All Articles
Filter by Category
Archive
- Tradecraft & Analyst Skills
- Productivity & Reporting
- Writing & Communication
- Generative AI
- Cyber Threats & Security
- Humans & AI
- Search & Discovery
- Help Center
- emergency response
- geopolitical
- Live Events
- Popular
- Wild Dog AI Podcast
- Medical
- Communication Strategy
- Finance
- OSINT
- Politics
- Private Investigation
- Templates
What the First LLM-Driven Intrusion Means for SOC Reporting Workflows
On May 10, 2026, Sysdig documented the first known intrusion in which an LLM agent drove every decision in the post-exploitation phase — from initial access to a fully exfiltrated internal database — in under sixty minutes. This post breaks down what actually happened, why it represents a genuine category shift in the threat landscape, and what it means for the SOC reporting workflows that were built for a slower kind of adversary.
From Planning to After-Action: The Full Reporting Lifecycle of Major Events
Event security reporting doesn't begin when the gates open — it starts weeks earlier with threat assessments and venue profiling, and it doesn't end until the after-action review is filed. This piece follows Celeste, a hypothetical senior event security analyst preparing for a 200,000-person music festival, through all four stages of the reporting lifecycle: pre-event threat assessment, operational daily SITREPs, real-time incident reports, and post-event after-action review.
The Digital Battlefield: Cyber and Physical Threats Converging at Major Events
When a cyberattack hits a major event, the consequences rarely stay contained to IT systems — they show up at the gates, in the crowd, and on the stadium floor within minutes. This piece follows Crystal, an event security analyst managing a major sporting event, through three scenarios where digital incidents cascade directly into physical emergencies: a ticketing system breach, a compromised venue app, and a coordinated deepfake and drone threat. Each scenario illustrates the same underlying problem: most event security teams are still running separate workflows for cyber and physical threats, which means when the two converge, nobody has the full picture.