Questions you will get, pushback you will hear, and the answers grounded in what is actually true. Do not forward this document externally. The public-facing FAQ is part of the press release page itself.
PLAID ELITE is 7AI's fully managed AI-native security operations service. AI agents continuously and autonomously investigate, hunt, and triage. 7AI security engineers add the judgment, oversight, and governed response. The customer gets agentic SOC outcomes around the clock without building or scaling an internal operations team.
Lead with this framing: PLAID ELITE is not an MDR product. The delivery model is structurally different.
Traditional managed services scale capability by adding analyst headcount on shift coverage. Response time and depth of investigation are bounded by how many humans are available, in what timezone, with what specialization. Cost scales linearly with capability.
PLAID ELITE's delivery model is built around continuous autonomous investigation by agents. Performance improves with investigation volume because the system inherits context across customers. 7AI security engineers are in the loop on the work that needs human judgment, not on the work that scales naturally. Coverage is continuous and follow-the-sun by construction, not by shift scheduling.
If a customer pushes you for the MDR comparison directly, do not compare PLAID ELITE to a specific competitor. Compare it to the category. Use Israel Barak's framing: "Traditional managed services can provide expertise, but the delivery model is built around human shifts. PLAID ELITE is a fundamentally different service model."
Separate offering. Not a tier above PLAID.
PLAID is the agentic security platform. Customers run the platform inside their own SOC, with their team operating it. PLAID ELITE is the fully managed service. 7AI runs the operations.
These are different buying patterns. A customer with a strong internal SOC team that wants to amplify them buys PLAID. A customer that wants managed agentic security outcomes without building or scaling that team buys PLAID ELITE. They can also move between them. We have customers who started on PLAID and added PLAID ELITE later, and the reverse.
Do not pitch PLAID ELITE as a more expensive PLAID. Pitch it as a different offering for a different buying motion.
We do not publish pricing. Pricing varies by environment size, integration scope, and managed coverage tier. Engage your account team for a scoped quote.
What you can say in a customer call: pricing is structured around outcomes, not seat licenses or analyst hours. Customers do not pay for hypothetical analyst capacity. They pay for managed security operations delivered to their environment. The unit economics improve over time because the platform's contribution increases as investigation volume grows.
Both, but the channel motion is the primary one we are scaling. PLAID ELITE is structurally designed to be wrapped inside a partner's advisory or managed services practice. GuidePoint, Myriad360, and DXC AdvisoryX are the primary co-sell partners as of GA.
If a customer wants to buy direct, we will sell direct. If they have an existing partner relationship that already has an MSA in place, channel is often faster.
An "investigation" is one alert, signal, or hunt query that goes through the agentic investigation workflow end to end, regardless of outcome (closed as false positive, escalated, expanded to a related case, or finished with a remediation handoff).
The 7 million number is the cumulative count across all production customer environments since the platform went live with paying customers. It is not a marketing extrapolation. It is what the platform's production audit log shows.
If an analyst pushes on the definition, the answer is "an autonomous end-to-end investigation lifecycle from initial signal to disposition." Do not call it an "alert" because an alert is the input, not the unit of work.
It is the count of net new paying customers added in the most recent quarter compared to the prior quarter. A 3x multiple, not 3% or 30%.
If a customer asks for the underlying number, do not share specific customer counts. The right answer is "we have been deliberately not optimizing for raw logo count because we are anchoring on enterprise-scale deployments, but on that metric the multiple is 3x QoQ."
It is the range reported across customer deployments measured at the 90-day mark, not at peak performance. The bottom of the range (95%) is what customers see early in deployment as the platform is still learning environment-specific context. The top of the range (99%) is steady-state for mature deployments.
DXC Technology specifically has spoken publicly about 95 to 99% reduction. Mike Baker is the named source if pressed.
If a customer is skeptical, the right move is not to defend the number. The right move is to offer a proof of value in their environment scoped to a specific timeframe. The platform will show its own outcome.
