Conceptual image of digital construction framework carrying wisebee logo

Building WiseBee’s Platform from First Principles

By Published On: March 20263.8 min readCategories: Featured, Insights

Part 1: Data Model

This is the first part in a technical blog series on WiseBee’s journey creating a modern and holistic cybersecurity platform from first-principles.

I’m starting this series sharing a bit on the evolution of our data model design principles, as we found out this to be a key architectural enabler and base for what came next.

Back in 2025, we realized we needed to evolve WiseBee’s “first act” data model, that allowed us to quickly bring to our customers a view of their (and their ecosystem’s) external-attack surface. We were preparing for a platform that could synthesize diverse security signals into a 360 view, and go beyond detection and insights, into triaging, prioritization, and resolution workflows for both human and AI teammates.

WiseBee’s vision is a platform that tackles alert fatigue, tool sprawl, and large MTTRs. These are the three horsemen of security breach-inducing risk and team burnout.

Separation of Concerns

As most platforms on a similar problem space, it became clear we needed to start thinking on a unified risk model, and introducing a clear separation of concerns between different areas of our data model.

Raw, Evidence, and Operations

In order to allow teams to start operating over different issues, we introduced a clear separation of concerns between the raw data collected from multiple sources (which is key to preserve a chain of custody), a unified model for evidence that enables the processing of this information in a more vendor/source-agnostic fashion, and finally derived and connected issues teams get to work on, that need to empower agency, customizability, and collaboration between teammates (both human and AI).

Workspaces and “World” Data

On an orthogonal dimension, we realized that in order to move away from one-size-fits-all formulas, and allow each organization to have full control and ownership over their data, their workflows, their rules, we need a clear separation between workspace-specific data, and “world” data that functions as a shared view of a global knowledge graph, and community-powered resources all WiseBee teams can benefit from.

Here’s a diagram to help visualize these different areas, including some (purely illustrative) examples of the type of data under each.

Data Tenancy

Another key aspect we baked in early on in our data model design, is flexible data tenancy.

The clear separation of workspace-specific data, allows us to guarantee state-of-the-art data privacy and easily satisfy the requirements of compliance frameworks like GDPR, CCPA/CPRA, HIPAA, and all their regional equivalents.

Beyond compliance, this also unlocks different deployment options. From region-specific data residency to customer-dedicated instances, providing a path toward performance isolation and additional scalability levers.

Traceability & Explainability

While the need for an audit log over all the workspace data (sensitive data multiple users manipulate) might be obvious, and in many cases a mandate by multiple compliance frameworks, the ubiquitousness of AI agents (more on that soon) operating and collaborating on the same workspace, has significantly raised the table stakes.

A WiseBee workspace keeps full traceability over all the operations made to its data, not only who, what, when, but full details to guarantee a high level of “explainability”:

  • Was this change made directly on UI? Was it done by Mel (our AI copilot) as part of a conversation? Where and why? Was it made as part of an automated workflow? Was it done by an external agent using our MCP server?
  • What was the exact change? What is the delta?
  • What are the reasons and chain of events that led to this change? (especially for AI agents)

We believe there’s no place for a cybersecurity platform, especially with AI-powered agentic work, where this level of traceability and explainability is missing, so we made this a part of our platform architecture from early on.

As some of you know, this also delivers a few additional side benefits, like undo-ability, time-travelling, change subscriptions and alerting, efficient data synchronization to external systems, and even automated self-learning / workflow optimizations.

This is only scratching the surface on some of the areas where modern AI agents are changing the game for automation in general, and cybersecurity platforms in particular.

In future parts, we’ll get deeper, and expand into how this supports AI agents and automated workflows, and a few lessons learned. Stay tuned!

We’d love to hear from you, if you have any questions, or if this made you curious, don’t hesitate to reach out. We’re also hiring talented folks to join us on this quest!

About the Author

Benjamin "Benja" Eidelman is CTO at WiseBee and former VP of Engineering at SecurityScorecard. He builds and scales engineering teams, architecture, and execution to help startups grow from early stage to maturity.

Related Posts

WiseBee is attending! Announcement graphic
Meet WiseBee at RSAC 2026

Meet WiseBee at RSAC 2026

March 2026
Person on laptop holding magnifying glass over alert data
Why Your Vulnerability Management Strategy is Likely Broken

Why Your Vulnerability Management Strategy is Likely Broken

January 2026
Abstract cybersecurity image showing AI SOC tools concept
Why Every AI SOC Tool Feels the Same (And What’s Actually Missing)

Why Every AI SOC Tool Feels the Same (And What’s Actually Missing)

November 2025

One solution that helps you automate the entire security lifecycle

The new AI-native cybersecurity platform

Face enterprise-grade threats with a fraction of the resources. Security tools should do the work, not create more work.