Blog

Recent
AI Detection & Response

From Shadow AI to Detection and Response: Closing the Visibility Gap at Machine Speed

AI workloads are dynamic, abstracted, and deeply embedded into modern applications, making them hard to track with traditional security tools. This creates a growing “shadow AI” problem where models, agents, and tools operate without oversight. Our AI workload discovery solves this by continuously analyzing cloud-native logs and runtime signals to identify all AI components in your environment—including hosted services, models, tools, and MCP servers. Each component is correlated to the workload executing it, the identity behind it, and its behavior over time. By baselining this activity, security teams can quickly spot anomalies such as new models, unauthorized integrations, or unusual usage patterns. More importantly, this visibility feeds directly into detection and response, enabling full attack storylines that include the AI layer.
Stream Team
Stream Team
Apr 27
min
Clear
All posts
Cloud Detection & Response
Popular
Highlights
CDR
CloudTwin

Stream Security Expands Beyond Cloud-Native: Full Hybrid Cloud Visibility with VMware, NSX, and On-Prem Network Support

The cloud security industry has a blind spot , and it's hiding in plain sight. Most cloud detection and response solutions were built for one world: public cloud. AWS, Azure, GCP. Clean APIs, structured logs, well-documented services. But that's not the world many enterprises actually live in. The reality? Your attack surface doesn't stop at your cloud boundary. Workloads run on VMware. Traffic routes through on-prem to cloud, And adversaries know that the seams between environments are where detection falls apart. Today, we're closing that gap. Stream Security now delivers full attack path analysis and runtime threat detection across hybrid cloud environments, starting with VMware (including NSX), on-premises routers, and network infrastructure.
Stav Sitnikov
Stav Sitnikov
Apr 14, 2026
3
min
Cloud Security
Popular
Highlights
AI SOC

Axios Compromised: The 2-Hour Window Between Detection and Damage

Hours ago, axios - one of the most popular npm packages with 60M+ weekly downloads - was compromised. Malicious versions dropped a multi-platform RAT with anti-forensic cleanup. This is the second major supply chain attack in a week, days after TeamPCP's Trivy/LiteLLM campaign. The CI/CD scanner side of this story is well-documented. This post is about what happens after the malware runs - because that's where most organizations actually fail.
Petr Zuzanov
Petr Zuzanov
Mar 31, 2026
min
Cloud Security
Popular
Highlights
No items found.

TeamPCP's LiteLLM Takeover: A Cascading Supply Chain Attack Across Five Ecosystems

TL;DR: A single compromised CI/CD token cascaded into the largest multi-ecosystem supply chain attack of 2026 - hitting GitHub Actions, Docker Hub, npm, OpenVSX, and PyPI in under a week. LiteLLM - one of the most widely deployed AI/ML packages in cloud environments - was among the targets. Here's the full attack chain, what the malware does, and how to detect it in your cloud infrastructure.
Petr Zuzanov
Petr Zuzanov
Mar 31, 2026
6
min
AI
Popular
Highlights
AI SOC
CDR

Stream Security Now Supports OpenAI Platform Audit Log Ingestion for Comprehensive AI Control-Plane Threat Detection

Stream Security now supports native ingestion of OpenAI Platform audit logs, extending real-time threat detection and response to your AI control plane. Security teams gain immediate visibility into sensitive administrative activity across OpenAI Platform Organizations including API key lifecycle events, service account creation, identity and role changes, project configuration updates, and security control modifications like IP allowlists and SCIM. The integration is agentless, easy to enable, and provides out-of-the-box detections so teams can investigate and respond faster from a unified cloud security platform.
Asaf Haski
Asaf Haski
Feb 24, 2026
4
min
AI
Popular
Highlights
AI SOC
CloudTwin
CDR

The Hidden Fragility of Autonomous AI Systems

AI oversight collapsed in steps as systems became "good enough." We got speed but lost resilience. Errors now accumulate silently and surface after dependencies compound. Adding more AI to the SOC accelerates this problem. The fix is architectural: a continuously updated model of your environment that knows what's true now.
Or Shoshani
Or Shoshani
Feb 6, 2026
5
min
Cloud Detection & Response
Popular
Highlights
CDR
CloudTwin

Why CrowdStrike’s CDR Announcement Solves the Wrong Problem Faster

CrowdStrike’s latest announcement around “real-time Cloud Detection and Response” is an important signal. It confirms what the market already knows: cloud security can no longer tolerate multi-minute blind spots. Enabling detections inline, before logs are written to the database, is objectively and definitely progress. It means that detection is no longer dependent on storage or ingestion delays. ‍
Or Shoshani
Or Shoshani
Jan 30, 2026
5
min
Cloud Security
Popular
Highlights
No items found.

Invisible Kubernetes RCE: Why Nodes/Proxy GET is More Dangerous Than You Think

TL;DR: A recently disclosed Kubernetes authorization bypass allows attackers with nodes/proxy GET permissions to execute commands in any Pod across the cluster - and standard Kubernetes audit logging won't capture it. Here's what you need to know and how to detect it.
Petr Zuzanov
Petr Zuzanov
Jan 28, 2026
5
min
Cloud Detection & Response
Popular
Highlights
CDR
SIEM

Your SIEM Sees the Logs. It Misses the Risk.

For years, SIEMs have been positioned as the “source of truth” for security operations. They ingest everything, correlate endlessly, and alert loudly. And yet, they consistently miss the most critical signal in modern cloud attacks: configuration change impact.This blog walks through how Stream.Security closes the gaps and turns config changes into impact-aware detections. ‍
Stav Sitnikov
Stav Sitnikov
Jan 12, 2026
4
min
Cloud Security
Popular
Highlights
AI SOC
AWS
CDR
CloudTwin
Disaster Recovery

Is Your SOC Team Ready to Pass Cloud KYC?

If you don’t know your cloud, you can’t secure it. Alerts and AI don’t help much without real context. “Know Your Cloud” (KYC) is about understanding what you actually have, who and what can access it, and what could go wrong. Get that right, and detection makes sense, AI gets smarter, and response gets better.
Stream Team
Stream Team
Dec 29, 2025
3
min
Cloud Detection & Response
Popular
Highlights
CDR

Stream Security Now Supports MongoDB Atlas Log Ingestion for Comprehensive Cloud Threat Detection

Stream.Security now supports native ingestion of MongoDB Atlas audit logs, extending real-time threat detection and response to the database layer. Security teams gain immediate visibility into suspicious database activity, including unauthorized access, privilege escalation, data exfiltration, and configuration changes correlated with full cloud context across AWS, Azure, and GCP. The integration is agentless, easy to enable, and delivers out-of-the-box detections so teams can investigate and respond faster, all from a unified cloud security platform.
Stream Team
Stream Team
Dec 15, 2025
2
min

What's new

Blog
From Shadow AI to Detection and Response: Closing the Visibility Gap at Machine Speed
Stream Team
News
Stream Security Wins “Trailblazing Cloud Detection & Response” Award at the 2025 Top InfoSec Innovator Awards
Stream Team
Upcoming event
Tulsa Oklahoma IT Symposium
All events >