SOCRadar Launches AI Agent Marketplace and Identity Intelligence to Combat Identity-Driven Cyberattacks

SAN FRANCISCO--(BUSINESS WIRE)--RSAC 2026 – Today at RSA Conference 2026, SOCRadar, a global leader in extended threat intelligence and cybersecurity, launched its new AI Agent Marketplace, an integrated hub where organizations can browse, purchase, and deploy specialized autonomous AI agents tailored for specific cybersecurity tasks and use cases in the SOCRadar Extended Threat Intelligence Platform. This includes phishing detection, brand abuse protection, and dark web monitoring. By unbundling the traditional 'all-in-one' platform, this modular ecosystem liberates security teams from rigid, legacy software in favor of a precision-led approach. Organizations can easily select and deploy only the specific agents required for their unique use cases, with the granular controls and customization to perfectly fit high-precision workflows.

“Identity has become the new attack surface. Threat actors no longer need malware when stolen credentials and session cookies can open the door to an entire organization,” said Huzeyfe Onal, CEO of SOCRadar.

Share

SOCRadar also introduced Identity and Access Intelligence capabilities to its Extended Threat Intelligence Platform to bridge the gap between internal identity security and external exposure. The new capabilities are designed to secure identity "blind spots" such as credential exposures detected in third-party SaaS environments, dark web marketplaces, and collaboration platforms.

Credentials are a hot commodity for opportunistic threat actors looking to launch identity-based attacks. According to IBM, approximately 388 million credentials were stolen in 2025 from just 10 top online platforms including Meta and Google. Additionally, data breaches have surged 475% over the past decade with adversaries moving faster and hitting harder. This has culminated in the 2025 global average cost of a data breach hitting $4.4 million.

“Identity has become the new attack surface. Threat actors no longer need malware when stolen credentials and session cookies can open the door to an entire organization,” said Huzeyfe Onal, CEO of SOCRadar. “By integrating external identity context with automated risk analysis, we are helping our partners and customers build a future-proof defense that accounts for the rapid surge in malware-free, identity-driven attacks."

SOCRadar is also launching a new Identity & Access Threat Intelligence AI Agent, which can analyze the data files associated with a compromised machine (e.g. session cookies, credentials, etc.) to help analysts quickly determine the source of a leak and generate a risk analysis report. This is the first of many AI Agents to be released as part of the new AI Agent Marketplace.

“The era of the "all-in-one" cybersecurity platform is over,” continued Onal. “Traditional SaaS models force security teams into rigid licensing architectures where they pay for bulk features they never use and wait months for custom development to align the tools with their requirements. SOCRadar is disrupting this cycle by “unbundling” the platform into a marketplace of specialized AI Agents.”

Key Features of SOCRadar’s Identity and Access Intelligence Capabilities

SOCRadar’s Identity and Access Intelligence capabilities leverage Identity-Related Risk Clarification to understand risk and make faster decisions.

Clear Security Narratives allow analysts to easily visualize attack steps and system-level artifacts to translate raw data into clear, actionable security narratives for analysts. This includes:

Company Insights: Deliver contextualized visibility into an organization’s digital footprint and compromised users so customers learn which function, asset, and risk chain was exposed.

• Enterprise Attack Surface Risk Profile: Maps externally exposed enterprise services and domains into categorized risk profiles so customers can associate risks and prioritize by potential blast radius.
• Third-Party Service Credential Exposure: Reveals external SaaS providers where leaked or reused credentials are associated with your domain.
• Customers can now understand not just that credentials were leaked, but which systems they unlock and how they could enable lateral movement.

File Insights: Presents an interactive snapshot of a compromised endpoint and lets users review how credentials were exfiltrated and stored on disk by the stealer.

Tag Insights: Exposed artifacts are classified using descriptive tags to indicate their type and context. Sensitive data can be viewed at a glance within the attack flow and endpoint view.

The Cookie Analysis section filters and displays browser-stored cookies and allows sorting by domain, cookie name, or filter. Customers can also assess potential for abuse by analyzing secure flag indicators and cookie entropy surfaced by the platform.

Attack Flow Visualization: Reconstructs the end-to-end infection path, starting from the internet entry point and progressing through malware execution, system interaction, and endpoint compromise.

• Customers can view the complete infection chain, including the stealer involved, its origin, where it executed on the victim machine, and what data was exfiltrated.

AI-Powered Analysis: Provides natural language driven risk analysis that summarizes exposure, highlights prioritized threats, and provides remediation guidance for compromised identities. Customers can see auto-summarization of the infection severity such as device context, critical risks, and exposed identities. They can get recommended remediation actions.

About SOCRadar

SOCRadar is a global threat intelligence cybersecurity company with over 1,000 customers in 75 countries. The company’s Extended Threat Intelligence Platform leverages AI and machine learning to enhance threat detection and deliver actionable intelligence to help businesses proactively defend against cyber attacks. The comprehensive suite of XTI products include: Cyber Threat Intelligence, External Attack Surface Management, Brand Protection, Dark Web Monitoring, and Supply Chain Threat Intelligence. For more information about SOCRadar, visit https://socradar.io/.