VIRTUAL EVENT
The Investigator's Shortcut:
How SpyCloud’s Research Agent Closes Cases in Minutes, Not Hours
Most AI tools weren’t built for investigative work. They don’t know your threat landscape, they don’t have the underlying data, and they don’t include the tradecraft of elite investigators.
SpyCloud Cybercrime Investigations with Research Agent is different. It’s built on over a decade of recaptured identity data from the criminal underground, trained on the tradecraft of experienced investigators, and designed to help security teams move faster from data point to a conclusion.
Join SpyCloud Lead Investigator Duncan Edwards for a hands-on introduction to how the Research Agent works, what it can do for your team, and how to get meaningful results with speed and confidence.
Hope you're all having a wonderful, wonderful day, and we're so excited to have this live event, the investigator shortcut, how the Research Agent closes cases in minutes, not hours, and you'll see exactly why very shortly. Thank you for joining. My name is Taylor Coppock. I'm here in the product marketing team at SpyCloud focusing on investigations and a commercial offering. And I'm so excited to have my friend Duncan Edwards be the primary star of today's event. Duncan, you mind introducing yourself? Thank you, Taylor. Good day, everyone. I'm Duncan Edwards. I'm a senior investigator here at SpyCloud, and I've been with the company for about four and a half years. My previous career path was I was a federal law enforcement officer, four and a half years as deputy US Marshal with the US Marshal Service and over twenty four years with the Federal Bureau of Investigation as a special agent. We're both excited to be here today and to showcase the launch of our Research Agent. So you can see why Duncan is great for this event, to show you the value of the Research Agent. Now some brief housekeeping. We are recording this. If you want to follow-up, we will send out a video afterwards. But quick reminder, ask questions. Please use Q and A in Zoom. We'll have time at the end, but it's best to ask your questions during Duncan's live demo. Make sure we're guiding it the way you want to go. Make sure you're answering your questions about SpyCloud, the Research Agent. So please hop in, ask your questions. Don't be afraid. We're here to help you understand everything about SpyCloud. So level setting, what we're gonna cover the next time together with you, I wanna quickly summarize who SpyCloud is and why we're here. Why are we talking about AI innovation, the Research Agent? I wanna do a quick overview of our solution, SpyCloud Cybercrime Investigations, to show how it works and then speak to the Research Agent, the value of it, and then hop straight into Duncan's live demo. There should be time for q and a, but, again, ask your questions now, ask during the demo, ask the entire time. So, for those new to SpyCloud, who are we? Our mission is to disrupt cybercrime. We are the leaders in identity threat protection, and we offer a variety of automated solutions to help our customers really protect their workforce or their consumers from identity threats. And we do this by recapturing the stolen identity data that criminals have about whoever you're trying to protect. We offer a variety of solutions, again, for protecting your workforce, your consumers, but today is all about our cybercrime investigation solution. We've been around for over ten years, have hundreds of customers, and we are the leader in identity threat protection. And speaking on the data, to level set what powers everything you're about to see today, this is what we've recaptured from the criminal underground. We have over one trillion recaptured identity assets that have collected over ten years of SpyCloud. You can see the variety of sources that we actually collect from the criminal underground. Not just breach data, but we track over one hundred malware families to ingest whatever has been stolen by infostealer malware. We track over twenty-five phishing platforms to incorporate and ingest phish data for both your employees or your consumers. And of course, we have tens of thousands of third party breaches and combolists. Altogether, this is the information we can actually publish to our customers to protect their organization because it's everything from identity assets, from you name it, credentials, email addresses, session cookies. Whatever criminals are stealing, we collect and publish as soon as it's discovered, often within an hour from malware data and within two hours from most breach data. It's a very powerful, very fast, very enriched data to power all of our solutions today. Now, I'm gonna explain bit more about why we're here and kind of why we built the Research Agent to begin with. Thank you. Why we're here is the Research Agent is a big breakthrough for us. I've been working in these investigations, myself and other members of my team are subject matter experts when it comes to the data. But this takes a little bit of time to understand the data and how it speaks to you. There's a lot of behavior analysis that can be done with the data. There's a lot of judgment calls, tradecraft involved. And so we thought, hey, how can we make this easier for people to use? Because the analysis once we pull in a data set of points of intersection, things that we need to follow-up on, that type