|
By SafeBreach
SafeBreach Helm is a pioneering AI agent designed to operationalize the complete Continuous Threat Exposure Management (CTEM) lifecycle by unifying SafeBreach’s industry-leading adversarial exposure validation (AEV) capabilities with data and insights from across an organization’s existing security ecosystem.
|
By Yossi Attas
In the fifth installment of SafeBreach’s AI-First series, VP of Development Yossi Attas explores how the development team’s AI-First philosophy is being extended to the customer frontier and improved upon through the Anti-Hallucination Protocol.
|
By Yossi Attas
In the fourth installment of SafeBreach’s AI-First evolution series, VP of Development Yossi Attas and Principal Software Design Engineer Guy Ephraim explore how test-driven development (TDD) serves as the essential “safety net” for high-speed AI code generation.
|
By Yossi Attas
In the third installment of SafeBreach’s AI-First development series, VP of Development Yossi Attas explores the resurgence of the Product Requirements Document (PRD) as the foundational “control surface” for AI-assisted engineering.
|
By Tova Dvorin
SafeBreach Senior Product Marketing Manager Tova Dvorin explores the critical necessity of continuous validation in Zero Trust architectures, specifically focusing on the integration of SafeBreach and Akamai Guardicore. While microsegmentation is a foundational element in the defense against lateral movement and ransomware propagation, dynamic infrastructure and policy drift often create “blind spots” that compromise security posture.
|
By Yossi Attas
In this second installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas details a structured operational workflow that integrates Jira, BitBucket, and Claude Code to turn AI usage from ad-hoc prompting into a rigorous engineering methodology.
|
By Uzi Galili
The new SafeBreach extension for VS Code integrates Breach Studio’s powerful custom attack development capabilities directly into the world’s most popular IDE to enable security teams to engineer custom attack simulations with unprecedented speed and precision. Security engineers can leverage Git-native version control, AI-assisted authoring, and real-time IntelliSense linting to eliminate friction and reduce failed executions.
|
By SafeBreach
While attackers often find low-privileged credentials after creating a process dump of LSASS or harvesting hashes with a tool like Responder, they are rarely able to do anything with those credentials (RDP aside). We set out to discover how malicious actors might exploit Microsoft Windows remote procedure call (RPC) protocols to gather data remotely as a low-privileged user using RPC as an attack surface.
|
By Yossi Attas
In this first installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas outlines how his team is managing the strategic shift toward an AI-First development methodology. This includes moving beyond simple tool adoption to a fundamental redefinition of the software engineer’s role. Read on as we explore.
|
By Guy Bejerano
2025 marked a pivotal year for SafeBreach as we took our first steps in our evolution from the pioneers in Breach and Attack Simulation (BAS) to the leader in Continuous Threat Exposure Management (CTEM). The year was marked by a number of impressive highlights, all of which we could not have achieved without the partnership of our employees, customers, and partners: Read on for more in-depth insights into the year that was 2025 for SafeBreach and a sneak peak at what’s in store for 2026.
|
By SafeBreach
Your home router isn’t just sitting there. It might already be part of a global cyberattack. In Part 2 of our deep dive into Chinese cyber operations, Tova Dvorin and Adrian Culley unpack the “Typhoon” threat groups—Volt Typhoon, Salt Typhoon, and Flax Typhoon—and how they’re quietly reshaping modern cyber warfare. This isn’t about stealing data. It’s about staying hidden, pre-positioning, and being ready to strike.
|
By SafeBreach
The EU Cyber Resilience Act (CRA) is set to transform cybersecurity—from a best practice into a legal requirement. But what does that "actually" mean for security teams, product leaders, and CISOs? In this episode, host Tova Dvorin and cybersecurity expert Adrian Culley break down the CRA in plain terms—and explain why the shift to continuous security validation is unavoidable. You’ll learn: With enforcement deadlines approaching and significant penalties on the horizon, the message is clear: If your security testing isn’t continuous, it’s not CRA-ready.
|
By SafeBreach
A new 2026 law in China has weaponized the Chinese tech population by requiring the reporting of software vulnerabilities to the Ministry of State Security within 48 hours. This law has significant implications for cybersecurity and global tech security.
|
By SafeBreach
What if the next cyberattack doesn’t steal your data…but quietly prepares to break your infrastructure? In this premiere episode of our series on Chinese threat actors, we uncover how China transformed from noisy, smash-and-grab hackers into the world’s most sophisticated cyber power—one focused not just on espionage, but on pre-positioning inside critical infrastructure. Through a chilling real-world scenario, we explore a new kind of threat: digital landmines—subtle, invisible changes inside power grids, telecommunications networks, and industrial systems that can be triggered at any time.
|
By SafeBreach
In this episode of the Cyber Resilience Brief, we shift from chaotic cybercriminals to the calculated world of Russian nation-state threat actors—breaking down the three agencies that dominate Russia’s cyber operations: the GRU, SVR, and FSB. What many organizations mistakenly treat as a single “Russian threat” is actually a complex ecosystem of competing intelligence agencies—each with distinct goals, tactics, and operational philosophies.
