Browser-native AI security operations center startup Legion Security differs from existing solutions on the market through the use of a lightweight browser extension that learns directly from analysts by observing their day-to-day investigations. The idea is to allow the platform to capture the nuances of human expertise and translate them into scalable, automated workflows tailored to each organization’s unique tools and processes. Legion uses a three-phase operational model that moves from passive observation to full automation. In the initial “Learning Mode,” the platform shadows senior analysts and records how they handle alerts and make decisions. The next step, the “Guided Mode,” offers suggestions and performs tasks under human supervision. Finally, when teams are ready, an “Autonomous Mode” allows Legion to act independently or with selective approvals, drastically accelerating response times and reducing manual workload without sacrificing oversight. Analysts can configure exactly when and where Legion operates, restrict its access to certain tools and mask sensitive data during sessions. Every action taken by the AI is fully auditable and security teams retain final say over what is learned, applied or deployed. The offering from Legion is positioned to solve a longstanding pain point in cybersecurity: the overwhelming volume of alerts and the shortage of qualified personnel to investigate them. By converting institutional knowledge into actionable automation, the platform helps reduce triage time, cut down on false positives and eliminate repetitive documentation work. “What sets Legion apart is its browser-native AI platform,” said Sri Viswanath, managing director at Coatue. “It studies how security analysts work and instantly scales those workflows, cutting investigation and response times by up to 90%.”