engine built to extract adversary procedures and threat objects from unstructured intelligence. Now available within the Tidal Cyber platform.
Intelligence can be trapped in unstructured data while analysts spend hours manually tagging, mapping, and creating procedural relationships. Security teams crave procedures but creating and connecting them requires specialized skill and significant time. With AI and automation, security teams are now able to parse through unstructured data at scale using natural language reasoning to extract and contextualize adversary procedure.
Developed from technology acquired through Tidal Cyber’s 2025 acquisition of Zero-Shot Security, NARC automatically reads and interprets unstructured text, such as CTI reports, incident response summaries, and red-team findings to transforms them into ATT&CK-aligned procedures and creates relationships between groups, software, and campaigns. NARC also expands the threat picture by generating new threat objects and maps relationships between new and existing objects. Both are instrumental in creating a living, connected intelligence base that organizations can operationalize across detection, incident response, hunting, and control validation workflows.
“NARC represents a fundamental shift in how defenders harness AI,” said Frank Duff, Co-Founder and Chief Innovation Officer at Tidal Cyber. “By automating the extraction of adversary behavior from the vast amount of unstructured data available, we’re bridging the gap between intelligence and action. It’s no longer about collecting more data; it’s about understanding how adversaries operate and ensuring our defenses are aligned accordingly.”
NARC reduces analysis time from hours to minutes, eliminating one of the most significant bottlenecks in threat intelligence. Early adopters have reported that manual tagging and mapping, once a painstaking task, have been significantly reduced, freeing analysts to focus on higher-value detection and defense engineering.
“We built NARC to think like an analyst, only faster,” said Harrison Van Riper, Director of AI at Tidal Cyber and creator of NARC. “It doesn’t just parse through data and identify tactics or techniques. It identifies procedures and the how behind adversary behaviors. That context is what allows organizations to make truly threat-led decisions and evolve from reactive defense to proactive defensive security.”
The integration of NARC into Tidal Cyber’s Threat-Led Defense platform advances the company’s mission to make defensive security actionable and measurable. By automating procedure extraction and linking it directly to groups, campaigns, and software, Tidal Cyber continues to help organizations reduce risk, strengthen defenses against actual attacker behavior, and defend with precision.
About Tidal Cyber
Tidal Cyber is the first true Threat-Led Defense platform built to flip the traditional defensive model by putting real adversary behavior at the center of your defense strategy. Threat-Led Defense maps techniques, sub-techniques, and procedures to ATT&CK, revealing exactly where you’re exposed and how attackers operate against that exposure.
It's a level of precision you’ve never had before, empowering security teams to proactively reduce risk and optimize high-impact security investments.
Threat-Led Defense is Tidal Cyber’s unique implementation of Threat-Informed Defense, enhanced with procedure-level granularity to make CTI more relevant and actionable.
For more information on NARC and Threat-Led Defense, visit tidalcyber.com.