LevelBlue President On Agentic AI And Standing Out On Its Own Threat Detection, Managed Security Merits

AT&T cybersecurity spinoff LevelBlue's goal is to build data-rich, agentic AI models to produce better threat detection insights and deliver a more "exceptional" security experience for enterprises with the help of their channel partners, said LevelBlue President Sundhar Annamalai.

LevelBlue, formerly telecom giant AT&T's security business and now a standalone managed cybersecurity services "startup," has turned one year old.

In May 2024 AT&T entered into a joint venture with private equity firm WillJam Ventures to officially launch LevelBlue at RSA 2024. Thanks to its backing from one of the largest – and oldest – carriers in the country, LevelBlue at its start was one of the largest startups in the cybersecurity industry to date, with tens of thousands of customers coming over from AT&T.

The company, which goes to market, in part, through channel partners, offers global managed security services, cybersecurity consulting, threat intelligence and security operations center (SOC) support.

But the one-year-old security company isn't relying on the AT&T brand for market recognition. LevelBlue is growing globally based on its own merits, Sundhar Annamalai, president of LevelBlue, told CRN. Right now, Annamalai and his team are focused on enhancing threat detection, improving SOC operations, and providing better end user experiences through AI and data-driven insights.

Annamalai (pictured) sat down with CRN to talk about standing up a cybersecurity company in one year, how the company is already emerging as a leader in threat detection and managed services, and how the company is working closely – but not competing – with partners.

Here are excerpts from the conversation.

In 12 months, LevelBlue is standing on its own as a new brand in the cybersecurity space. What are you most proud of?

We came up on our one-year anniversary [in May]. It's funny how fast a year goes by. On a standalone basis, versus part of the AT&T family, [there's] a few things to reflect on that I'm proud of, not for myself, but for the extended team because they do all the hard work and I just get to talk about it.

But one, I'd say, is the building of the LevelBlue brand on a standalone basis, which I would say is really hard. As part of the AT&T brand that has a 100-year history, starting a new brand that has no brand recognition, I think the team's done a lot of work. We had the fortunate opportunity to launch the brand at RSA last year. The team has been at a number of industry events, and [with] customers of AT&T talking about LevelBlue leaning into cybersecurity. I think those pieces are coming together [and we're] starting to get some traction and recognition in the space.

Two things that we've been working to be able to do on an independent basis. One is: Elevate our thought leadership when it comes to threat intelligence. What we can talk about as a standalone managed cybersecurity company, threat insights that we see, and the risks that customers are increasingly exposed to. We also [recently] published our LevelBlue Futures report … roughly 30 percent of organizations are increasingly finding themselves having to defend against AI-based attacks. [There are] a lot of other good data points in there around training employees to recognize what an AI-driven threat vector is, both in terms of email, videos, phone calls, and media smishing attacks. We're having to build up that practice internally, as well as an organization.

And then we're continuing to see the recognition from the industry and analysts in terms of our leadership as part of AT&T and then on a standalone basis. Frost and Sullivan recognized us for being a leader in their Cybersecurity Wave report. And then, we've also launched MTDR, which is managed threat detection for government services, which is a big lift if you're not familiar with delivering services to government entities. A lot of work goes into ensuring that the stack you build [and] the software you deliver, is all certified for government consumption.

There's a lot going on. It's been a full year of activity. Folks are ready for a new pair of running shoes for year two. So, I bought my new pair of running shoes, and so I'm ready to get going as we get into the back half of 2025 and into 2026.

Are you seeing success in your two-month-old partner program yet?

We're starting to see some of the successes from that program on a global basis. We've seen roughly 40 percent growth year over year in the Middle East [and] roughly 35 percent growth in Europe in our partner program model, which I think is [for] two [reasons]. One, the software stack we deliver to partners that are transitioning either from MSPs to MSSPs and the MSSPs that are looking for tools and capabilities that they can procure themselves, and we help them elevate in the verticals that they happen to participate in.

[Second,] I think our offers we built out at the initial launch of that partner program [email security powered by Check Point and managed endpoint security powered by SentinelOne] are getting good reception from the partners who signed on, and those that have continued to use our services as well.

