Mallory Blog
Threat intelligence, security operations, and product updates from the Mallory team.
Latest Articles
The Real Change in BOD 26-04 Is Forensic Triage
CISA's new directive replaces fixed KEV deadlines with risk-based timelines. The bigger change: for the highest-risk vulnerabilities, agencies must now determine whether the asset was already compromised, within 72 hours.
Compromised Packages Drop Daily. Are You Running Any of Them?
From an overnight supply chain compromise to a scheduled audit of your own GitHub org. A live stream of compromised packages, an agent that checks whether you're running any of them, and a daily 6am email with the answer.
Mallory is now SOC 2 Type 2 certified
Our SOC 2 Type 2 examination is complete, less than 60 days after GA. The report is available to security teams under NDA.
VulnOps, Minus the Mythology
Vuln-ops gets talked about like a mythology. Here's what five minutes of it actually looks like in Mallory, from a Slack ping on Bleeding Llama (CVE-2026-7482) to on-demand Suricata rules.
Enhancing Cyber Situational Awareness with Mallory Stories
Cyber defense starts with situational awareness. Mallory Stories cluster millions of references into one coherent view, tailored to your environment.
Why I'm Backing Mallory
The Mallory team has built a modern cyber-security platform that sits at the intersection of AI-Native Operations and Exposure Management. Mallory's agentic capabilities serve several use cases, builders, and operators alike.
Mallory on Unsupervised Learning
Jonathan Cran joins Daniel Miessler on Unsupervised Learning for a full walkthrough of Mallory — from real-time threat stories and entity resolution to scheduled monitoring, asset context, and agent integration.
HD Moore on Delivering Value with Mallory
The runZero co-founder on how his team uses Mallory to get ahead of new vulnerabilities — often notifying customers before the first news article drops.
Announcing Decibel's Investment in Mallory
Decibel partner Dan Nguyen-Huu on the evolution of threat intelligence — from raw data feeds to contextualized, actionable insight delivered in the context of your environment.
Matt Johansen on AI Native Cyber Threat Intelligence
Longtime security practitioner Matt Johansen on why LLMs change everything for threat intelligence — from natural language queries to agents that act on intel autonomously.
John Sapp, CISO Texas Mutual: Where Mallory Fits
John Sapp runs dual managed services to triage alerts down to true positives. From there, Mallory is the force multiplier that enables his analysts to investigate deeply and respond fast.
Meet the Founder: Why We Built Mallory
Our CEO Jonathan Cran on the problem Mallory was built to solve: helping security teams figure out if they're affected and take action, fast.
Mallory goes GA: Introducing our AI-Native Threat Intelligence Platform
Today, we're launching Mallory, our AI-Native Threat Intelligence Platform built for exposure investigation. Here's why we built it, what it does, and what's next.
Introducing Mallory
We're excited to introduce Mallory, a stealth-mode startup focused on supporting security operations teams through high quality and operationally efficient cyber threat intelligence.
Stay in the Loop
Get the latest threat intelligence insights, product updates, and security research delivered to your inbox.