aicoolies logo
Tracecat logo

Tracecat

Open-source SOAR platform with AI-powered playbooks

Share
freemiumOpen Source
Visit Website →

Tracecat is a YC S24-backed open-source SOAR (Security Orchestration, Automation and Response) platform that lets security teams build AI-powered playbooks for automated incident response. It provides visual workflow builders for creating response procedures, integrates with common security tools, and handles alert triage, enrichment, and remediation — positioned as an open-source alternative to Tines and Splunk SOAR.

Tracecat is an open-source security automation platform that brings SOAR (Security Orchestration, Automation and Response) capabilities to teams that cannot afford or justify the cost of enterprise solutions like Tines, Splunk SOAR, or Palo Alto XSOAR. Backed by Y Combinator's Summer 2024 batch and carrying over 3,500 GitHub stars, Tracecat provides a visual workflow builder for creating automated response playbooks that handle the full lifecycle of security incidents — from initial alert triage through enrichment, investigation, and remediation.

The platform's AI capabilities go beyond simple automation. LLM-powered playbook steps can reason about alert context, correlate events across multiple data sources, generate investigation summaries, and suggest remediation actions based on the specific characteristics of each incident. This transforms security operations from reactive, manual processes into proactive, semi-automated workflows where analysts focus on decision-making rather than repetitive data gathering. Integrations with common security tools — SIEMs, EDR platforms, ticketing systems, communication channels — ensure Tracecat fits into existing security stacks.

Self-hosting is free under the Apache-2.0 license, with Tracecat Cloud available as a managed option for teams that prefer not to maintain infrastructure. The SOAR category represents a genuine gap in the aicoolies catalog: while security scanning and code review tools are well represented, security automation and incident response tooling is entirely absent. For DevSecOps engineers and security teams in developer-heavy organizations, Tracecat provides the automation layer that connects security alerts to actual response actions.

Pricing

Free and open source (Apache-2.0) for self-hosting. Tracecat Cloud managed tier available.

Platforms

Self-hosted via Docker on Linux. Cloud hosted option. Web-based visual workflow builder.

Categories

Tags

Use Cases

Alternatives

Related Tools

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source
Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry
Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source
Freestyle logo

Freestyle

Sandboxes for coding agents — Linux VMs, Git, and deploys in one box

Freestyle is YC-backed sandbox infrastructure built for AI coding agents, shipping secure Linux VMs with nested virtualization, Git servers, and one-click web deploys. It lets agents run real workloads, branch repos, and deploy apps under short-lived identities while billing only for active compute. Used in production by vly.ai, Rork, and Vibeflow.

freemium

Used in Stacks