ExtraHop

Think you can spot a threat actor hiding out in your network before the clock runs out? 🕵️‍♂️⏳ This is your chance to prove you’re the fastest defender in the room at the biggest cybersecurity conference of the year! Stop by the ExtraHop booth at #RSAC 2026 to compete in the Threat Hunter Race. It’s a timed, high-stakes competition where you’ll navigate real-world attack scenarios and hunt down threats using our modern NDR platform. Do you have what it takes to top the leaderboard? xtra.li/40F9QvQ

The RSAC 2026 session you’ve been waiting for... How agentic AI broke threat intelligence (& how we fix it) ft. Raja Mukerji (ExtraHop) and Michael Daniel (Cyber Threat Alliance). For years, TI has relied on a reactive model: human analysts sifting through mountains of data to find static IOCs. But today’s adversaries have upgraded. What to expect on stage: ▪️ See how recent AI attacks exposed the fatal flaws in legacy TI. ▪️ Learn how to transition from reactive monitoring to proactive, AI-driven defense. ▪️ Hear directly from the leaders shaping the future of global threat sharing and network intelligence. Don’t let your defense become a relic. Register today 👉 xtra.li/4b6DFui

A recent breach of multiple Mexican government agencies has exposed 150GB of sensitive data, including taxpayer and voter records. What makes this case a watershed moment? It’s a masterclass in AI-accelerated intrusion. 🦾 Prompt Engineering as an Exploit: Attackers bypassed LLM guardrails by framing malicious requests as "bug bounty" research to generate thousands of attack plans. 💨 The Velocity Gap: The attack moved faster than analysts could reconstruct the evidence, leaving defenders in a reactive loop while data was being exfiltrated. 🔁 The Behavioral Shift: Because AI-driven attacks are designed to blend in, defense has to move away from static alerts and toward continuous network observation. More on the blog: xtra.li/40yO1OM

The group formerly known as BlackSuit has rebranded as "Chaos," and they’ve brought a more aggressive playbook with them. Key changes to their strategy include: 🔹 Attacking the hypervisor level to bypass security agents that only sit on individual VMs. 🔹 Gaining full control of identity systems to deactivate security software across the entire domain. 🔹 Using standard IT tools to move laterally, ensuring they look like a normal admin until the enterprise-wide lockout begins. Read the deep dive from the ExtraHop threat team: xtra.li/40u00Ny

Cybersecurity is a team sport and #RSAC2026 is our favorite time to huddle! This week is about more than just demos -- it’s about a knowledge exchange. We want to share the "ground truth" insights our team has uncovered this year and, more importantly, learn from the front-line experiences you’re living every day. Stop by the ExtraHop booth to: ✅ Grab some quality time with our threat hunting experts ✅ Debate the future of agentic AI and SOC automation ✅ See how we're helping the community reveal risks others miss We’re bringing our A-game to booth N-6245 and can't wait to see you there! xtra.li/40F9QvQ

💸 Is your AI strategy creating a security tax you can't afford to pay? 💸 While AI is solving old problems like manual debugging and documentation, it’s creating a new category of security debt: Rushed integrations, unpatched AI pipelines, and code that looks correct but lacks security context. Read the latest on the blog: xtra.li/4upVTzM

This just in: A deep dive into the 2026 Iranian cyber offensive reveals a sophisticated evolution in state-sponsored tactics amid rising regional tensions. Key TTPs to monitor right now: → Polymorphic AI malware: Rapid code iteration via GenAI to bypass standard EDR signatures. → Credential harvesting scans: Aggressive probing of public-facing apps for misconfigured entry points. → Persistent malware payloads: Targeted file drops into startup folders to ensure long-term host infection. Check out the latest threat intelligence here: xtra.li/4b1v4tZ

Is your autonomous defense built on a house of cards? Our own Heath Mullins pulls back the curtain on the industry's rush to the agentic SOC at RSAC 2026. If your foundational security data is messy, your agents will automate failure. Heath will dive into the dangers of automation bias and reveal the blueprint for "turbocharging" your SOC by fixing the data your AI feeds on. Session highlights: ▪️ Why agents create a false sense of security. ▪️ What’s truly at stake when data is incomplete. ▪️ How to clean your data to enable true autonomous defense. Don't miss it! Register now to catch Heath in two weeks in SF: xtra.li/4b6DFui

The biggest names in security are heading to San Francisco, and we want to see you there! An RSAC expo pass gets you into the heart of the action: 🛡️ Hundreds of vendors (including your favorite #NDR provider - US!) to see the tech in person. ⚡ Live demos and insights on the latest threat vectors. 🌐 Networking with thousands of peers across the industry. Don't pay full price at the door. Grab your pass for $0: xtra.li/4b6DFui

The most dangerous threat to your network isn't a loud, brute-force attack... it’s the one that looks exactly like your daily operations. We talk about AI for defense, but for adversaries, it’s a shortcut. It has drastically lowered the barrier to entry, giving them the speed and precision to: 👥 Mimic your users: Blending in with normal traffic patterns so detection tools stay silent. 👀 Weaponize "trusted" protocols: Turning standard tools like PowerShell and SMB into hidden tunnels for data theft. 💨 Scale at machine speed: Shortening the "breakout time" (the time it takes to move from a single laptop to your entire crown jewels) to under 30 minutes. We’re pulling back the curtain on the blog to show you the specific red flags your team needs to hunt for to stay ahead of the next strike.

