Sunnyvale, CA, USA
2014
  |  By Stacey Nosan
The emergence of the CRINK axis—a coordinated cyber-threat nexus comprised of China, Russia, Iran, and North Korea—has dramatically impacted the 2026 global risk landscape. As these nation-states utilize AI-driven scale and living-off-the-land (LOTL) tactics to target critical infrastructure, SafeBreach’s new content series provides essential intelligence on their evolving motivations and methods.
  |  By SafeBreach
Dirty Frag (comprising CVE-2026-43284 and CVE-2026-43500) is a high-impact Linux kernel vulnerability chain that enables deterministic, reliable local privilege escalation (LPE) to root across major enterprise distributions. Unlike previous race-condition exploits, this logic flaw in the IPsec ESP and RxRPC subsystems offers a near 100% success rate, allowing attackers to escalate from a minor foothold to full system control without triggering typical kernel panics.
  |  By Uzi Galili
CVE-2026-31431— the “Copy Fail” vulnerability—is a critical local privilege escalation (LPE) flaw in the Linux kernel’s cryptographic subsystem that allows unprivileged users to gain root access with near-perfect reliability. Boasting a CVSS score of 7.8 and affecting nearly every mainstream distribution since 2017 (including Ubuntu, RHEL, and Amazon Linux), Copy Fail has been added to the CISA KEV catalog due to its active exploitation and portable, low-footprint nature.
  |  By SafeBreach
SafeBreach Helm is a pioneering AI agent designed to operationalize the complete Continuous Threat Exposure Management (CTEM) lifecycle by unifying SafeBreach’s industry-leading adversarial exposure validation (AEV) capabilities with data and insights from across an organization’s existing security ecosystem.
  |  By Yossi Attas
In the fifth installment of SafeBreach’s AI-First series, VP of Development Yossi Attas explores how the development team’s AI-First philosophy is being extended to the customer frontier and improved upon through the Anti-Hallucination Protocol.
  |  By Yossi Attas
In the fourth installment of SafeBreach’s AI-First evolution series, VP of Development Yossi Attas and Principal Software Design Engineer Guy Ephraim explore how test-driven development (TDD) serves as the essential “safety net” for high-speed AI code generation.
  |  By Yossi Attas
In the third installment of SafeBreach’s AI-First development series, VP of Development Yossi Attas explores the resurgence of the Product Requirements Document (PRD) as the foundational “control surface” for AI-assisted engineering.
  |  By Tova Dvorin
SafeBreach Senior Product Marketing Manager Tova Dvorin explores the critical necessity of continuous validation in Zero Trust architectures, specifically focusing on the integration of SafeBreach and Akamai Guardicore. While microsegmentation is a foundational element in the defense against lateral movement and ransomware propagation, dynamic infrastructure and policy drift often create “blind spots” that compromise security posture.
  |  By Yossi Attas
In this second installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas details a structured operational workflow that integrates Jira, BitBucket, and Claude Code to turn AI usage from ad-hoc prompting into a rigorous engineering methodology.
  |  By Uzi Galili
The new SafeBreach extension for VS Code integrates Breach Studio’s powerful custom attack development capabilities directly into the world’s most popular IDE to enable security teams to engineer custom attack simulations with unprecedented speed and precision. Security engineers can leverage Git-native version control, AI-assisted authoring, and real-time IntelliSense linting to eliminate friction and reduce failed executions.
  |  By SafeBreach
The Five Eyes just put a number on something most security teams haven't priced in: AI is shrinking the gap between "vulnerability" and "actively exploited" faster than patch cycles can keep up. Adrian Culley and Tova Dvorin explain why CVSS scores alone can't tell you what's actually reachable in your environment — and why attack path validation is becoming the only way to know.
  |  By SafeBreach
On June 22, 2026, the heads of all six Five Eyes cyber agencies—GCHQ, CISA, the NSA, ASD, the Canadian Centre, and New Zealand's GCSB—signed a rare joint statement: AI has rewritten the cyber risk timeline, and it's months, not years. Host Tova Dvorin and offensive security expert Adrian Culley unpack why AI is collapsing the window between vulnerability and exploit, why "having controls" isn't the same as proven controls, and why legacy systems are now strategic liabilities for the board, not the IT team. A clear-eyed look at validation, assumed breach, and what CISOs should do Monday morning.
  |  By SafeBreach
The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.
  |  By SafeBreach
Take Command of Risk: Operationalizing CTEM with SafeBreach Helm AI has fundamentally changed the threat landscape. Adversaries are weaponizing vulnerabilities in hours—not weeks—while security teams are expected to defend increasingly complex environments with dozens of disconnected tools.
  |  By SafeBreach
Every CISO is asking it: now that frontier models like Claude Mythos and ChatGPT 5.5 have real offensive cyber capability, are zero days surging? Host Tova Dvorin and SafeBreach offensive engineer Adrian Culley dig into the mid-2026 data—GTIG, Mandiant M-Trends, Rapid7, AISI—and find the curve moved in shape, not volume. Inside: the two AI "firsts" (Big Sleep and a 2FA-bypass exploit), why commercial spyware explains the rebound, the negative-seven-day time-to-exploit, and why defender deployment is the real bottleneck.
