All Articles

Filter by Category

What the First LLM-Driven Intrusion Means for SOC Reporting Workflows
Cyber Threats & Security, Humans & AI Indago Team Cyber Threats & Security, Humans & AI Indago Team

What the First LLM-Driven Intrusion Means for SOC Reporting Workflows

On May 10, 2026, Sysdig documented the first known intrusion in which an LLM agent drove every decision in the post-exploitation phase — from initial access to a fully exfiltrated internal database — in under sixty minutes. This post breaks down what actually happened, why it represents a genuine category shift in the threat landscape, and what it means for the SOC reporting workflows that were built for a slower kind of adversary.

Read More
From Planning to After-Action: The Full Reporting Lifecycle of Major Events
Live Events, emergency response Indago Team Live Events, emergency response Indago Team

From Planning to After-Action: The Full Reporting Lifecycle of Major Events

Event security reporting doesn't begin when the gates open — it starts weeks earlier with threat assessments and venue profiling, and it doesn't end until the after-action review is filed. This piece follows Celeste, a hypothetical senior event security analyst preparing for a 200,000-person music festival, through all four stages of the reporting lifecycle: pre-event threat assessment, operational daily SITREPs, real-time incident reports, and post-event after-action review.

Read More
The Digital Battlefield: Cyber and Physical Threats Converging at Major Events

The Digital Battlefield: Cyber and Physical Threats Converging at Major Events

When a cyberattack hits a major event, the consequences rarely stay contained to IT systems — they show up at the gates, in the crowd, and on the stadium floor within minutes. This piece follows Crystal, an event security analyst managing a major sporting event, through three scenarios where digital incidents cascade directly into physical emergencies: a ticketing system breach, a compromised venue app, and a coordinated deepfake and drone threat. Each scenario illustrates the same underlying problem: most event security teams are still running separate workflows for cyber and physical threats, which means when the two converge, nobody has the full picture.

Read More