What is Tracecat?

Tracecat is an open‑source AI automation platform designed for security teams and incident responders. It enables the creation of automated workflows that integrate more than 200 connectors for security, IT, and infrastructure tools such as Slack, Gmail, SIEM, and cloud services.

Users can build agents and case‑centric workflows through a conversational interface, with actions run in isolated sandboxes that protect secrets. The platform supports advanced control flow, including loops, conditional branching, parallel subflows, and inline scripts in Python, Bash, or JavaScript.

Human‑in‑the‑loop approval gates allow analysts to validate and approve actions before execution. Case management features record incident timelines, containment steps, and audit logs, facilitating structured investigations and response planning. Tracecat is available as a self‑hosted solution that meets SOC 2 Type II requirements and includes optional enterprise features such as fine‑grained access controls and reserved compute resources.

Tracecat user reviews

Would you recommend Tracecat?

Recommend this tool?

Tracecat's key features

Automate security workflows with AI
Over 200 tool connectors
Sandbox isolation for actions
Scriptable control flows
Human‑in‑the‑loop approvals
Self‑hostable open‑source platform

Tracecat use cases

Automate triage of suspected phishing emails by ingesting inbox messages through connectors, sandboxing attachments, and routing incidents to SOC cases with human approval gates for critical actions
Enrich threat intelligence by pulling indicators from 200+ external feeds, sandboxing suspicious data, and auto‑generating enriched alerts that feed into structured case management with conditional branching
Orchestrate a full SOC incident response playbook that integrates cloud, on‑prem, and third‑party services via connectors, uses sandboxed AI actions, requires human approval for critical remediation steps, and maintains a comprehensive case history