Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Elastic has been named a Strong Performer in The Forrester Wave: Extended Detection And Response Platforms, Q2 2026 report. The report recognized our SIEM-replacement capabilities, open data architecture, AI innovation, and endpoint protection. Here's what Forrester found and why we believe it reflects what we've been building.

When the weather starts to get warmer, it is a sign that summer time is around the corner. But just as the weather heats up and travel plans get booked, scammers capitalize on the season by performing nefarious schemes to separate victims from their money and other valuables. Recent McAfee research found that more than one in three Americans have experienced a travel-related cyberthreat, with 41% of those affected losing money, often costing victims over $500.

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and harder to detect. At the same time, agentic AI for phishing security training is reshaping how programs improve, enabling them to adapt to user behavior and shifting risk in real time.

If everyone owns cybersecurity, no one really owns it.

An AI agent with access to a customer’s brokerage account can begin executing trades. Not because the customer asked. Because someone, somewhere upstream, slipped a hidden instruction into a tool the agent loaded at startup. The agent is doing exactly what it was told. Just not by the customer. This is not a hypothetical. It is the attack class that financial security teams have exactly zero legacy tooling to catch and it is arriving precisely as banks accelerate their agentic AI ambitions.

Most vulnerability programs rely on scanning known assets and ranking findings based on static severity scores. That model breaks down quickly in modern environments. Asset lists are constantly changing, devices move between networks, workloads shift into cloud platforms, and unmanaged systems appear outside traditional inventory controls. When asset visibility is incomplete, vulnerability data is incomplete as well. The result is predictable. Prioritization becomes inconsistent.

Anthropic has selected Cyberhaven for its Cyber Verification Program, an application-based program that supports legitimate defensive cybersecurity work involving advanced AI capabilities. The approval gives designated Cyberhaven teams access to advanced AI capabilities with fewer interruptions from default safeguards for certain high-risk, dual-use cybersecurity tasks, subject to Anthropic's applicable policies and program requirements.

Brand impersonation account takeover (ATO) happens when attackers use fake brand assets to expose customers, harvest credentials, and attempt access on the legitimate site. The impersonation stage happens outside the enterprise’s login environment, but the ATO risk appears when stolen credentials, attacker devices, or exposed users reach the legitimate login environment. That distinction matters because brand impersonation and account takeover are often handled as separate problems.