BLOG · 2026-05-12

Anthropic showed the map. monsys.ai is the store.

Anthropic published this week how their own Detection team uses Claude for alert triage and investigation. The numbers are striking — and confirm what we've been building since day one.

What Anthropic published

Jackie Bow's team built CLUE — Claude Looks Up Evidence — on top of Claude Code, with integration into Slack, their data warehouse, and internal logs. What they reported over 30 days of work:

False-positive rate on alert triage dropped from about 33% to 7%.
12,000 automated queries and 27,000 tool calls executed.
An estimated 1,870 hours saved — equivalent to 234 person-days.
Average investigation time down to 3-4 minutes, where it used to be hours or days.

Source: Anthropic blog, May 2026. How Anthropic uses Claude for cybersecurity ↗

What that means for an EU SMB

Anthropic has a Detection Engineering team of professionals who can build that in-house. That's the exception. An average Belgian SMB with 5-50 servers has one IT lead, or an MSP that bills by the hour. For them, 'build your own CLUE' is not an option.

What is available to them: a production-ready SOC platform with the same workflow, EU-hosted, with output an auditor will accept. That's what we're here for.

What we deliver

Our stack delivers the same three ingredients as CLUE — alert enrichment, natural-language log investigation, and autonomy over playbook rigidity — plus three things their internal tool doesn't need to cover:

EU residency: all infra in the EU, GoTrust BV as the legal entity. No US export of customer data.
Audit-grade evidence: every period or incident produces an Ed25519-signed tarball your auditor verifies offline with an open-source Python script.
Compliance engine: automatic mapping to ISO27001, NIS2, BE-CyFun and CIS — no manual spreadsheets.

What we DON'T do

We don't copy Anthropic's autonomy model one-to-one. Our alert evaluation stays rule-based (threshold + z-score, no LLM judgement on the hot path). Our AI Explain runs locally on the host via Ollama, opt-in. Reason: an auditor doesn't accept 'the LLM thought this was suspicious' — they accept a repeatable rule and a signed proof. With us, AI is a layer on top of the deterministic core, not in front of it.

Want this workflow in your own environment? Five agents free, then €3 a month. No credit card. EU-hosted.

Create an account →See the side-by-side

All numbers and quotes come from Anthropic's own blog post, linked above. monsys.ai is not a partner of or affiliated with Anthropic — we use public information to illustrate our positioning.