SOCRadar Unbundles Security with AI Agents to Fight Identity Attacks

SAN FRANCISCO, CA – March 23, 2026 – At the RSA Conference 2026 today, cybersecurity firm SOCRadar announced a significant strategic pivot aimed at confronting the escalating crisis of identity-driven cyberattacks. The company unveiled two major initiatives: a novel AI Agent Marketplace and a powerful suite of Identity and Access Intelligence capabilities integrated into its Extended Threat Intelligence (XTI) Platform. The move signals a direct challenge to traditional, monolithic security software, offering organizations a more modular, precise, and automated way to defend against modern threats that increasingly bypass conventional defenses.

Identity Under Siege: The New Digital Battlefield

The core driver behind SOCRadar's latest offerings is a stark reality: identity has become the primary frontier for cyber warfare. “Identity has become the new attack surface. Threat actors no longer need malware when stolen credentials and session cookies can open the door to an entire organization,” said Huzeyfe Onal, CEO of SOCRadar, in a statement that encapsulates the industry's shifting threat landscape.

This shift is heavily supported by data. According to IBM, a staggering 388 million credentials were compromised in 2025 from just ten top online platforms. This flood of stolen data fuels a criminal ecosystem where identity-based attacks are surging. Industry reports confirm that data breaches have skyrocketed by 475% over the past decade, culminating in a global average cost of $4.4 million per incident in 2025. Breaches originating from stolen credentials are not only common but also costly and time-consuming, often lingering undetected for an average of 11 months.

SOCRadar's new Identity and Access Intelligence capabilities are engineered to address this gaping vulnerability by bridging the gap between an organization's internal security posture and its external exposure. The system is designed to illuminate critical “blind spots” where credentials and user data are exposed, such as on dark web marketplaces, within third-party SaaS application leaks, and across public collaboration platforms. By proactively monitoring these external sources, the platform aims to give security teams the foresight needed to act before a compromised credential is used to breach their network.

A Modular Revolution Against Monolithic Platforms

Beyond addressing the identity threat, SOCRadar is making a bold statement about the future of cybersecurity software delivery with its AI Agent Marketplace. This integrated hub allows security teams to browse, purchase, and deploy specialized, autonomous AI agents tailored for specific tasks like phishing detection, brand abuse protection, or dark web monitoring.

This “unbundling” of the security platform represents a deliberate departure from the legacy 'all-in-one' model that has long dominated the industry. “The era of the 'all-in-one' cybersecurity platform is over,” Onal stated. “Traditional SaaS models force security teams into rigid licensing architectures where they pay for bulk features they never use and wait months for custom development to align the tools with their requirements. SOCRadar is disrupting this cycle.”

The marketplace model promises a more agile, cost-effective, and precision-led approach. Organizations are liberated from feature bloat, enabling them to construct a customized defense matrix that perfectly aligns with their unique risk profile and operational workflows. The first agent to debut in this marketplace is the Identity & Access Threat Intelligence AI Agent, which directly supports the new identity intelligence features by analyzing the files and artifacts from compromised machines.

AI Delivers Actionable Intelligence, Not Just Data

While 'AI' has become a ubiquitous buzzword, SOCRadar's implementation focuses on delivering practical, tangible value to overburdened security analysts. The new capabilities are designed to transform raw threat data into clear, actionable security narratives, automating the complex analysis that often consumes significant time and resources.

One of the most powerful features is Attack Flow Visualization, which reconstructs the entire infection path of a compromise. Analysts can see the stealer malware involved, its origin, and exactly what data was exfiltrated. This is complemented by granular features like File Insights, which provides an interactive snapshot of a compromised endpoint, and Cookie Analysis, which allows analysts to inspect stolen session cookies and assess their potential for abuse.

The platform’s AI-Powered Analysis engine serves as a force multiplier for security teams. It provides natural language summaries of an incident's severity, highlights the most critical risks, identifies exposed identities, and—most importantly—recommends specific remediation actions. This allows security personnel to understand not just that credentials were leaked, but which systems they unlock, how they could facilitate lateral movement, and what steps to take immediately to mitigate the risk.

Navigating a Crowded Threat Intelligence Landscape

SOCRadar enters a competitive field of Extended Threat Intelligence (XTI) and Digital Risk Protection (DRP) providers. Many vendors offer services to monitor the dark web for leaked credentials. However, SOCRadar's approach aims to provide a deeper layer of context that sets it apart.

Instead of simply flagging a leaked email and password combination, its platform is built to analyze the associated data from the compromised device itself. By examining stolen session cookies, system files, and browser data collected by infostealer malware, the system provides crucial context about the user, their access privileges, and the specific applications at risk. This focus on reconstructing the compromise event and delivering AI-driven remediation guidance moves the needle from simple threat alerting to genuine, actionable intelligence.

As threat actors continue to innovate, leveraging stolen identities to bypass multi-factor authentication and other defenses, the demand for this level of deep-context intelligence is set to grow. SOCRadar's dual launch of a flexible deployment model and a sophisticated identity intelligence engine positions it to address the core operational and technical challenges facing modern security operations centers.