of judgment, how do you box that up? Well, introducing the Research Agent. The Research Agent has a lot of that thinking built into it. And so we got your back when it comes to conducting investigations by way of the Research Agent. That's right. We're gonna make sure we can encode your judgment. So running the call kind of sees the power of the Research Agent. And to level set, SpyCloud investigations is one of our solution areas. We're gonna focus more on the SaaS deployment, SpyCloud Cybercrime and Investigations. As I spoke to, we have over a trillion identity assets. This is truly this analyst ready investigations workspace where there's so many records that you want access to to protect your employees, unmask a threat actor, whatever your use case or team may be, SpyCloud Cybercrime Investigations supports them all. Duncan will show how you can start with a single selector, maybe an email address. Whatever clue you have for your investigation, you can start there and access SpyCloud's data. Investigations then takes it from there to really visualize the relationships between all these hidden relationships because it might be data that was exposed a decade ago that might help you actually unmask these threat actors. And SpyCloud does all the pivoting in the back end to really show all these hidden assets and all these aliases to help you get to your answer fast. Then, of course, we have the AI workflows to generate finished intelligence. So it's not just data. It's the actual answers to your toughest identity threats in cybercrime. And On the ways to get started, here's a view of all the ways to start your investigation. Yeah, so when we look at ways of starting an investigation, a lot of us are going to have some type of identity selector email address, as you can see, or the phrase of an email to see if there's any type of emails in our data lake, maybe social handles. And so that is going to be where we are going to start with that. Although we can do a lot more with the Research Agent and with the data at hand. We can look at domains, we can look at vulnerability exposure, infrastructure by way of IP address. We can even link to infected machines and dive deep down into the extent of exposure of that infected machine. So a lot of PII we can actually access and dig into as well as some financial information. So really it's your pick of what you wanna start your investigation with, and then it just spider webs out and brings you more and more intelligence for the investigation that you are conducting. And I do wanna plug SpyCloud analyst credits. If after today's demo, you realize I want more time with Duncan, I need Duncan's help, we have a solution for you. Besides the actual investigation solution, we offer a pool of analyst credits for any kind of ad hoc investigation or ongoing investigations. We offer premium support that includes some analyst credits, but it's an easy way to send your questions to Duncan and his team to help you actually do more with your current team. Whatever your question is, we have ways with our lead investigators to help you actually uncover these threats and get the answers fast. So a lot of ways to protect your business, the SaaS solution, API deployments, endless credits. We got you covered whenever you need help with any cybercrime. Now let's talk about what's new. We've launched it this week. It's all about the SpyCloud Research Agent. I know you've heard about AI products everywhere. I know it's all over the news. I briefly want to say why SpyCloud is different. AI could be table stakes, but real investigative power is not. And I hope you'll see why SpyCloud stands out and why Research Agent is something that we feel so confident is so unique because what actually powers the AI is the actual foundation of everything with the agentic workflow, and it starts with our data. We have over ten years, over a trillion identity assets. So think of all the actual exposure data out there, all the aliases, all the actual clues hiding in that database. That's the starting point for any kind of agentic workflow. But then, internal at SpyCloud, the way we use AI to actually collect and parse and normalize all the stolen identity data from the criminal underground, we publish in near real time. So as soon as new data is available, that both helps feed the agent, but also you actually solve your investigations. So we pair that data with a third piece, Duncan. Yeah. And with the Research Agent, now you have at your fingertips the decades of investigative tradecraft from the background of our investigation team, people like myself and that tradecraft and that mind melt is put into the Research Agent. And so we bring that power to your fingertips of analysis, tradecraft, and it turns out to be a very enlightening experience. Let's dive right in. Now we wanna level set what you're about to see. This is a real case that Duncan cracked in the past. It took him over a year to actually solve this, but we're trying to uncover this global ransom actor, Case BBA. All Duncan has is an email address to start with. We wanna actually uncover the threat actor, but then look for more more information about the way they're they're launching these ransom attacks. This individual got over three hundred Bitcoin. He's all this data he was actually stealing from victims, but this case took him over a year to identify