  |  By SafeBreach
An AI agent orchestrated a fully automated offensive campaign across 648 firewalls in 55 countries — credential harvesting, network recon, lateral movement, no human operator driving it. That's Cyberstrike AI, March 2025. Not a lab demo. A working operation in the wild. Then in February, a separate incident: a coding agent — not deployed for offense — hit an authentication barrier, found an alternate path to root, and took it. Emergent offensive behavior from a model that wasn't asked to attack.
  |  By SafeBreach
In this episode of the Cyber Resilience Brief, we discuss how the offensive cyber landscape has dramatically shifted with the release of Anthropic's Claude Mythos and OpenAI's ChatGPT 5.5. Every CISO must understand the implications of these advancements on cybersecurity strategies. Key takeaways: Timestamps: What's your biggest challenge with adapting to these new AI capabilities?
  |  By SafeBreach
AI-assisted exploit generation has compressed the CVE-to-weaponization window from weeks to hours. Patch programs built for 15–30 day cycles are structurally mismatched to that reality—and attackers are already operating inside the gap. The only viable response: architect for assumed compromise, map unpatched paths, and validate that compensating controls are actually firing.
  |  By SafeBreach
Most organizations have no idea how many MCP servers are running in their environment—and attackers are counting on that. In this clip, Adrian Culley breaks down the exact steps security teams need to take now: run the network scan, apply stringent code review to every MCP server project you find, and mandate authentication. Authorization may be optional in the MCP spec—but it doesn't have to be optional in your deployment.
  |  By SafeBreach
In a multi-agent AI workflow, one agent's output becomes the next agent's input. That's the design. It's also the attack surface. Researchers have demonstrated that a single poisoned output can cascade across an entire pipeline — triggering unauthorized behavior, data exfiltration, and control flow hijacking across chained MCP processes. The attack class is called toxic flows. And every one of them passes classical zero trust checks.
  |  By SafeBreach
Today's CISOs and security teams must constantly validate security controls to identify gaps, remediate misconfigurations, and optimize performance against a rapidly increasing threat landscape. Breach and attack simulation (BAS) solutions-designed to continuously test the effectiveness of security controls and identify potential vulnerabilities-have emerged as a powerful tool to help organizations navigate this new reality. But not all BAS platforms are created equal.
  |  By SafeBreach
The mission of today's security teams is clear: protect the company from emerging cyber threats. What's less clear is how to ensure stakeholders understand the impact of their programs. Traditional security reporting focuses on threats and vulnerabilities and how many were stopped and prevented, but non-technical stakeholders-who are concerned with the business's bottom line and how these threats can impact business continuity-need to know how these activities translate to tangible business values. As risk is tied to revenue, security teams need a simple way to understand and share the real efficacy of their programs with their stakeholders.
  |  By SafeBreach
There are a number of security validation methods available on the market today, but each has different uses and functions. And, not all of them are appropriate in every IT environment. As a result, many organizations waste time and resources on technologies or approaches that may work well for others, but aren't a good fit for their specific use case.
  |  By SafeBreach
Starting a red-team program but not sure where to begin? Looking to improve your existing red-team operation? Before getting too far in the cyber weeds, go back to the basics with "The Fundamentals of Modern Cybersecurity Red Teaming."
  |  By SafeBreach
2022 saw a dramatic increase in the prevalence, severity, and impact of cyberattacks, presenting a striking new reality for CISOs and their security teams. They were-and continue to be-in a constant race against time to improve security and performance.
  |  By SafeBreach
Modern SOCs are complex environments with dozens of tools, overlapping teams, and a constantly growing attack surface to protect. To combat these challenges and keep up with the rapidly evolving threat landscape, security leaders must constantly strive to improve SOC efficiency and keep team members engaged.

Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the pioneer in breach-and-attack simulation (BAS) and is the most widely used platform for continuous security validation. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts.

With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.

Unleash the power of your security controls to drive down risk.

  • Attack with Purpose: Execute real-world attacks safely and continuously to identify what your security controls will prevent, detect, or miss.
  • Analyze with Real-Time Data: Gain a quantitative view of your security posture by visualizing security-control performance data that’s not available anywhere else.
  • Remediate with Intention: Review actionable data to quickly identify gaps, expedite remediation, and efficiently reduce risk.
  • Report with Confidence: Communicate to key stakeholders with clear insights to quantify risk, prioritize investments, and ensure strategic alignment.

Gain visibility across the entire cyber kill chain.