Stream.Security

We’re expanding Stream’s integration ecosystem to give security teams broader visibility, stronger context, and faster response across modern cloud environments. 🔎 Threat Detection & Response coverage now includes: • Databricks • Cloudflare • Auth0 • Anthropic Enterprise 🛡️ Security Mesh integrations: • Netskope • Zscaler • Check Point • GreyNoise • Recorded Future  • Cycode https://lnkd.in/dbb2Y3FC

We already provide threat response across cloud infrastructure and cloud APIs. Now, we’re extending response into in-workload runtime using our eBPF-powered agents, enabling real-time containment and remediation at the runtime layer. Combined with StreamForce orchestration, these capabilities can be orchestrated by AI at machine speed, with impact-aware decision making before every action. The result: intelligent, end-to-end response from the cloud control plane all the way into running workloads, orchestrated by AI. Read more in the first comment.

🔥 Two things happened with Shai-Hulud last 24h. 1️⃣ Another wave. 170+ packages across npm and PyPI. TanStack, Mistral AI, UiPath, GuardRails AI. 177M+ weekly downloads affected. New execution trick using Git-based "optionalDependencies" that fail silently. 2️⃣ TeamPCP published the full worm source code to GitHub. Anyone can now fork it and deploy their own variant. Six waves. Six different sets of payload names, execution hooks, and C2 infrastructure. Your IOCs from wave 2.0 don't match wave 3.0. And now anyone can create wave 7. The part that doesn't change? Stolen credentials still get used wrong. Abnormal source, abnormal time, abnormal actions. That's your detection surface - and it survives every variant. Full breakdown with the timeline, detection approach, and an honest take on what we cover (and don't) at Stream.Security 👇 link in the first comment The malware keeps changing. Do your detections depend on it staying the same? #SupplyChain #CDR #CloudSecurity #ShaiHulud #ThreatDetection

The API layer is where modern cloud attacks play out. Stream has always detected threats across cloud activity, identity, and runtime behavior. Today we're going deeper, into the application layer itself. We're announcing: full L7 visibility via our eBPF sensor and cloud-native log ingestion, with threat detection running on all of it. The AI angle is what changes everything. A prompt injection or data exfiltration through tool calls looks like a normal authenticated request at the network layer. The threat is in the content. Now you can see it. Full write-up on how it works and what we're detecting 👇 https://lnkd.in/dY698Wfm

Everyone is adding AI. Nobody's building the model it needs to run on. The story is always the same: more agents, better context, faster response. The assumption underneath: the AI already understands the environment it's operating in. It doesn't. Context in security has been redefined as enrichment. Stitching logs, alerts, and scan results together. Reconstructing what exists from fragments of what happened. That's not context. That's archaeology. Real context is a live model of the environment: identities, permissions, network reachability, dependencies, all updated continuously. Not a score. Not a report. The actual state of the system, as it changes. When agents operate on that model, guardrails get lighter. Risk becomes a computed property. Response can be simulated before it's executed. Without it, you're adding intelligence to a system that doesn't know what it's protecting. Before security can use more AI, it needs a model of reality.

✅ Good news for defenders: CVE-2026-31431 ("Copy Fail") in Kubernetes is not a classical container escape (to the node). ⚠️ The catch: it's still a container escape - but to another POD. The attack is unpredictable for both sides. The attackers don't know who they'll hit. The defenders don't know which pod will be the trigger. We tried to map out what to actually expect in both directions. 👇 Full breakdown: https://lnkd.in/dGqZZH85 #Kubernetes #CloudSecurity #ContainerSecurity #ThreatResearch

What AI is actually running in your environment right now? The MCP server a developer wired into a container with high privileges. The Bedrock endpoint a service account started calling overnight. The agent that just chained 40 tool calls when its baseline was 3. The app you scoped to Bedrock only, quietly calling OpenAI instead. This is shadow AI. It moves at machine speed and most security stacks can't see it. In our latest post, we break down how Stream detects AI in motion, computes blast radius across the AI layer, and contains threats. Read it ↓ https://lnkd.in/d4e68FrZ #AIDR #ShadowAI #CloudSecurity

We've been cloud-native from the start, and now we're expanding to meet enterprises wherever they are. Stream now delivers full attack path analysis and threat detection across hybrid environments, including VMware, NSX, and on-prem network infrastructure. One platform without blind spots. Read about what's new 👇

Stream.Security is expanding beyond cloud-native environments. 🎉 Too often, organizations are forced to compromise - holding onto legacy hybrid solutions just to maintain unified visibility, or stitching together two segregated platforms that never quite tell the full story. Stream eliminates that compromise. 🔗 https://lnkd.in/d38rnVBz

Rafał Kitab took Stream for a test drive. Take a look 👀