Run security on decisions,
not investigations.

Lumina Signals is Sola’s autonomous security research agentic solution. It runs continuous deep investigation across your cloud, identity, endpoint and SaaS environment and delivers a daily feed of decision-ready risk signals, each one pre-packaged with severity reasoning, business context, blast radius analysis, and recommended actions. Your team opens a signal and the investigation is already done.

Lumina scores each signal across four factors: technical severity, blast radius, business context, and exploitability indicators. The score isn’t a black box: every signal surfaces the full reasoning chain in the UI as a first-class element, not buried in a log or accessible only via export. You see what is weighed, why Lumina Signals weighted it that way, and what changed since the last signal on the same finding. If your team disagrees with a score, the reasoning is there to interrogate, not just accept.

Security teams that need senior-analyst-quality investigation at a scale and speed no analyst team can manually sustain. CISOs get a daily view of what changed, what the business exposure is, and what needs a decision. SecOps analysts and security engineers get pre-investigated signals instead of raw findings to chase. GRC teams get business context and audit-ready reasoning baked into every signal, not retrofitted at the end of a quarter.

AI SOC platforms are built around the event stream: they ingest logs and alerts at scale, then apply AI to triage and correlate what fires. Lumina works differently: it doesn’t wait for alerts to investigate. Sola’s Lumina Signals proactively reasons across your environment on a continuous basis, surfacing risks before they generate alerts, across identity and SaaS domains that most SOC platforms can’t see. Connecting Lumina’s insights to your existing SOC or SIEM enriches every investigation with the posture, misconfiguration, and cross-domain context that event-centric tools can’t provide on their own.

CTEM platforms focus on vulnerability prioritization, scoring exposures based on exploitability signals and asset context. Lumina does the investigation layer that CTEM leaves to your analysts. Where CTEM tells you which vulnerabilities rank highest, Lumina Signals maps attack paths across identities, configurations, and observed behavior, calculates the blast radius of each finding, applies your business context, and packages everything into a signal your team can act on immediately.
Lumina Signals doesn’t replace your vulnerability program; it fills the gap between “here’s what’s exposed” and “here’s what it means and what to do.”

In cybersecurity, business context means knowing which assets actually matter before assigning a risk score. An exposed database isn’t the same risk as an exposed staging environment. A compromised admin account in finance isn’t the same risk as a dormant account in a decommissioned app. Without that layer, severity scores reflect technical exposure in a vacuum.

Lumina Signals builds business context into every signal, factoring in asset criticality, data sensitivity, regulatory exposure, user role, and access scope at the time of the finding. Priority moves up and down as context changes, so what reaches your feed already reflects your environment, not a generic severity model.

Cross-domain means the inputs matter as much as the correlation. Sola treats cloud, identity, and SaaS as first-class data sources from the ground up, each with its own entity model, relationship mapping, and signal weight. They’re not side modules bolted to a cloud-first base.

A finding in Lumina Signals can combine an overpermissioned AWS role, an inactive Okta account, and a shared Salesforce admin credential into a single signal because all three live in the same reasoning graph. That’s the difference between cross-domain as a feature and cross-domain as an architecture.

That’s completely up to you to decide. By design, Lumina Signals sits on top of your existing stack and reads from it. Your CSPM finds cloud misconfigurations, your identity provider logs access events. Lumina Signals ingests the data, reasons across all of them together, adds the business context those tools can’t see individually, and delivers findings your team can act on. The more of your stack Lumina Signals connects to, the sharper the insights get.

No. Lumina Signals operates read-only against your data sources, and your data is never used to train models. Every signal Lumina produces is generated exclusively for your environment, under strict security controls. Your data produces your signals and goes nowhere else.