Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has released its first five-year strategic plan, following the broader national cybersecurity strategy. It’s coming at a time when the energy cybersecurity landscape is changing quickly, in some cases faster than operators can realistically keep up.

Anthropic's Claude Mythos has demonstrated that AI can be leveraged to identify vulnerabilities and develop exploits faster than ever. Here is what that means for how you defend.

Staying ahead of sophisticated attackers requires a security platform that evolves at the speed of the threat landscape. Today’s attackers are AI-enabled, increasing the number of attacks and targeting vulnerabilities more quickly than ever. That's why we are excited to announce the Corelight Sensor v.29 release, a significant step forward in our mission to provide critical detections backed by the world's best network evidence.

For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house with missing pieces and a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with inefficient investigations, alert fatigue, and the non-stop guessing game of prioritizing threats. That’s why we’re excited about our latest integration with Microsoft Security that we hope will help address these persistently common challenges.

From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR.

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.

When geopolitical tensions rise, cybersecurity quickly becomes part of the public conversation. Government agencies issue warnings. Security teams increase monitoring. Headlines start asking which organizations could become targets if cyber operations escalate alongside physical conflict. But geopolitical conflict does not suddenly create cyber risk. What it does increase is the likelihood that existing weaknesses will be tested and pre-existing risks could be exposed.

Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.

With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.