What the In-N-Out Secret Menu Taught Us About Launching AI Agents for Security Teams

If you’ve ever ordered a burger “animal style” at In-N-Out you know the feeling. You walk up to the counter, it’s not on the menu, but they don’t even blink. They nod, punch it in, and a few minutes later you’re handed a double cheeseburger that hits different. 

No flashy sign. No explanation needed. Just something better. 

That’s pretty similar to how we’ve been quietly building Query Agents. We aren’t building these to add to the AI hype. We built them because they can solve real security problems by using our data mesh as the differentiator that creates real value: access to your normalized data.

They’re not on the Query website. There’s no product page or press release. But if you’re facing real challenges in your SOC, you’ll find out they’re very much available. Like the In-N-Out secret menu, AI-powered features exist in our product for one reason: people asked for them. And we knew they needed a better option.

We didn’t build with these agents for buzz. We built them to help you.

We’ve spent the last year working side by side with security operations teams: SOC analysts, incident responders, security architects, and detection engineers. What we kept hearing wasn’t, “we want AI.” It was, “we can’t get to the data we need” or, “we waste hours chasing the right data to make decisions.” What we heard certainly wasn’t “replace me.” It was “remove the repetitive toil so I can defend my company and make me more effective.”

These aren’t marketing problems, they’re operational ones. So we didn’t start with a roadmap. We started with user problems and a belief that a normalized data gateway from Query could really help. Then we got to work building alongside customers aimed at outcomes that matter.

Our platform already normalized distributed data at time of search. That gave us an edge. 

So we asked: what if we could give an agent that data and a mission? What if AI could do part of a job a security analyst would normally do? Not a generalist chatbot, but something purpose-built, structured, and focused. Something that would make an analyst more productive. 

Things like:

• Triaging detection findings by severity and status
• Extracting and prioritizing vulnerability intel from URLs and CVE feeds
• Parsing threat reports and returning IOCs in markdown tables
• Summarizing network logs and enriching IPs with WHOIS and DNS data
• Giving you asset context from across your environment

It turns out that we could, so we did.

These are task-specific agents built on real security operations work.

We’re not trying to replace your SOC analysts. We’re helping them do the job that you hired them for more effectively (it’s a hard job – give them a hug). 

Each Query Agent is tied to a specific job to be done. We intend for them to be like your co-workers (the ones you like). Detection Finding Triage. Vulnerability Intel. Threat Research. Pulling Network Activity & Asset Context. We’re adding more as customers need them.

If you have your own LLM stack or internal agents built, we’ve got you covered there too. The Query MCP server can deliver normalized data from distributed sources directly to your models with no centralization or ETL required.

You can get what you need, how you need it. You just have to ask.

Why aren’t they on the website? Because we still believe in starting with the problem.

The security world doesn’t need another AI product announcement. What it needs is better solutions to age-old problems. Fewer pivots. Faster triage. More time spent fixing what matters and less time searching across twelve browser tabs to find context. 

That’s what Query Agents are here to do.

So no, they’re not on the homepage…yet. They will be soon. But they are working in the field. They’re helping real teams get real work done, just like that secret burger. You might not see it listed, but that doesn’t mean you can’t order it.

Just ask.