Heading to RSAC 2026? Make booth N-5871 your first stop. The floor is buzzing with talk of the agentic SOC. But here is the reality: an AI agent is only as effective as the data fueling it. Without network data, agents are just making educated guesses. We'll be showing you how ExtraHop provides the high-fidelity telemetry that serves as the "eyes and ears" for your AI, ensuring your automation is built on facts -- not fragments. The ExtraHop edge: ◆ Ground truth: We capture the lateral movement and protocol details that other tools consistently miss. ◆ Precision: We provide the deep forensic context agents need to act decisively without hallucinating. ◆ Real-time velocity: We eliminate the guesswork with data that moves at the speed of the attack. Visit the ExtraHop booth to see the data foundation that actually makes the agentic SOC a reality. More details here: xtra.li/40F9QvQ

🚨 Threat alert: China-nexus threat group UNC5221 is exploiting firewalls and routers to gain administrative control over entire government and telecom networks. Here is why this group is uniquely dangerous: The "blind spot" strategy: They target edge infrastructure where traditional EDR agents simply cannot run. Living off the land: They stay under the radar by using legitimate system tools. BRICKSTEAL + BRICKSTORM combo: They install the BRICKSTEAL digital skimmer to capture admin credentials and then deploy BRICKSTORM to maintain their presence. More from the ExtraHop threat team on the blog: xtra.li/4s7jmns

In the time it takes to boil an egg, a threat actor was recently able to seize full administrative control of an AWS environment – all thanks to AI-driven automation. This isn't a future risk; it’s the new baseline for 2026. By weaponizing Large Language Models (LLMs), attackers have compressed sophisticated breach timelines from days into minutes, outpacing human response and legacy tools. Our team breaks down how: → AI was the accelerator: Turning a single stolen S3 credential into a total takeover in just 8 minutes. → AI was the target: Moving beyond data theft to "LLMjacking" – hijacking proprietary models and expensive GPU compute. → AI requires a new defense: Why basic hygiene and real-time behavioral monitoring are the only way to stop an intruder moving at machine speed. xtra.li/4aNCnEt

With a 22% adoption rate across organizations and a marketplace that exploded from 3,000 to 9,000+ "skills" in a single week, OpenClaw is the fastest-growing threat of 2026. Unlike standard chatbots that just suggest code, OpenClaw runs it. This "agentic loop" gives AI the autonomy to act without you – and hackers are already weaponizing it. 3 Ways OpenClaw is being weaponized today: 1️⃣ The "ClawHavoc" Supply Chain: 20% of the skills on the ClawHub marketplace are believed to be malicious. 2️⃣ The 1-Click RCE (CVE-2026-25253): A single malicious link can hijack your admin token, bypass the sandbox, and give an attacker full shell access to your machine. 3️⃣ Credential Theft: By bridging the gap between untrusted web content and sensitive vaults, OpenClaw "skills" create a "perfect storm" for data exfiltration by effectively eliminating the security boundaries protecting your master passwords, YubiKeys, and secret keys. The ExtraHop team breaks down the latest threat on the blog: xtra.li/3ME3DwP

Big news. Massive momentum. ExtraHop has officially arrived in Saudi Arabia. Following a 50% surge in new customers across the Middle East, we’re scaling faster than ever to deliver the world-class NDR the Kingdom’s market leaders demand. In collaboration with AstroLabs, we are deploying localized resources to secure the region’s most critical infrastructure. When the stakes are this high, "good enough" isn't an option. You need the definitive evidence only ExtraHop provides. 🛡️ Details here: xtra.li/4cviJ2k

✨ Our latest release turns the tables on attackers, giving SOC teams the speed to hunt and the power to hit back. We’re doubling down on the hardest threats to defend against: - Identity-based attacks: Close the gap on credential misuse - Kubernetes threats: Mitigate Kubernetes risks with full-stack visibility across hybrid environments - Encrypted evasive activity: Unmask hidden attackers in encrypted traffic 🔗 Learn more about what’s new in the ExtraHop #NDR platform: xtra.li/46b1YFK

The dust has settled from ExtraHop SKO 2026, but the momentum is still at full throttle 🚀 For us, the sky isn’t the limit... it’s the starting line. We’ve got the right crew and the perfect flight path for a massive year ahead. ExtraHop is going places. Are you coming with us?

🔥 Hot take: The "agentic SOC" is still more aspiration than reality. We call AI agents "autonomous," but they’re really just high-powered assistants. For most, accountability and judgment still rest with human analysts because agents lack the context to make the final call. Even the best AI can’t automate what it can’t see. When data is fragmented, agents are forced to guess instead of know. To move from assisting to acting, we need to revisit their inputs. More details: xtra.li/3ZFTanE

In financial services, the threat is everywhere and nowhere at once. Our new Global Threat Landscape Report: Financial Services Edition reveals that threat actors are becoming masters of disguise, blending into everyday traffic to stay undetected for longer. We’ve analyzed the data so you can stay ahead of the curve. Get your copy today to see: → Why ransomware costs are skyrocketing → The top tactics used by rising threat groups → How attackers are staying hidden longer xtra.li/4ag4OvH

🗞️ This just in: The next evolution of ExtraHop has arrived to power the agentic SOC. AI agents are quickly becoming part of daily security operations, but they only work with the right context. We’re closing the data gap, ensuring that as your SOC moves toward autonomy, it’s powered by the most complete network evidence available. What’s new: 🔹 Entra ID, Okta, and AD integrations: Get the "who and what" context agents need to act decisively 🔹 Kubernetes visibility: See what’s happening within your Kubernetes environments 🔹 ExtraHop Query Language (EQL): Query massive volumes of network telemetry to extract the exact context you need 🔗 More details: xtra.li/4aMeRbV