who's the third actor, but then also getting enough evidence to actually prove he's connected to ransomware. This actually happened in Indonesia. So as you can see, they don't ex exfiltrate criminals. So Duncan actually worked with global authorities to help unmask this threat actor. So I think, Duncan, anything you want to add there before we dive right in? Yeah, just to add, I was really excited that we were going to have this project, Taylor, because I thought what better way to showcase the Research Agent is take something that I worked in the past that took me quite a while and had to go through a lot of data. And you'll see as we start this investigation, the amount of efficiency, all the analysis that is packed into this investigation. And man, if I had had this back in the day when I was doing this investigation, it would have really made me more efficient with my investigation and possibly uncovers a few areas that I was not aware of. Fact, I know that. This is pretty common having an email. That's all you start off with. How do prove attribution? Add each other connection to the ransom attacks. So we'll dive right in to this. This will be a live demo showing us some real data. So again, please ask your questions. It's a very open ended prompt that we're going to guide you through. We'll pause, ask questions, but we want to make sure we're showing exactly the power of Agent to help you understand how you might use it for your teams. So I'm going to stop sharing and let Duncan drive and show off SpyCloud Cybercrime Investigations. All right. Thank you very much. Appreciate the handoff. And at this time, I'm pretty excited to start this. And I'm gonna go back in time here. I'm gonna put this hat on. Why am I doing that Taylor? Is because this actual investigation led me to work with the Indonesian cyber directorate. And a lot of people say after they engage in something, all I got with this t shirt for me, I got this hat from the Indonesian authorities. Incredible. So yeah, All right. Welcome to our Research Agent. And as you can see, if you don't know where to start, we got you covered. We have some prompts that all you gotta do is put in your selector, like an email address, an IP address. And they're different topics, right? If you're looking at a blast radius of domain down here, we've got you covered. If you don't think that you're some type of a prompt guru. But I got my own prompt here. I'm gonna paste that in. So let's go through the prompt real quick, because it is meaningful. So the "Doctor Instruments Payment," that was what was provided for victims as they got ransomware on their individual computer and their files got locked down. That's how you went through the process of trying to get it unlocked. So we plugged that in there. And I'm framing this investigation to say it's involving cybercrime. Because the research, we're gonna tell the Research Agent like, hey, what's the background of what I'm doing here? So that's kind of important to provide a little context to our investigation. And I want them to show everything. I want it to categorize some of the victim information as victim one, two and three. If I have any type of victim information and show me some of that information and provide me an initial analysis from when we call this up. So, here we go. Hold on to your seats. And I'm gonna blow this up here so we can see this a little bit better. So the Research Agent now has grabbed this prompt and it's gonna start diving into this. You can see it already found a distinctive password there that it's also pivoting on. Taylor, do you wanna expand on like, it's pivoting on this password, but I didn't ask it to do the password. Why is that, Taylor? Right. I think right now in the background, this is actually querying SpyCloud's database across multiple API calls. So it's looking over a trillion assets for anything related to that initial starting point. And as we as we mentioned earlier, it's automatically pivoting on things it finds to be matches. I guess there's probably some backup emails or other aliases out there that SpyCloud feels confident are related, which is why it pulled out that password immediately. So before you even see the data, it's actually running these pivots, knowing what step to find given looking for cybercrime evidence for this one data point. And now it's kind of giving off this initial analysis. Yeah. So now we have this big old red mark right here. And sure enough, it looks like it does see some cybercrime indicators in here. Fabricated identities, accounts that it flags some critical findings of identity fraud patterns. There's a exposure of cryptocurrency. This is an amazing start for this investigation. And keep in mind, this was taking me months to come to this type of conclusion that we got in a matter of like what seconds, not even minutes here, right? So it shows that, hey, it looks like we have an Indonesian based operator involved in identity fraud and synthetic account information. Let's go back up here. We even have some victims called out here. And check this out. Here we have this analysis of this doctor's instruments, got a date of birth associated with that. We got some phone numbers that are unique to Indonesia. And this address right here, that's actually where ultimately that individual was arrested, fast forward by the Indonesian authorities. So amazing work so