It is real and it works because the platform is designed to start working against existing telemetry without long integration cycles. We connect to the customer's EDR, SIEM, and identity tools through pre-built integrations. The platform begins investigating against live signal within hours of authentication completing.
"First autonomous investigation" means the platform has ingested a real signal from the customer's environment and completed an investigation end to end. It does not mean full production. Full production typically takes another 2 to 4 weeks while the platform learns environment-specific normal behavior and the customer's response team validates investigation quality.
If a customer asks how that compares to traditional SIEM or SOAR deployment, the honest answer is: "Most SIEM deployments are measured in quarters. Most SOAR playbook builds are measured in months. We are measured in days because the agent does the work that humans would have built into rules."
Three concrete mechanisms. Use these specific examples in customer calls, not the abstract phrase.
First, signal interpretation. Across 7 million investigations, the platform has resolved millions of edge cases (this combination of factors is benign in this kind of environment, this combination is malicious). Each new customer environment inherits that resolved knowledge from day one. A SOC operating without that context has to relearn it from scratch through their own analyst attention.
Second, attacker pattern recognition. The platform has seen real instances of essentially every common attacker technique. A new TTP variant that appears in one customer environment is recognized faster across the rest of the customer base, even before the technique gets a public name.
Third, response orchestration. Investigation outcomes that result in specific response actions become reusable patterns. The next investigation that surfaces the same pattern gets the same proven response orchestration without needing a playbook to be authored.
None of this is "training." It is operational. The compounding happens in production, continuously, without quarterly model updates.
What gets shared across the customer base is patterns, not data. The platform learns that "this combination of three signals tends to be a benign automation script when the source process matches this kind of pattern." That generalization is stored as a pattern, not as customer-specific events.
No customer's raw telemetry, alert data, or response actions cross customer boundaries. The customer's data stays in the customer's environment and tenancy. What compounds across the customer base is the platform's interpretation of patterns, which is structurally tenant-isolated.
If a customer security team pushes hard on this, route to a 7AI security engineer or to Israel Barak directly. This is a CISO-level conversation that deserves a direct answer from someone who runs it.
Hiring through 2026. Some roles are already filled (headcount is up 47% in the past quarter alone). The 100 is the total addition for the year. Hires are coming from companies including Rapid7, Wayfair, DraftKings, MITRE, Amazon, CapitalOne, and Cybereason.
Open roles are at 7ai.com/careers. If a customer or partner contact asks because they know someone who would be a fit, send them there directly.
An initiative led by WHOOP that positions Massachusetts as a national hub for AI innovation, with founding members including 7AI. The framing is that Massachusetts is competing for the next generation of AI companies the way the Boston biotech corridor was built.
If asked for more detail, route to Nate. The Coalition story is a marketing and policy story, not a product story, so it doesn't typically belong in a customer sales conversation unless the customer themselves is in Massachusetts.
Public-named customers as of this release: DXC Technology, BigID, Duck Creek Technologies, Blackstone, OneSpan, Cole Scott & Kissane, Abacus Insights. All of these are in the release itself and have public quotes or named references.
Watco is in progress and internal-only pending clearance. Do not name Watco in customer conversations yet.
If you are in a deal with an organization that has a customer reference need beyond this list, escalate to Nate or to your AE manager to coordinate a customer reference call. Do not commit a customer to a reference without clearance.
Mike is the world's largest 7AI deployment owner and has been our most public customer voice. He is a finite resource. Reference calls with Mike require coordination through Nate and through DXC's customer reference protocol. They are reserved for late-stage strategic enterprise deals.
If you are earlier-stage, the better move is to send the customer the recording of Mike's prior public sessions (GPSec, the upcoming Gartner fireside) rather than asking for a 1:1 reference call.
Say "I want to give you the right answer on that, let me come back with it in 24 hours." Do not improvise on PLAID ELITE pricing, technical architecture, customer-specific outcomes, or the "compounding advantage" mechanism if you are not sure.
Escalate to Nate in Slack with the specific question and the customer context. The standard turnaround for getting an answer back is same-day for product or positioning questions, 24 to 48 hours for anything requiring legal or customer reference coordination.