Orca Security

#RSAC26 is going to be packed, but make room for this one at the CSA Summit. Our Field CISO Tim Chase is joining some of the sharpest minds in security for a panel on the most important conversations in the industry. Grab your spot and join us: events.zoom.us/ev/Avv1je_hEuf…

Introducing the Orca Agentic Cloud Security Platform! AI agents that investigate threats, triage alerts, and take action automatically, so your security team can focus on higher-impact work. orca.security/resources/blog…

Big things are coming to #RSAC26 👀 We're pulling back the curtain on four major Orca Platform announcements, from agentic AI to real-time AI usage detection to a smarter way to manage remediation. Read the full breakdown here: orca.security/resources/blog…

We'd tell you… but we can't. 🤐 What we 𝘤𝘢𝘯 say is something big is coming and you'll want to be paying attention. Stay tuned 👀

🚨 Our Research Pod uncovered three critical vulns in SGLang, two score 9.8 and allow unauthenticated RCE with zero credentials required. No patch available yet. Read now: orca.security/resources/blog…

We've signed a Strategic Collaboration Agreement with @awscloud.🚀 Joint customers get deeper cloud visibility, faster AI-assisted remediation, and security embedded directly into cloud workflows, at scale. Read the full announcement 👇 orca.security/resources/pres…

We're coming in to #RSAC2026 at Mach speed. 🚀 Catch us at Booth S-1035, grab a coffee at the Orca Outdoor Café, see a live demo with @Zscaler, or book a 1:1 with our team. There's a lot going on. Full details in the blog 👇 orca.security/resources/blog…

Rachel Nislick is joining Orca as our new CMO! With 25+ years of cybersecurity marketing experience, Rachel will lead our global strategy as we accelerate growth and advance our AI-powered cloud security platform. Welcome to the Pod, Rachel! Read more: orca.security/resources/pres…

#RSAC2026 is almost here! Meet with our exec team at The W, right across from Moscone Center. We’ll show you what cloud-wide, workload-deep security looks like without the coverage gaps and alert fatigue. 🗓️ Request your meeting now: try.orca.security/RSA2026.html

🚨 HackerBot-Claw is targeting misconfigured GitHub Actions workflows to steal tokens and take over repositories, and it's fully automated. Our team broke down the full attack chain 👇 orca.security/resources/blog…

Attackers no longer need your network to move laterally. In 2026, AI workflows may become a new pivot layer. Introducing AILM: AI-Induced Lateral Movement. Plant a prompt injection. Let the AI do the rest. Latest from the Orca Research Pod 👇 orca.security/resources/blog…

AI isn't adjacent to AppSec anymore, it's embedded in it. But testing is still just observation. Without cloud context, knowing a vulnerability exists and knowing its real impact are two different things. Read our latest take: orca.security/resources/blog…

🚨A high-severity vulnerability (CVE-2026-2441, CVSS pending vendor confirmation) has been disclosed in Google Chrome and the Chromium engine, allowing attackers to execute arbitrary code via malicious web content. 👉 How Orca can help: orca.security/resources/blog…

Most AppSec programs fail, not because of bad tools, but because they skip the foundation. 🔐 The winning formula? People → Process → Technology. Learn how to build an AppSec program that actually sticks: orca.security/resources/blog…

🚨 CRITICAL ALERT: CVE-2026-1731 BeyondTrust RS & PRA is being actively exploited, no credentials, no user interaction required. A single crafted WebSocket message gives attackers full RCE and access to your entire credential vault. Remediation steps: orca.security/resources/blog…

We forced GitHub to prompt-inject itself. It allowed us to control Copilot's responses and exfiltrate Codespaces' GITHUB_TOKEN. The result? A full repository takeover. We break it down in our latest research: orca.security/resources/blog…

Your old security playbook won't work in the AI era. If engineers are moving faster than ever, your attack surface is growing orders of magnitude faster than your security team. Orca CEO Gil Geron explores what CISOs need to do differently. orca.security/resources/blog…

🔒 What if security tickets were fixed in your IDE in minutes, not hours? Orca MCP brings security expertise directly to developers, no context switching, no friction. One simple prompt replaces an entire workflow. Read Part 2 of our MCP series → orca.security/resources/blog…

As federal agencies accelerate AI adoption under America's AI Action Plan, cloud security becomes critical. Join us & @Carahsoft to explore cloud-native defense for multi-cloud environments. Register here: carahevents.carahsoft.com/Event/Register…

Your security team isn't your bottleneck: your tools are. In this blog, we explore how leading organizations are proving high-velocity engineering and robust security are force multipliers. How? Context-aware prioritization. Read more here: orca.security/resources/blog…