SpyCloud Launches Groundbreaking Cybercrime Investigations Research Agent

New AI-powered investigation agent combines 1+ trillion recaptured assets with decades of SpyCloud investigative tradecraft, enabling CTI teams to go from initial indicator to finished intelligence in minutes

AUSTIN, Texas, June 24, 2026 (GLOBE NEWSWIRE) -- SpyCloud, the leader in identity threat protection, today announced the launch of SpyCloud Research Agent, a transformative, conversational AI investigation agent now available in its Cybercrime Investigations console.

Traditional cybercrime investigations have a tax: hours of manual pivot work that experienced analysts run by instinct and junior analysts struggle to replicate. SpyCloud Research Agent eliminates it. Security practitioners – CTI analysts, SOC teams, fraud investigators, and IR leads – can now give the agent a subject, a hypothesis, or a batch of assets, and it plans the investigation, sequences the pivots, and returns finished intelligence in the time it used to take to open a new tab.

Research Agent operates directly on SpyCloud’s recaptured identity intelligence – more than 1 trillion assets from infostealer malware logs, phishing kits, combolists, and breaches – and triggers holistic identity correlation across fragmented signals automatically, in every interaction. The tradecraft encoded in Research Agent comes from SpyCloud’s decades of elite in-house cybercrime investigators, including former Federal agents and intelligence operatives.

"There's a real and valid concern in this industry about AI tools that return confident-sounding answers with nothing behind them,” said Damon Fleury, SpyCloud’s Chief Product Officer. “We built SpyCloud Research Agent to be the opposite of that. Every finding is grounded in verified recaptured intelligence – specific records, traceable provenance, reasoning you can audit. This agent combines our proprietary identity correlation, decades of veteran tradecraft, and the enhanced analytics and linguistic capabilities of the leading edge frontier AI models. Analysts aren't just getting faster answers, they're getting much more complete ones.”

How SpyCloud Research Agent Works

SpyCloud Research Agent operates across three layers on every investigation.

1. Investigative context: It starts with SpyCloud’s data, automatically connecting related identity artifacts, infected machines, credentials, domains, and exposure data to offer up-front context
2. Expert-level reasoning: Before retrieving a single record, it plans: reasoning about the user’s goals, deciding which pivots are worth running, and sequencing the investigation the way a senior analyst would.
3. Analyst-ready outputs: It returns findings in whatever format the investigation requires – a narrative summary, a table, a timeline, or prioritized escalation recommendations.
   
   

Unlike tools that return data and leave interpretation to the analyst, SpyCloud Research Agent thinks through the investigation before it responds. The agent accepts natural-language prompts or mixed batches of assets – emails, domains, IPs, usernames, machine identifiers – and correlates across all of them simultaneously, returning a picture of the scenario rather than a series of disconnected lookups. If an input is ambiguous, it asks a clarifying question rather than guessing. Analysts can ask it to explain its reasoning and cite the specific records behind any finding, grounding every conclusion in verified exposure evidence.

Throughout the analysis, the Research Agent loads all analyzed data directly into the console interface. The investigator can see all the data being analyzed, allowing for the provided analysis to be easily reviewed and confirmed.

What SpyCloud Research Agent Delivers

• Skip the query syntax, describe the investigation – Submit a threat actor alias, a suspicious domain, or a batch of compromised emails in plain language along with your high-level question when you need narrative interpretation. Research Agent interprets intent and launches the investigation.
• Empower every analyst to operate at a senior level – Research Agent knows which pivots matter for which threat types, what patterns signal criminal activity, and how to distinguish meaningful connections from noise – because SpyCloud's decades of elite investigative tradecraft is encoded in every response. All analysts run the same investigation quality as your most experienced ones.
• Get the full identity picture, not a partial one – Every Research Agent interaction automatically triggers holistic identity matching, surfacing personal accounts, old usernames, device records, and criminal infrastructure ties without a separate pivot step. Typical result: 8× more identity records, 14× more plaintext passwords, 5× more linked emails, and 2× more malware infections versus exact-match queries alone.
• Investigate a threat scenario, not a list of lookups – Submit a collection of assets at once and the Research Agent treats them as a connected threat scenario, correlating across all inputs simultaneously.
• Evidence behind every finding – Every conclusion traces directly to the specific recaptured records that support it, so analysts can validate findings, brief stakeholders, and act with confidence.
• An investigative partner, not a search tool – Research Agent maintains context across the full session, so analysts can refine questions, pursue new leads, and build on prior findings without starting over.
  
  

“For years there has been a huge gap in cybercrime investigations – the time and expertise required to turn seemingly disparate data into answers,” said Jason Lancaster, SpyCloud’s Chief Investigations Officer. “Criminals fragment their identities deliberately, counting on tools to treat every artifact in isolation. SpyCloud Research Agent closes that gap – sequencing the pivots a seasoned investigator would run, applying tradecraft developed over decades of real cases, and returning finished intelligence before the investigation loses momentum.

The Evolution of SpyCloud Investigations

SpyCloud Research Agent is the latest in a series of major enhancements to SpyCloud Cybercrime Investigations.

SpyCloud first introduced IDLink, the automated digital identity correlation engine that expanded investigation results to include identity data correlated across shared usernames, emails, passwords, and PII – delivering a holistic digital profile from a single search query.

SpyCloud then added AI Insights – enabling one-click generation of exportable Identity Findings Report that translates raw investigation data into finished intelligence for stakeholder delivery.

SpyCloud Research Agent completes the trilogy – adding the agentic investigation layer that plans, pivots, and investigates on the analyst’s behalf.

To learn more about SpyCloud Cybercrime Investigations with Research Agent, register today for a live webinar tomorrow, June 25 at 10am CT: How SpyCloud’s Research Agent Closes Cases in Minutes, Not Hours.

About SpyCloud

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions use advanced analytics and AI to accelerate investigations and protect workforce, consumer, and supplier identities from the threats that matter most: authentication bypass, session hijacking, malicious insiders, account takeover, ransomware, and fraud. Its data from malware-infected devices, successful phishes, combolists, and third-party breaches also powers many popular dark web monitoring and identity theft protection offerings. Customers include 7 of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 250 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company's exposed data, visit spycloud.com.

Contact Us
Emily Brown
spycloud@req.co
REQ on behalf of SpyCloud

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.