Dutch software, European data: a security agent that triages, investigates and contains identity signals on its own, instead of only raising alerts
Utrecht, 23 June 2026. Dutch cybersecurity company Attic Security today launches IVON, a security agent that picks up the identity signals small IT teams leave unattended. IVON triages, investigates and contains attacks on Microsoft 365, with human oversight as the default. Where the term agentic MDR has so far been driven mainly by American vendors, IVON comes from the Netherlands: Dutch software, European data, under European law. At a time when digital sovereignty carries more weight, that is not a detail but a choice. There is currently no vendor from European soil that delivers identity-first MDR with real response, meaning triage, investigation and containment, to organisations under 50 employees at an SMB price point. That makes Attic the first to bring this combination to market in the Netherlands.
Identity has become the dominant attack path. Attackers log in more often than they break in. Detecting that is largely a solved problem: Microsoft Defender, Sentinel and Entra ID generate signals in abundance. The gap is in the follow-up. An SMB team of two has no time to chase down signals that fall just short of high confidence. So those signals are left unattended. The risk sits precisely in that layer.
IVON closes that gap. The agent investigates audit logs, builds up a confidence rating and delivers a verdict with substantiation, not just an alert. Where a traditional service forwards a ticket, IVON does the work and shows what happened. Human oversight is the default. The customer decides, per scenario, where the agent is allowed to act on its own. Every action the agent takes sits in a full audit trail. IVON works across Defender, Sentinel and Entra ID.
"A lot of MDR catches what alerts at high confidence, and the rest drowns in volume. We built IVON to look through that layer. The customer decides where the agent acts on its own, and sees at every step what happened. No signal is left unattended any more."
Erik Remmelzwaal, CEO of Attic Security
The agentic approach changes turnaround time. With auto-approve on a scenario, MTTR drops below five minutes, depending on the customer's configuration. To illustrate what agentic investigation does to turnaround: an incident report that normally takes two days of work, Attic now delivers in six minutes. IVON does the Tier 1 and Tier 2 work, people do Tier 3.
Attic deliberately targets the segment traditional MDR skips: SMBs, and more broadly any organisation without its own security team. IVON is Dutch in origin and EU-domiciled. The fact that IVON comes from European soil, with Dutch software and European data under European law, is a distinction vendors from outside the EU cannot make; data location can be copied, origin and jurisdiction cannot. The price is set for small environments: from six euro per user per month, plus three hundred euro per tenant per month. No entry minimums that shut SMBs out.
The timing fits NIS2 and the Dutch Cybersecurity Act, which oblige more organisations to demonstrate detection and response. IVON's full audit trail provides the evidence such legislation requires, without a small team having to produce it by hand.
IVON is available for Microsoft 365 environments as of today. The rollout starts with an opt-in beta cohort and then moves to general availability.
About Attic Security
Attic Security is a Dutch cybersecurity company building Identity-First Agentic MDR for the SMB segment within the Microsoft 365 ecosystem. Founded by veterans of DearBytes (acquired by KPN in 2017), Fox-IT and the Dutch National Police, with deep roots in the Dutch ethical hacking community, Attic protects the layer where most modern breaches happen: identity. The agentic platform takes over the Tier 1 and Tier 2 detection, triage and response work that traditional MDR services require an in-house SOC team for, at a price and onboarding speed designed for organisations under 250 employees and the MSP partners that serve them. NIS2 compliance evidence is built into the platform. Named by European cybersecurity experts as one of the most innovative cybersecurity solutions of 2025, and selected for cybersecurity advisory work for the Dutch government in the run-up to the NATO summit.
atticsecurity.com