.jpg)
Skyhawk Security has enhanced its Purple Team-powered cloud security platform with new Threat Actor Context capabilities. The feature enriches AI Red Team-generated cloud attack scenarios with real-world adversary insights, mapping them to known threat actors, major campaigns, and affiliated CVEs to help security teams better prioritize exposures.
Security teams often face an overload of alerts and telemetry but lack the contextual insights needed to understand why specific attack scenarios matter to their organization. The new Threat Actor Context capability addresses this by adding real-world adversary behavior to simulated scenarios, moving beyond generic TTPs to deliver actionable business-relevant intelligence.
Threat Actor Context uses Skyhawk’s attribution engine to enrich attack scenarios with signals such as targeted industries, geographies, and malicious campaign methods. This contextual layer helps security teams assess exposure more accurately and focus remediation efforts on the risks most likely to impact their specific environment.
The capability initially connects scenarios to the following well-known adversary behaviors:
Scattered Spider – patterns tied to identity-driven intrusions and high-profile attacks like MGM Resorts and Caesars Entertainment.
APT29 – tradecraft linked to NOBELIUM and TeamCity-related cloud intrusion activity.
APT44 / Sandworm – patterns associated with disruptive operations and campaigns like BadPilot.
TraderTraitor – techniques tied to the JumpCloud compromise and the Bybit theft.
APT41 – behavior associated with operations such as Operation CuckooBees and broader public sector targeting.
“Security teams have plenty of data, telemetry and alerts. What they’re usually lacking is the context to transform that data into security insights and pinpoint why simulated attack scenarios matter to their business based on activity seen in the wild,” said Chen Burshan, CEO of Skyhawk Security. “We’re helping them view scenarios through the lens of known attacker behavior to better assess exposure and improve prioritization.”
About Skyhawk Security
Skyhawk Security is the leader in AI Based Purple Team-Powered Cloud Security, leveraging a multi-layer AI-based approach to identify and preemptively stop cloud threats before they become breaches. Skyhawk revolutionizes cloud security with its Continuous Proactive Protection, an AI-powered Autonomous Purple Team, enabling security teams to take a proactive approach to cloud security for the very first time. Led by a team of cybersecurity and cloud professionals who built the original CSPM category, Skyhawk’s platform evolves cloud security posture management far beyond scanning and static configuration analysis, continuously adapting and improving threat detection so that it is always aligned with the cloud architecture. Skyhawk Security is a spin-off of Radware.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.