Everyone's racing to put AI agents on the front lines of security defense. Far fewer people are talking about what those agents actually need to do the job well.
To make fast, accurate decisions, an autonomous agent needs the full picture of what's happening across your network.
The instinct often is to give it everything: raw packet captures, unfiltered logs, the works.
That backfires immediately.
Raw data overwhelms token budgets, saturates context windows, and buries signal in noise. Instead of reasoning at machine speed, the agent slows down, gets less accurate, and makes worse calls.
The fix isn't less data. It's better-structured data.
When raw network telemetry is transformed into structured, pre-enriched context before it ever reaches the model, agents get a foundation they can actually reason over — accurately, efficiently, and at the speed the threat demands.
That's the difference between an AI agent that defends your network and one that drowns in it 👉 https://t.co/gWKkcDkPTd
⭐️⭐️⭐️⭐️⭐️ Engineer in the Education Industry gives RevealX 5/5 Rating in Gartner Peer Insights™ Network Detection and Response Market.
Read the full review here: https://t.co/UDjreKIkB0
Is AI actually making your security team’s job harder?
In the mad dash to adopt AI, we were promised enhanced security and instant relief for burnt-out analysts.
Instead, our newly released 2026 Global Threat Landscape Report found that AI-generated alerts led to false positives that negatively impacted investigations nearly 30% of the time.
Meanwhile, the data found that attackers are actively using the AI boom to their advantage.
➡️ 55% of respondents cited AI agents and generative AI as their riskiest attack surface.
➡️ 40% identified AI-enhanced external attacks as the primary source of security incidents, data exposures, or near-misses over the last year.
➡️ And another 38% pointed to compromised AI identity or session theft.
We broke down the full findings from the 2026 Global Threat Landscape Report to help you cut through the noise and recalibrate your defense strategy: https://t.co/AsjS7H6Uss
Recent high-profile breaches are following a highly repeatable playbook that starts deep inside the Kubernetes (K8s) cluster.
Because workloads, identities, and control planes converge onto a single operational layer, a single container exploit can quickly serve as a strategic bridge into your broader cloud IAM, storage, and critical backend systems.
In our latest blog, ExtraHop Chief Evangelist Heath Mullins breaks down the real-world architectural challenges that security teams are actively battling.
⚠️ Stolen Service Account Tokens: A minor application exploit exposes identity tokens, turning a compromised app into a trusted tool for running unauthorized administrative commands.
⚠️ Excessive Permissions: Accounts are given more access than they actually need, giving attackers the ability to easily jump across security boundaries and plant silent backdoors.
⚠️ Camouflaged Traffic: Malicious API commands blend perfectly into high-volume administrative noise, leaving static, log-based tools completely blind.
Read the full breakdown of these real-world attack paths and how to strengthen your cluster defenses: https://t.co/S0m4WBSrKB
🏆 ExtraHop just won AI-based Cybersecurity Solution of the Year at the AI Breakthrough Awards for the second year in a row, and we're doing a little victory lap.
Here's why.
In the post-mythos era, attacks move at machine speed. The thing that hurts security teams most isn't spotting the threat, it's the clock. Every minute spent guessing is a minute the attacker keeps moving.
So we built our AI to close the gap.
The ExtraHop RevealX NDR platform is powered by cloud-scale machine learning that analyzes network activity across the entire connected enterprise in real time, learns what normal looks like, and decrypts the traffic attackers hide in, catching the behavioral anomalies that signal a threat the moment they happen instead of weeks later in a breach report.
We keep security teams ahead with:
▪️ Triage that instantly separates the real threat from the noise
▪️ Investigations that auto-assemble the full attack story instead of making analysts piece it together
▪️ An AI search assistant that turns a threat hunt into a single question and an instant answer.
That shift shows up in the numbers.
In a recent study, customers using ExtraHop cut investigation times by 63%.
See the rest of the findings here: https://t.co/RyEnSb4d5m
🚨 JUST RELEASED: The 2026 ExtraHop Global Threat Landscape Report is out now!
Attackers and defenders are now reaching for the same weapon: AI. The difference? Attackers are using it better.
❓ We asked 1,800+ security and IT leaders worldwide where the real risk lives now. Their answers mark a turning point.
⏵ AI agents and gen AI apps are the #1 cybersecurity risk, outranking public cloud and every legacy attack surface.
⏵ 40% were hit by AI-enhanced attacks automating recon, phishing, and lateral movement at machine speed.
⏵ 38% had AI identities or sessions hijacked.
💸 The cost of falling behind? Attackers are hiding longer and hitting harder.
⏵ Dwell time has increased YoY -- up to 2.4 weeks.
⏵ Almost half of respondents didn't catch ransomware until the data was already gone.
And the AI rushing into the SOC to fix all of this? It's not as effective as you may think.
Get the details here: https://t.co/Y5NFmgbbPW
A government order can take your AI model offline overnight. It can't make your enterprise secure.
That's the real lesson in the suspension of two Anthropic frontier models this month. Regulators didn't fix the flaw that triggered it...
They exposed how little stands between a jailbroken model and your environment.
