Blackpoint launches AI tool to halt identity attacks
Thu, 9th Jul 2026 (Today)
Blackpoint Cyber has launched an autonomous response tool for identity-based cyber attacks. The product is generally available for Microsoft 365 and Google Workspace environments.
The Blackpoint AI SOC Agent for Identity Threat Detection and Response can contain credential-based attacks in less than two minutes on average, and in as little as 21 seconds.
Identity security has become a growing focus for cyber defenders as attackers increasingly use stolen or compromised credentials to access cloud services, email systems and broader corporate networks. Blackpoint cited Microsoft data showing a 32% increase in identity-based attacks in the first half of 2025.
The tool is aimed at managed service providers and their clients, a segment that has drawn increased attention from attackers because a successful breach can open access to multiple customer environments at once. Scripted lateral movement through cloud management tools can put dozens or even hundreds of end clients at risk in a single operation, according to Blackpoint.
How it works
The system uses what Blackpoint describes as a hybrid AI and human model. It acts only on high-confidence threats affecting Microsoft 365 and Google Workspace accounts, while incidents outside those thresholds are escalated to human analysts.
Blackpoint said the AI SOC Agent was trained on years of security operations center analyst decisions, forensic evidence from hundreds of breaches and telemetry from nearly a million protected accounts. Additional background from the company said the model was developed over more than three years and tested alongside human analysts before it was allowed to take autonomous action.
When the system identifies a threat that meets its confidence threshold, it can suspend an account, force a password reset, disrupt active sessions and record the reasoning behind its action. The model continues to retrain on analyst decisions as it processes incidents, Blackpoint said.
Blackpoint argued that this approach differs from the wave of AI assistant products entering the cyber market because the system is designed to take direct containment action rather than simply help an analyst investigate. It added that human oversight remains part of the operating model.
Market pressure
The release comes as security vendors race to add more automation to defensive tools in response to faster and more frequent attacks. Identity has become a key battleground because attackers can often blend malicious activity with normal user behaviour after obtaining valid credentials.
Blackpoint cited Verizon's annual data breach report in saying credential misuse was the leading cause of breaches in 2025. During that year, it said, the company disrupted a compromised cloud account every 18 minutes on average.
For managed service providers, the economics are acute. They are under pressure to monitor a growing number of client environments without increasing staffing at the same pace, while still responding quickly when accounts are compromised outside office hours.
The new identity response tool is included across all ITDR service tiers at no additional cost. That pricing choice suggests Blackpoint is using the product to strengthen the appeal of its broader managed security services rather than sell it as a separate premium layer.
Gagan Singh, Chief Executive Officer of Blackpoint Cyber, set out the company's position on the role of automation in cyber defence.
"When vendors or the market talk about AI replacing the SOC, our answer is that our SOC is a big reason that AI works in cybersecurity. The threat is already agentic. The near-future adversary will operate without human direction at a scale we have never seen, and the same AI empowering defenders is being used to create novel threat vectors. Our Agent was informed by our SOC, staffed by former NSA, DIA, and CIA operators, and aided by their judgment. The boundaries were set by them. The AI acts faster, but the human judgment secures the outcome and always will," said Singh.
The company's position reflects a wider debate in the cyber industry over whether AI should remain a decision-support tool or move into direct operational response. Vendors have increasingly promoted automation as a way to cut alert fatigue and reduce response times, but many security teams remain cautious about handing over live containment decisions without strict controls.
Blackpoint said its system was validated before deployment and continues to be validated so that only threats meeting its confidence standards are handled autonomously. Anything beyond those boundaries is sent to a human analyst with the system's reasoning attached, it said.
Sean Furman, President of STF Consulting, described how Blackpoint's security operations support has worked for his business.
"Over the past five years, Blackpoint's SOC has been a trusted extension of our team. Every minute matters when protecting our clients from today's cyber threats. The combination of Blackpoint's AI and security analysts gives us confidence that we're staying ahead of the growing volume of attacks," said Furman.