Blog Archives - Security Risk Advisors

The AI Attribution Problem Nobody in Security Is Talking About, and How to Solve It

by Greg Stachura and Alex Ioannidis | May 14, 2026 | Artificial Intelligence, Blog

A new class of tooling has quietly landed on corporate endpoints. Claude Cowork, OpenClaw, Copilot Cowork and a growing list of others are all doing the same thing: acting on behalf of a real user, directly from their workstation. They open File Explorer, edit Word...

The AI Attribution Problem, Now With Queries: KQL for Defender Advanced Hunting

by Greg Stachura and Alex Ioannidis | May 14, 2026 | Artificial Intelligence, Blog

In the first post, we asked the question every SOC is going to be asking soon: did the human do that did the AI or did the human tell the AI to do it? We argued that EDR is the right place to answer it, and laid out a five-bucket attribution model. The AI...

Prepping for AI Velocity: Do the Common Things Uncommonly Well

by Chris Salerno | May 12, 2026 | Artificial Intelligence, Blog

We’ve been here before in cyber security (even though this feels different). There have been big moments that promised to change how we “do” cyber security. After SQLSlammer and Mimikatz and the APT-1 report and wide-scale ransomware and SolarWinds. And now:...

Exploring Opportunities to Shoot Your Company in Both Feet with Poor Agentic Software Architecture

by Mike Pinch | May 4, 2026 | Artificial Intelligence, Blog

By now, many people have seen public reporting where an AI agent reportedly decided, for some reason, to delete its company’s database. To be very clear: SRA has no inside information on that event and is simply reading the news like everyone else. But even from the...

The Virtualized Threat: Malicious actors exploiting native Hyper-V virtualization features to conduct covert operations

by Joel Wadley | Apr 23, 2026 | Blog, Blue Teams, Purple Teams

Threat actor groups such as Akira Ransomware, Curly COMrades, and UNC3886 have been observed abusing native Windows Hyper-V virtualization features to create hidden Virtual Machines (VM), establishing covert, long term operations that include the adversary performing...

VECTR Fundamentals: Why Execute Test Cases?

by Paul Spencer | Apr 16, 2026 | Blog, Purple Teams

Most agree, Purple Teaming is an effort that can deliver a high level of value to their organizations. However the nuances of an organization’s approach in Purple Teaming can have a large impact on the effectiveness of their program. Competing teams inside a...

Benchmarked Threat Resilience

Cut Cloud Technology Costs

Vulnerability Management Simplified

Intelligence by Design

The AI Attribution Problem Nobody in Security Is Talking About, and How to Solve It

The AI Attribution Problem, Now With Queries: KQL for Defender Advanced Hunting

Prepping for AI Velocity: Do the Common Things Uncommonly Well

Exploring Opportunities to Shoot Your Company in Both Feet with Poor Agentic Software Architecture

The Virtualized Threat: Malicious actors exploiting native Hyper-V virtualization features to conduct covert operations

VECTR Fundamentals: Why Execute Test Cases?

Follow us on social media

View our Webinars

Get the TIGR Threat Watch email bulletin here!