far by the Research Agent. Before you follow-up, do you mind just kind of showing some of the data where these are coming from? I see forty-five records were exposed, but kind of helping connect to the actual data itself. Sure. If we go over here and get rid of the Research Agent prompting for a second, you can see that there is some of that information. There's some of our Indonesian addresses. Look at some of our emails here that we have, right, in the dataset. The ones that are checked are the ones that have been searched by the Research Agent. And we have quite a few that we can pivot on. And that's what we're gonna do next. So let's go back to the Research Agent. I'll blow this up again. And at this time, we need to broaden the focus of the investigation because we have a lot of victim emails here. Right, Taylor? So we're gonna broaden this out. And there's also this interesting connection to this "Scott.Hailiea" that I want to have the Research Agent delve into a little bit further for me. So it's gonna be pivoting out on some of our additional emails that we saw when we looked at the raw data there on the other side. And again, ask your questions. You can see we can ask whatever follow-up prompts. So let's make this interactive if possible. All right. So now it's checking some of the other emails. Now it's gonna pull a summary of this. And now we have this extended investigation analysis. So it's going through as I asked, like we got a victim one, victim two. And it's supporting some of these conclusions as to why from the assessment. It's giving a confidence level of it, whether it's likely fabricated or not. Then it finds this bridge account here that I asked regarding that one email from Yahoo. Just amazing stuff. And keep in mind, this is that judgment baked in. This is the part that this would take me in SpyCloud even conducting this investigation going over when we're over that other panel Taylor, I just have to start hunting and pecking and looking as like, hey, what are some of the connections that here but this is just amazing that it's actually able to do this analysis for me right off the bat. So you can see if you're a beginner here with the help of the Research Agent, it really points you into the right direction. Now, Duncan, you keep saying high confidence and likely, I guess this is for an attribution, but for any use case, like how do you define what confidence is? Does the agent show why it's confidence in these decisions and analysis? Yeah, because it's based upon some of the correlating aspects, you know, a shared phone number that is across different emails or different passwords or a common address, physical address. And so that's how we're able to find this. Look at this. This email right here is really interesting because it's linked to I for fraud. At this point, I wanna delve further into that. Now me personally, of course, because I've been working here for a while. I know what the eye for fraud breach is. That's basically a third party service that businesses can subscribe to as a point of vetting fraud, fraudulent transactions. And since we have that in there that is mixed in with what looks to be some victim data. And look at this, we have some affiliation with Null.io I'm very familiar with that because that is a dark market forum that you find a lot of bad guys on. Or if it's not bad guys, it's undercover police across the globe. So he has ties to that. But this is where it gets very interesting. So look at this, this email is across seven records from I for fraud. And this gives the date range. Why is that important? Well, what's affiliated with that email is actually true stolen information of actual people. It happens to be US people. You can see its card information, identity information, phone number information and the like. But it's all controlled by one central email. So that is a major red flag. And of course, the Research Agent caught it right away. The eye for fraud records prove active US credit card fraud attribution to the Indonesian operator, which is of course, as identified as Bagas Aji, which heck I didn't identify that individual for quite some time actually in my investigation. And here it's like, there it is right there. And so at this point, it would be prudent to do this. Check this out Taylor. And for those of in the audience. Since Aji is Indonesian, review plain text passwords, emails and usernames in the data to see if any of them have unique phrases or words that would be Indonesian and only show me translations that are meaningful to bad behavior. Why do I ask that? Because sometimes as an investigator in the real world, before you ever sit down across the table from interviewing someone, you might find nuggets of information and data that are incriminating by nature based upon the activity that you're investigating. And we're investigating financial fraud, cybercrime here. Let's see if the Research Agent can make this leap. Because certainly, Taylor, you and I don't know the Indonesian language and what anything means. But as you know, a lot of people when they craft an email, they craft a password, there's a reason why they made it that way. So let's see if the Research Agent can cut through some of this language barrier that you and I would have in this investigation because it may have some relevance. And see, a lot of this data came from 2016, 2013. So