Fortinet has taken advantage of its Accelerate 2026 event to unveil a new wave of updates to its security operations platform, with a clear message: the future SOC must be more unified, more automated, and much better prepared to coexist with AI-driven threats. The company announced innovations in four main areas: SOC modernization, expanding FortiAI capabilities toward more automagic flows, strengthening FortiGuard SOC-as-a-Service, and streamlining its endpoint security strategy under FortiEndpoint.
The most striking feature of this announcement is FortiSOC, a new cloud-delivered offering currently in preview phase. Its goal is to consolidate core functionalities of FortiAnalyzer, FortiSIEM, FortiSOAR, and FortiTIP into a single service, with one console, a unified data model, and simplified subscription. According to Fortinet, FortiSOC will handle log ingestion and normalization, correlation, automation, case management, behavior analytics, and identity-focused investigations, integrating telemetry from both Fortinet products and third-party sources.
This move makes a lot of sense given the current landscape. Many organizations have built security operations by adding tools for SIEM, SOAR, analytics, threat intelligence, endpoint, and cloud telemetry, but the result is often a fragmented ecosystem that is hard to operate and even harder to scale when specialized profiles are scarce. Fortinet aims to address this with a more integrated architecture, supported by practices inherited from its own managed SOCs and leveraging deeper automation layers.
FortiAI advances from copiloting to agentic execution
Another significant change involves FortiAI. Fortinet explains that it is expanding this technology within FortiAnalyzer, FortiSIEM, FortiSOAR, and FortiSOC to move from conversational assistants to a more agentic execution approach. This transition includes a dedicated agent capable of automating alert triage, investigation, and threat hunting, along with support for the Model Context Protocol (MCP) to maintain shared context and continuity across detection, investigation, and response phases.
This detail is not minor. Practically, Fortinet aims for AI within the SOC not just to summarize events or answer questions but to participate more actively in operational flows. Yet, it’s important to note that the company talks about agentic capacity and increased automation, but does not present this as a fully autonomous SOC. Instead, it’s a platform where AI connects more telemetry layers, tools, and response actions. This distinction is crucial because, in security, automating more doesn’t automatically mean delegating decision-making entirely.
In fact, Fortinet is promoting a broader narrative around MCP and traffic control between agents and tools. In its other major announcement from March regarding FortiOS 8.0, the company emphasized visibility into Model Context Protocol and agent-to-agent flows. This suggests an effort to craft a cross-cutting strategy: to protect not only traditional networks and applications but also the new context exchanges and actions emerging as companies deploy AI agents in real environments.
Managed services and endpoints: fewer pieces, more unification
The third pillar of the announcement is FortiGuard SOC-as-a-Service. Fortinet claims to have strengthened this managed service with new third-party log sources, greater integrations with Security Fabric, and more telemetry from FortiNDR and FortiCNAPP. The goal is to extend the unified SOC architecture to organizations that require continuous monitoring and managed scaling—particularly relevant for small teams or those with difficulty maintaining 24/7 coverage.
Meanwhile, the company also announced enhancements to FortiEndpoint, which it describes as its unified endpoint platform. The promise is to reduce “agent sprawl”—the accumulation of multiple different agents—by consolidating functions like ZTNA, SASE, EPP, EDR, and DLP into a single agent. Fortinet also adds visibility and control of AI applications powered by FortiAI to detect and govern their use. This indicates that risks tied to unauthorized AI app usage are now entering the endpoint security strategy.
This approach aligns with market trends: endpoints remain primary attack vectors and are also where security platforms cause the most operational friction. Reducing agents, simplifying licensing, and centralizing management continue to be key promises across the sector. What’s different here is that Fortinet attempts to link this simplification not only to traditional protection but also to controlling AI application use and communication directly from endpoints.
Fortinet aims to sell an architecture, not just standalone products
The most significant aspect of the announcement might not be each individual product but the overarching strategic direction. Fortinet is trying to package SOC, AI, managed services, and endpoints within a single operational architecture, reducing independent components while increasing correlation and response capabilities on a unified foundation. This is especially crucial now, as many organizations still grapple with alert overload, talent shortages, and disconnected tools.
However, there’s a clear distinction between what is available today and what remains in development. FortiSOC is still in preview, so its real impact will depend on how it launches to market, pricing, integration with multivendor environments, and whether it can truly simplify operations that now involve multiple consoles and contracts. Yet, the core message Fortinet delivered at Accelerate 2026 is clear: the SOC of tomorrow will be more cloud-based, more integrated, and more infused with AI at every phase of detection and response.