Vendors at RSA 2026 sold agentic SOC capability as the answer to alert overload. The pricing model underneath, metered tokens against enterprise data volumes, was never on the keynote agenda. The organizations the affordability gap actually threatens are the ones not in the room.
Read ArticleResearch Published In
What we cover
Weekly briefs on what attackers are actually doing, with named campaigns and real CVEs.
Browse →How agentic systems and language models change the attack surface, with research-grade analysis.
Browse →Strategic essays for CISOs and security leaders on resilience, policy, and tradecraft.
Browse →Where capital, risk, and adversary behavior intersect; weekly market signals from the threat layer.
Browse →Start here
Why a single seven-day window captured both Anthropic's strongest move and its hardest day, and what that says about the industry's adolescence.
Read → Threat IntelligenceA diagnostic on whether classic hacktivism is actually fading or simply rebranding into something harder to attribute.
Read → Human FactorsA behavioral framework for weaponizing cognitive biases in defense, turning the attacker's playbook against them.
Read →Latest Research
AI-assisted social engineering has eliminated the imperfection signals that detection tooling was built to find. The residual signal lives in behavior, not content. The vendors built for content scanning cannot pivot, and the gap is where the next significant security company gets built.
M-Trends 2026 shows the median time between initial access and downstream handoff dropped to 22 seconds. That number is not primarily a detection challenge. It is an epistemological one. The 'threat actor' as an analytical unit is becoming structurally incoherent, and attribution methodology has not caught up.
The SANS panel at RSA 2026 named irresponsible AI adoption as one of the five most dangerous new attack techniques. When an agentic security system makes the wrong call, the accountability does not dissolve into the architecture. It migrates to a person. That person is you.
The economic case for DLP rested on a stable ratio between attacker cost per exfiltration event and defender cost per prevented event. Six weeks of pipeline data show that ratio fully inverted. Large language models collapsed attacker cost to a prompt; defender cost has not moved. DLP programs that have not restructured their architecture are now structurally underwater, and five independent exfiltration channels are the evidence.
When agents triage 200 alerts and surface five, the analyst's job is no longer processing signals. It is judging whether the system processing them was sound. That judgment, model intuition, is the difference between an output that looks right and one that is structurally right. Without it, agentic SOCs scale the wrong answers as efficiently as the right ones.
Three AI middleware vulnerabilities (LiteLLM, LeRobot, Entra Agent ID) hit the same architectural layer in the same week, all pre-auth or unauthenticated, with one being exploited thirty-six hours after disclosure. The seams of the AI stack are shipping faster than security teams can map them, and middleware that earns trust through utility is becoming the next high-value target.
Weekly Intelligence
Curated threat intelligence through a behavioral lens
When a vulnerability transmits your database credentials to a third-party endpoint by design and scores CVSS 3.1, the problem is not the vulnerability, it is the triage system that will deprioritize it.
Read Briefing
Security