|
By SafeBreach
Iranian cyber attacks are escalating—shifting from espionage to destructive, large-scale operations. In this episode, we break down what CISOs need to know. Host Tova Dvorin and offensive security expert Adrian Culley analyze the latest Iranian cyber threat activity, including groups like Handala (Void Manticore) and MuddyWater (Mango Sandstorm), and how their tactics are evolving.
|
By SafeBreach
This conversation covers the principles of security, the shift of identity as the new perimeter, and the transition from detection-led to trust-led security. It emphasizes the importance of assuming network compromise, focusing on identity, and denying access based on unusual behavior. Takeaways.
|
By SafeBreach
The U.S. just made its boldest cybersecurity move in decades. In this episode of the Cyber Resilience Brief, we break down President Trump’s 2026 Cyber Strategy—and why it signals a massive shift from reactive defense to proactive, offensive cybersecurity. What does this mean for CISOs, security leaders, and the private sector? We unpack the strategy’s most critical pillars, including: This isn’t regulation—it’s a call to action. And for organizations that fail to continuously validate their defenses, the risks have never been higher.
|
By SafeBreach
Why does continuous testing matter for the Digital Operational Resilience Act (DORA) compliance? Explore how Articles 6, 9, 10, 13, and 16 reinforce the need for continuous testing.
|
By SafeBreach
Iranian cyber operations are entering a new era. In this final episode of our Iran cyber series, we explore how Iranian APT groups are evolving — leveraging AI, targeting supply chains, and bypassing the billion-dollar security stacks built to stop them. Hosts Tova Dvorin and Adrian Culley break down the emerging threats shaping 2026, including: The perimeter is gone. Your weakest vendor may now be your biggest risk.
|
By SafeBreach
Today's CISOs and security teams must constantly validate security controls to identify gaps, remediate misconfigurations, and optimize performance against a rapidly increasing threat landscape. Breach and attack simulation (BAS) solutions-designed to continuously test the effectiveness of security controls and identify potential vulnerabilities-have emerged as a powerful tool to help organizations navigate this new reality. But not all BAS platforms are created equal.
|
By SafeBreach
The mission of today's security teams is clear: protect the company from emerging cyber threats. What's less clear is how to ensure stakeholders understand the impact of their programs. Traditional security reporting focuses on threats and vulnerabilities and how many were stopped and prevented, but non-technical stakeholders-who are concerned with the business's bottom line and how these threats can impact business continuity-need to know how these activities translate to tangible business values. As risk is tied to revenue, security teams need a simple way to understand and share the real efficacy of their programs with their stakeholders.
|
By SafeBreach
There are a number of security validation methods available on the market today, but each has different uses and functions. And, not all of them are appropriate in every IT environment. As a result, many organizations waste time and resources on technologies or approaches that may work well for others, but aren't a good fit for their specific use case.
|
By SafeBreach
Starting a red-team program but not sure where to begin? Looking to improve your existing red-team operation? Before getting too far in the cyber weeds, go back to the basics with "The Fundamentals of Modern Cybersecurity Red Teaming."
|
By SafeBreach
2022 saw a dramatic increase in the prevalence, severity, and impact of cyberattacks, presenting a striking new reality for CISOs and their security teams. They were-and continue to be-in a constant race against time to improve security and performance.
|
By SafeBreach
Modern SOCs are complex environments with dozens of tools, overlapping teams, and a constantly growing attack surface to protect. To combat these challenges and keep up with the rapidly evolving threat landscape, security leaders must constantly strive to improve SOC efficiency and keep team members engaged.
- April 2026 (8)
- March 2026 (9)
- February 2026 (8)
- January 2026 (9)
- December 2025 (15)
- November 2025 (4)
- October 2025 (11)
- September 2025 (4)
- August 2025 (7)
- July 2025 (3)
- June 2025 (2)
- May 2025 (2)
- April 2025 (1)
- March 2025 (1)
- February 2025 (2)
- January 2025 (2)
- November 2024 (1)
- October 2024 (3)
- September 2024 (3)
- August 2024 (8)
- July 2024 (3)
- June 2024 (3)
- May 2024 (7)
- April 2024 (4)
- March 2024 (5)
- February 2024 (5)
- January 2024 (2)
- December 2023 (9)
- November 2023 (8)
- October 2023 (4)
- September 2023 (7)
- August 2023 (11)
- July 2023 (4)
- June 2023 (8)
- May 2023 (13)
- April 2023 (7)
- March 2023 (3)
- February 2023 (4)
- January 2023 (2)
- December 2022 (5)
Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the pioneer in breach-and-attack simulation (BAS) and is the most widely used platform for continuous security validation. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts.
With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.
Unleash the power of your security controls to drive down risk.
- Attack with Purpose: Execute real-world attacks safely and continuously to identify what your security controls will prevent, detect, or miss.
- Analyze with Real-Time Data: Gain a quantitative view of your security posture by visualizing security-control performance data that’s not available anywhere else.
- Remediate with Intention: Review actionable data to quickly identify gaps, expedite remediation, and efficiently reduce risk.
- Report with Confidence: Communicate to key stakeholders with clear insights to quantify risk, prioritize investments, and ensure strategic alignment.
Gain visibility across the entire cyber kill chain.