With so much competition in the cybersecurity space, how are you pitching LevelBlue to partners?

I'd say a lot of what we've been doing in the [U.S.] is leaning into the existing [partners] we already have and bringing those services forward with them. We've had really good traction domestically. We've got really strong relationships. One of our largest [partners], who I just met with a couple weeks ago, we had lunch [and we talked about] what he needs and what he's looking for from us. Part of the thing that MSSPs often ask us is: 'Well, you deliver these services yourselves, so aren't we a competitor to you?' And what I often answer is: 'Customer problems around cybersecurity are so broad and diverse, there's no way anyone can serve all of the needs for every customer and every vertical you happen to participate in.' I told him: 'That's my commitment to you, that we don't go head-to-head. We don't see you as a competitor. We see you as a partner and we work together to help solve your customers’ needs.'

Part of what running a channel program is all about is ensuring that you can deliver on the needs of your customers and their customers. Part of what I [tell partners] is: 'Let us be the software arm. Let us invest in the software stack where they can't and let us bring the services that we bring forward to customers on their behalf. Some of the MSPs we serve have bespoke needs for niche security solutions. What we try to bring forward is: 'Here's software you can use to simplify the way in which you run your security operations on behalf of your customers. Let us be the arms and legs to invest in technology and some of the third-party vendor costs. Let us bring that to market for you, so you don't have to go solve it on your own.

How are macroeconomic factors impacting cybersecurity right now?

With some of the macroeconomic shifts that are occurring; I would say all enterprises, big and small, are going to run into some of the byproducts of those policy shifts. I think they're all trying to figure it out. How do they make business decisions based upon the policies that are being outlined and how do they protect the enterprise, [when] at the same time, policy shifts are changing? And how do they prepare for the future? A lot of what we're seeing is, [enterprises are waiting to see] how it's going to shake out before making large-scale investments.

But what I would say that what still has to occur in the short-term is, you still have to deliver for your enterprises, You still have to deliver for your customers. You still have to protect the business [and] protect your employees. So, all of those are no-regret business decisions that every enterprise is going to continue to make. Maybe it's a bad metaphor, but it's like good hygiene. You still have to brush your teeth every day. There are other things that maybe you don't have to invest in.

What are your goals for year two?

Where we're investing in is the convergence of network security and threat detection and response security. Those are combining, if you will. And how do we evolve our security stack to be able to serve the needs of customers where it's becoming more of a blended environment? Those were traditionally independently managed parts of the security stack in an organization.

I would say that we're going to keep investing in the ecosystem of services and capabilities in the partner program. [Additionally,] you can't have a conversation without talking about the application of AI in all of these environments. This is no different. We kind of try to think about it in three dimensions: One dimension is, how do we use AI? We've been in this business for 10-plus years using machine learning to do threat detection and threat correlation. AI is the next evolution of that and doing it in a way that is insightful, meaningful, and doesn't drive noise on behalf of those that run SOC operations. That's key.

And two, how do we improve our SOC operations using AI as well? Meaning, there are large volume queries that SOC analysts are having to do based upon events that occur. How can we automate those tasks and automate reports on their behalf [and] take the burden off of their shoulders.

And then three, I'd say, [it's about] customer experience. Customers on the flip side have to know: 'What is it that the MSSP is doing for me, day in and day out, and what do these reports mean for me?’ So, we're looking to use AI to make it easier for customers to interpret: ‘What's going on in my organization based upon all these alerts and findings that LevelBlue and other partners are giving to me?

Our goal is taking the data exhaust that we have across our entire base of customers, [and] applying it in a way that's private, isolated, unique, and meets their needs and data restriction policies to build rich, agentic AI models to serve the needs of our customers, and do that in a way that drives better threat detection insights, makes our operations more meaningful [and] impactful to customers, and delivers them a more exceptional experience. We believe that's kind of the opportunity that we're sitting on. The goal line that we're sitting on is using a platform we've already built and have been running for the last decade and extending that across all parts of the business.

We carved out from AT&T and we're really kind of few different independent businesses that are now being brought together with rich data services coming together under one common software stack. That's going to be a continuing evolution for us in the near term and into the future as well. That's something we're focused on [in] the back half of this year, going into 2026.