again, the bad OPSEC in the past trying to hide behind aliases. The agent found it immediately. Yeah, and that's very important that you bring that up. The depth and breadth that I always talk about with SpyCloud data is very important because think about it. If you're a bad guy and you start out with your first internet experience and creating accounts and emails, were you a bad guy then? Probably not. Probably somewhere along the line you went astray. But you can't erase that digital exhaust that you created, right, that we capture. So you can get some nuggets of true information. So criminal behavior indicators. How about this email right here? Translation is that's prosperous evil. How about this username right here? Ex thug, former gangster. Who does that? Unless maybe you're part of that life. So at this point, maybe it's prudent that we wrap this up. And Duncan, real fast, there's a question from the audience. Yeah. Not related to this entirely, but more on the protective use cases and more organization exposures. The question really is, are there ways that you use this to help identify any issues perhaps before employees been compromised or exposed, Or is it focused more on where there's been exposure within your organization? So perhaps speaking to ways to use investigations for looking for potential risky indicators or perhaps things that happened before an actual employee might be exposed, if I understand the question correctly. Yeah, well certainly the Research Agent and through our investigations platform here, you can look up domain information that's interesting to you or maybe an email of a specific employee and look at what type of exposure is there. But more importantly, we have other tools in our toolbox here at SpyCloud. So that if you wanna be proactive, you can overlay some of these tools with some of the tools that you're already using. We do have a variety of integrations. We have a RESTful API that will work with very nicely with a lot of the existing tool sets that some of our private sector clients are already using. And so you can be proactive. So if it pops up in our data lake, you'll be aware of it and you can take action. Or we have methods of automating the process to where, for example, if it's a password reset can happen. And that's important because the longer that compromise information is out there in the open and dark web, the likelihood of a compromise or credential stuffing attack may happen. Happen. If you get it right off the bat because we get this data super fast and publish it at amazing speed, you'll be able to mitigate some of that. And hopefully that would be answering that question. Okay, so where do you want to go from here? How do you want to get more clarification to get confidence that we've unmasked this Doctor Instruments? Well, I think at this point, let's do this. Let's get an executive summary report. Because we've already got this information that we have this fraud going on. Let's frame it to the standpoint of like, if we were to pass this to law enforcement, Indonesian authorities, what type of violations and what type of leads can we pursue? Because again, this is intelligence based upon recapturing this data that has been out there. But this data can actionable and give us some good leads and be indicators of like potential violations that can be pursued. So at this point, we're gonna have the Research Agent give us a full analysis of the scope of this investigation. Is there more stuff that we could actually do? Yeah, there is, right? But this is a webinar, we don't have all the time in the world. We wanna be considerate of everyone's time. And we've got a lot of information right now that can give you a really strong picture as to the type of violations that Bagas Aji is involved in, as well as give us a picture of the scope of the fraud and where we can go with some of these leads. You can see I'm very familiar here with some of the violations like the eighteen USC ten thirty. And so once it's finished, we'll actually go back up and kinda recap this here. And while it generates a summary, I do see we have almost a hundred and seventy records exposed. Do you mind after this kinda showing off the data itself in in case you wanted more more evidence of what's been exposed as you create these summaries and proposals and maybe kind of visualize this graph of the extent of fraud and aliases that you found with the agent. Yeah, absolutely. Absolutely. Because that's very important. This is information from the Research Agent. Some of the callouts from the agent, it's always good to jump over to the actual data tailor and just corroborate some of that information which we will do. So we got our subject information, which is right on. And remember this took me quite a bit of time to be able to actually identify this particular individual and we've done this in short work here in a matter of minutes. And so here's some of the violations for credit card fraud, some of the identity theft, and it shows this here. Here's some of the computer crime, the unauthorized access here, Some of the cryptocurrency. This is really important because like, hey, if he's doing fraud here, Taylor, he's gonna be making some money somehow. How's he gonna get it out? How's he gonna launder it? This breach here with Coin Mama. Notice how Coin Mama is attributed to this account right here of "Doctor Instruments Payment," right? We can verify that's a call out. That's something we can go over and actually look at, right? So here's some of the applicable statutes. Oh gosh, look at this. Research Agent was smart enough to be able to show us some of the violations in Indonesian law. Why is that important? Well, because ultimately in real life, I wasn't able to prosecute this case in the United States. Indonesia does not extradite. However, what I was able to do after a year's time, provide all the information that I had to the Indonesian authorities and they were able to prosecute this. But here are some of the articles that he's violating within Indonesian law. Here's some of the investigative leads, calls out the FBI cyber division where this would lie. And that was my last stop working for the bureau before I retired. I worked computer intrusion matters. There is that key right there of that email right here of the, I can't even pronounce it, but that, I am gonna grab that here actually. Alright. And so here are some of the conclusions here, distribution, where we could send this here. So let's pop over to the actual data. Let's do just some verification. We're looking at that email. So let's go ahead and look at that email. Let's look at all the data that pertains to this one email here. Let's try it again. I think you need the LA GI because it captured something else instead. Yeah, did. It captured something else in here. Let me try LA. I think it was LA GI. Yeah. Thank you very much. So here is all the records related to that. And so when we look at the eye for fraud, right? Here is for example, the actual full record here. So you can see there is that mixture of actual like US information, but it's all attributable to that email. That was a pivotal finding. So we're able to verify that. You can see those last four digits of an actual credit card number associated with that. We can go over to the graph here. And I'm gonna kind of orient this here in a certain layout. And I am going to actually go down here. Gonna hide this legend. Go down here to our data table. I'm gonna actually look for this email. Remember that email that began with Scott? So here is that information. This graph is showing up all the connections that we found. So again, in an effort to kind of verify, like, what's the relevance of this? Let's pull on this here. And you can see there is this connection right here to XSoul. XSoul is now connecting to other identities here. Let me kind of toss this up here, bring this down. Oh, look at this. XSoul directly connects to our parent selector, which is our email of Doctor. Instruments. So you're able to see that connection there, Taylor? Yeah. So somewhere along the line, Mr. Aji compromised this Yahoo account belonging to a true US citizen. So without any further questions here, Taylor, I can turn the ball back over to you if you want it. Sure. I'll run through the last few slides and as questions come in to kind of put it all together and what to do next. So let me just share. That was just one example of one case that's more offensive looking for unmasking a ransom actor. I think for everybody in this call, kind of putting it all back together, you start with the question, you get the answer. This is more offensive nature, but think of all the questions you're answering on a daily basis, all the alerts that are going off, all the questions, everything internally you're working to actually try to cover threats and also prevent any follow on attacks. That's where the agent shines. You ask the questions in the way you talk. You saw the way that Duncan really wrote the prompts, add clarification, add context. You control that. We'll offer tips for how to write the proper prompt and how and this one's actually only for one email, but you can include multiple assets. If Duncan had a few emails and a phone number and IP, put it all together. Whatever clues you have, the agent works well with. And then the agent plans the right investigation based off the threat it's determined you're trying to solve. And as you saw in the demo, IDLink and all the analysis runs automatically in the background. It finds all these hidden connections that have been exposed from over the past decade in the criminal underground and connects all these aliases, all the exposure history, to the answers your teams need, and then you control how to get the answer. If you need a recommendation, a table of records, a conclusion, whatever your answer is, the agent kind of supports you. We really feel it gives your teams this unfair advantage against cybercrime. But a few things to note, the agent is very, very powerful, but it's not meant to replace your team and your analysts. We wanna augment and accelerate the investigations you're doing on a daily basis. As you can see, some things it's very good at. The agent can run searches automatically across many asset types all at once. Duncan showed off sixteen starting point of data assets. You could use all those for a very powerful investigation. At machine speed, it filters, scales, and normalizes all the data to help you understand the picture and the connection of the analysis. And with this one threat actor, all the hidden connections, all the leads, it finds it almost immediately within SpyCloud's database. And then you can take these findings into whatever your report or answers