And the flaw isn't Anthropic's alone. It's how LLMs work.
Front-end filters bend to the right phrasing. "Graceful degradation" doesn't stop a threat, it reroutes it to another capable model. And an agent, once compromised, can just keep going.
So the question isn't "which vendor's guardrails can I trust?" It's "what holds when those guardrails fail?"
Jamie Moles breaks it down on the blog: https://t.co/GkplGzQ0mY
🚗 Think of AI in the SOC like self-driving cars.
Most security teams are currently using AI copilots. This is Level 1 autonomy, like cruise control. The AI assists by summarizing alerts and writing queries, but a human driver still has their hands firmly on the wheel to validate and execute every action.
The shift to an agentic SOC represents true autonomous driving. Here, AI agents are given the keys to independently chain tasks together and execute multi-step workflows at machine speed.
But scaling defenses requires a rock-solid foundation. If your data architecture forces AI to make probabilistic guesses instead of evidence-based decisions, autonomy becomes a liability.
Is your organization ready for autonomous agents? Check out our latest blog for:
▪️ The real difference between AI assistants and autonomous agents
▪️ The critical data flaw that triggers costly AI hallucinations
▪️How to safely automate defenses at machine speed
🔗 https://t.co/K5kP1uijA0
⭐️⭐️⭐️⭐️⭐️ IT Security & Risk Management Associate in the Services (non-Government) Industry gives RevealX 5/5 Rating in Gartner Peer Insights™ Network Detection and Response Market.
Read the full review here: https://t.co/U6sJ0RZx4x
As security teams race to adopt AI in the SOC, one truth remains absolute: AI is only as smart as the data you feed it.
That’s where network context comes in.
⭐️ What is network context?
It’s the ground truth of your enterprise. It’s not just knowing that IP Address A talked to IP Address B. It’s the deep, behavioral understanding of the transaction:
→ What protocol was used?
→ What data was exchanged?
→ Is this behavior normal?
→ What identity was behind it?
→ How does this interact with the rest of the environment?
⭐️ Network context is critical for the agentic SOC.
Without deep context, AI agents fill in the blanks with assumptions. Network context transforms AI from a guessing tool into a precision weapon.
▪️ Fewer false positives: Eliminates AI hallucinations with high-fidelity insights.
▪️ Better detection: Spots stealthy behavioral anomalies that bypass standard logs.
▪️ Faster resolution: Stitches together entire attack timelines in seconds for instant root-cause analysis.
Discover how ExtraHop delivers the real-time network context required to fuel the future of AI-driven security 👉 https://t.co/XZz1hjquo7
We stripped out security data to save our analysts from burnout. Now, it’s crippling our AI.
For years, security teams have aggressively suppressed "noisy" background telemetry. It was a necessary survival tactic. Human capacity is finite, and shielding analysts from alert fatigue and burnout was the priority.
But as we pivot to the agentic SOC, this strategy backfires.
AI agents don't get fatigued, and they don't suffer from cognitive overload. They thrive on the baseline noise humans hate.
When we slice up our data streams to keep human workloads manageable, we inadvertently starve our LLMs of the context they need to operate autonomously.
By stripping away the background data, we force AI agents to:
➡️ Rely on guesswork
➡️ Waste capacity
➡️ Keep humans in the loop
True autonomy requires feeding the machine the whole story, not just the highly edited highlights.
Read our latest breakdown on how filtering your data caps your AI’s performance ceiling: https://t.co/LM2URiJT3y
🆕 Threat deep dive: How the Interlock ransomware group evades detection
Key evasion and attack tactics include:
▪️ Memory-Resident Webshells: Dropping Java class files directly into memory on vulnerable Cisco Secure FMC devices to intercept commands and completely evade traditional antivirus disk scans.
▪️ Hotta Killer: Deploying a custom defense-evasion utility designed to blind security tools before their ransomware encryptors are ever launched.
▪️ Advanced Proxying: Configuring compromised Linux servers with HAProxy to obscure data exfiltration, while using cron jobs to automatically wipe system logs every 5 minutes.
Get the full attack chain breakdown on the ExtraHop blog 🔗 https://t.co/6noPmKKlrS
As organizations rush to scale AI into production, Kubernetes (K8s) is the go-to orchestration platform. But is your AI infrastructure secure?
The very features that make Kubernetes so powerful -- distributed clusters, rapid workload scaling, and encrypted traffic -- are creating critical blind spots that threat actors are actively exploiting.
If you want to protect your proprietary models and datasets, you need to know the 3 major opportunities attackers look for to compromise K8s clusters:
1️⃣ Limited workload visibility that makes it easier to hide malicious lateral movement
2️⃣ Supply chain vulnerabilities that can lead to host-level takeovers
3️⃣ Decentralized data that can cause delayed incident response
ExtraHop's Heath Mullins breaks down how attackers exploit these flaws, providing actionable insights so your security team is ready to defend your infrastructure and confidently scale your AI initiatives 👉 https://t.co/J5NGsf7iH8
Unlike static applications, AI introduces dynamic, unpredictable risks, like autonomous agents operating with unchecked privileges and prompt injections bypassing standard firewalls.
