Exaforce

2025 was a turning point for SOC teams. We analyzed what actually happens inside modern security operations, from cloud telemetry overload to which alerts truly deserve human time. Read the Exaforce Agentic SOC 2025 Year in Review hubs.li/Q03Z821k0

Creating a new IAM user is unusual. Immediately granting them broad S3 access is worse. In our last webinar, Kavita and Steven showed how Exaforce assesses blast radius in real time during triage, for both native alerts and third-party ones. hubs.li/Q045Gvk00

New research from @gl4ssesbo1 and Klesi. Attackers hid an AES-encrypted NodeJS payload inside Unicode characters and routed C2 commands through Solana blockchain transactions. 104 GitHub repos compromised. Full breakdown: hubs.li/Q046QcJr0

Recorded walkthrough: what does effective permission resolution actually look like in practice? Kavita and Steven show real examples of how permission data changes the severity of a finding, from blast radius to the specific policy that needs to change. hubs.li/Q046tpnC0

@BlueTeamCon Proud to support the defenders and excited to see you there!

Blue Team Con 2026 is proud to announce Exaforce as the Ultimate Sponsor.

An autonomous AI bot spent 7 days exploiting misconfigured GHA workflows across Microsoft, Aqua Security, and others. Just a pull request and overprivileged tokens. @gl4ssesbo1 broke down how hackerbot-claw worked and what to detect. hubs.li/Q046tGkn0

Suspicious login alert. How do you triage it? You need to know what that user can actually do. Most teams don't have that answer precomputed. That gap is why blast radius estimates are often wrong. hubs.li/Q045Gtzf0

On your laptop, admin = do anything. On AWS, there's no "admin bit." Permissions are a language: who, on what resources, doing what actions. Steven Moy called it a leap of faith for anyone coming from traditional IT. He's not wrong. hubs.li/Q045GsnD0

Most SOC teams can't answer the most basic question in identity security: what can this compromised user actually do? Without that answer, blast radius is a guess. Kavita and Steven break down what effective permissions do for threat analysis. hubs.li/Q045Gv3X0

The math on SOC outsourcing has changed. AI handles triage and investigation before alerts reach humans. Institutional knowledge stays in the system instead of leaving with analysts. Full story: hubs.li/Q042-2hB0

Gartner®: By 2028, 50% of TDIR platforms will include agentic AI, up from less than 10% in 2024. Benefits: Autonomous detection, accelerated response, proactive hunting, talent solutions. Full report: hubs.li/Q03_lHw40 #AgenticAI #SOC #ThreatDetection

Gartner®: By 2028, 50% of TDIR platforms will include agentic AI, up from less than 10% in 2024. Benefits: Autonomous detection, accelerated response, proactive hunting, talent solutions. Full report: hubs.li/Q03_lHw40 #AgenticAI #SOC #ThreatDetection

MFA bypassed. AI-generated critical vulns. Deepfake execs. @ifoundanifty shares what's coming in 2026 security on @tfir_io (and how to prepare). Watch: hubs.li/Q042lDvK0

Gartner®: Agentic AI shifts security "from reactive alert management to proactive, AI-driven threat hunting." Reactive: Wait → Respond Proactive: Hunt → Contain first Catches supply chain attacks, insider threats bypassing traditional rules. Report: hubs.li/Q03_lL2y0

Gartner® highlights "real-time containment actions" as a core benefit of agentic AI. Traditional: Alert → Human triage → Response (hours) Agentic AI: Alert → Auto investigation → Containment (minutes) Report: hubs.li/Q040CFP30 #IncidentResponse #AgenticAI

We analyzed an AiTM phishing attack that bypasses MFA by abusing Adobe Acrobat links and GCP infrastructure. The attack harvested credentials in real-time by intercepting authentication between victims and Google's sign-in page. Full technical breakdown: hubs.li/Q040CDKW0

@USATODAY on why alerts alone don't stop breaches: "The problem isn't a lack of security tools. It's that security teams can't keep up with the pace, volume, and complexity of modern attacks." Exaforce automates the full cycle, not just triage. Full piece: hubs.li/Q03_Bp1N0

The #1 reason companies choose MDR? "We can't hire SOC analysts fast enough." Gartner® research shows agentic AI "enables less experienced analysts to manage complex incidents" and "bridges skill gaps without relying on scarce expert talent." hubs.li/Q03_MmnW0

One of your biggest security threats isn't breaking in. It's already inside. Traditional tools can't tell the difference between normal work and data theft. AI-powered platforms can. hubs.li/Q03_cPwr0

The MDR vs. in-house SOC debate just got upended. AI is changing the economics and the answer. Marco Rodrigues and Taylor Smith break down when to build, when to buy, and when to bring it home. Feb 4, 11 AM PT Register: hubs.li/Q03-VCVy0 #MDR #AISOC #CyberSecurity