might need. But there are some things to keep in mind with the agent as well. Yeah, that's a good point, Taylor. This is, as Taylor said, not designed to replace the investigator, replace the analyst. It is an LLM that's reasoning. I strongly suggest that you verify the output and as you saw that Taylor and I illustrated, you can verify that output as we saw the connections one particular email that went all the way back to our parent email of our investigation. It's not gonna take actions beyond the data set, but you certainly can ask it of what type of actions you should take beyond of course, outside the data, which we did. And it's not gonna replace the good judgment of an investigator because after all, the seasoned analyst, the seasoned investigator, they're seasoned for a reason. So it's gonna provide you information, but you ultimately make the call. That's right. And if we had more time, we'd show off more examples of all the different use cases for Spy Cloud investigations. Whatever teams you're running internally, we have an offering for you. Your threat intel, security operations, fraud and risk, stress and safety, the SaaS interface is so easy to use for whatever team you have, whatever level analysts you currently have within your organization. That was an attribution case, but the agent and the data is so powerful for all of these use cases. Everything from fraud rings, insider threats, platform abuse, supply chain exposure, know your customers, infected hosts, whatever the case you have, SpyCloud investigations will help you get to the answer. So afterwards, if you wanna set up more time to dive through these use cases for your domain, reach out to us. But it's a very powerful solution for analysts of all skill levels, not just offensive use cases, but protecting your workforce, protecting your consumers, validating exposures across your third party ecosystem, whatever use case, SpyCloud investigations is the best fit. If you go to our website, we have more information. We have the SpyCloud demo center, which will show more interactive guides for this solution along with all the other products we offer, but also SpyCloud Docs. Docs.SpyCloud.com has example investigations, user guides, prompting tips, really more hands on guides for how to really understand and analyze data and really help you stop the threats facing your business. Check those out on the website. But more importantly, thank you. We have time for more questions. We'd love to kind of share more about the Research Agent and all the ways it can help your team. We will be at Black Hat in just a few weeks to see the agent hands on. But if you want to schedule a personalized demo again for your domain, your employees, your customers, reach out to us. But let's wait for a few more questions and make sure you've learned everything you want to about the Research Agent in SpyCloud. Hey Taylor, I should probably shout out that I'm actually gonna be at Black Hat. So I would love to see you all stop by the SpyCloud booth and we can go look into the Research Agent in a more intimate setting should you wish. I encourage you all to show up and come by. I'd love to meet you all. It's gonna be fun. I think one thing we didn't cover earlier, Duncan, I mentioned the SaaS deployment. I know for a lot of these use cases, a lot of customers really use the API and really working with the OSINT data. So how would that kind of work for some of these larger teams who wanna combine the datasets? Yeah, that's a good point. As I spoke earlier, we have the RESTful API that's gonna integrate. We also on the roadmap have a way of connecting via API to an MCP so that you can actually do similar type of investigative work, whether it be offensive or defensive. So, we pretty much have everything covered when it comes to being able to integrate with some of the existing tools, as I mentioned, with companies. Wonderful. So many ways to get started. Many ways for both protecting your workforce or hunting down bad actors. If there's no further questions, I think we'll see you at Black Hat. Come to our website, book some more time into demos, and give Research Agent a try. So, Duncan, thank you for walking through one of the cases that you earned the hat and locked up a bad actor. Thank you all for joining. You can check out SpyCloud.com for more information. Thank you all.
Key takeaways
- Why investigations are evolving: See how identity-based threats, stolen data, and increasingly complex attack chains are changing the way security teams investigate and respond.
- What makes Research Agent different: Learn how Research Agent combines over a decade of recaptured identity data from the criminal underground with investigator tradecraft to deliver analysis grounded in real-world cases.
- Practical investigative use cases: Go beyond the obvious. See how analysts use the Research Agent to uncover hidden relationships, connect disparate data points, investigate threat actors and infrastructure, and rapidly answer complex investigative questions that would otherwise take hours of manual work.
- How to get the most from AI-powered investigations: Get practical guidance for prompt creation, validating findings, and integrating Research Agent into your existing workflows while keeping analysts in control.
Check Your Exposure
See your real-time breach exposure details powered by SpyCloud data.