To close these governance gaps, security teams need a sharper framework:
1️⃣ Track: Establish continuous visibility into every LLM and agent.
2️⃣ Monitor: Shift to behavioral analysis to spot anomalous AI actions in real-time.
3️⃣ Enforce: Move from static, written policies to active network enforcement.
If you are trying to build out an oversight architecture for your organization's AI, here is a practical breakdown of how to close those gaps: https://t.co/cyyAg2rfnk
Coming up: CrowdStrike and ExtraHop team up for "5 Requirements for a Modern SOC" and you're invited!
Join us Thursday, June 11, where we'll teach you how to:
💥 Outpace rapidly evolving threat actors
🛠️ Fix the visibility & burnout challenges crippling modern SOCs
🚀 Smart-charge your defense by putting AI to work
Register today: https://t.co/YiKJhMYaHe
Siloed cybersecurity tools are no match for sophisticated adversaries. In a complex attack landscape, real success requires an interconnected ecosystem.
This reality was put to the test on a global stage at NATO Locked Shields 2026, the world’s largest, most prestigious, and most complex live-fire cyber defense exercise.
We are incredibly proud to share that the ExtraHop NDR platform was chosen play a critical role in this mission, providing the foundational network intelligence required to power the Joint Cyber Defense Stack against massive, coordinated nation-state simulations.
In our latest blog, Sarah Cleveland breaks down what an operation of this unprecedented scale proved about modern cyber defense:
🤝 Orchestrating a Unified Front: Success depends on a layered framework where network detection, asset visibility, and malware analysis work in concert to close operational gaps before adversaries can exploit them.
🎯 The Power of Network Ground Truth: An integrated defense stack only functions if you have immediate, real-time network intelligence to capture threats in motion and seamlessly trigger the rest of your security infrastructure.
⚡ Cutting Through Live-Fire Noise: Unified decryption combined with live-fire PCAP analysis gives defenders the definitive tactical advantage needed to outpace advanced threat actors.
Read Sarah’s full breakdown from the front lines of NATO Locked Shields 2026: https://t.co/qiBXanvG9A
🚀 Big news! We're expanding our partnership with Ignition into North America!
After seeing incredible success collaborating across EMEA and APJ, we are thrilled to bring this momentum across the Atlantic to drive innovation for the agentic SOC.
As security teams increasingly pivot to AI-powered defenses, high-fidelity network telemetry is everything.
Poor data sidelines AI models, but ExtraHop's modern NDR platform decrypts and decodes network traffic in real-time and at scale, providing the foundational context that autonomous security operations need to act with machine-speed precision.
Through this expanded partnership with Ignition (an Exclusive Networks company), we are bringing these powerful capabilities to North American enterprises, eliminating critical visibility gaps, and restoring the advantage to the defender.
🔗 Learn more: https://t.co/YJ6cPsQYI6
What does it take to run a modern, enterprise-grade #NDR platform?
It requires an architectural foundation built for both deep visibility and advanced security automation.
Look for capabilities like...
🔹 Full-stack intelligence & rich network context: Deep analysis across the entire network layer, including encrypted traffic and complex protocols, lets you see every user, device, and workload to provide the high-fidelity ground truth needed to fuel an agentic SOC.
🔹 Enterprise scale: Massive engineering capacity supporting high-throughput hybrid environments up to 400 Gbps ensures your team never drops packets or misses critical behaviors.
🔹 Tool consolidation: A single, consolidated pipeline unifying NDR, network performance monitoring, and packet forensics eliminates visibility gaps and operational overhead.
We believe these core strengths are a major reason why ExtraHop was named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response once again.
Read our co-founder Raja Mukerji’s full breakdown here: https://t.co/vBRzC85ulk
❌ Stop managing alerts. ✅ Start solving incidents.
If your security team is spending more time correlating data than actually stopping threats, it’s time to pivot to an evidence-first approach.
We are teaming up with Zscaler for an exclusive webinar on how to build an actionable, high-fidelity security framework.
If you're looking to elevate your hybrid environment's defenses with robust SSE visibility and airtight Zero Trust enforcement, this one is for you.
We’ll teach you how to:
👤 Accelerate threat investigations with deep, identity-first context
🔍 Validate incidents instantly with packet-level ground truth
🛡️ Supercharge response speed and drastically level up your team's detection confidence
⏳ Reclaim lost hours by reducing manual correlation
Secure your spot here: https://t.co/4AS2aD2R2Z
As threats evolve, your SOC needs to keep pace. Is your team ready?
Join experts from CrowdStrike and ExtraHop for our upcoming webinar, "5 Requirements for a Modern SOC," where we’ll dive into:
▪️ How attackers have modernized their playbook (and why old defenses are failing)
▪️ Navigating the burnout, alert fatigue, and visibility gaps stalling today’s security teams
▪️ Practical ways to weaponize AI to cut through the noise and accelerate your response time
🗓 Date: Thursday, June 11, 2026
⏰ Time: 10am PT/1pm ET
📍 Register: https://t.co/YiKJhMYaHe