Announcing RUNWAY, our first security conference. September 29, San Francisco. One day, an intimate group of security practitioners, and real talks about where security ops is headed. Early bird reg is open now 👇 runway.runreveal.com/

Watch how RunReveal's AI investigations works in our newest video. See the full lifecycle: detection firing -> AI triage investigation -> contextualized alert...without you having to lift a finger. More importantly, learn how this scales into an AI SOC: every custom detection you build gets the same automated investigation layer. Check it out 📽️

The "AI SOC Analyst" is a band-aid on a broken leg. A ton of security startups are dropping autonomous agents into legacy SOC queues to speed up triage. It’s a waste of budget. You are just optimizing a workflow that shouldn't exist in an AI-native world. Think about factory electrification in the 1920s. Early factories just swapped massive steam engines for large electric motors and saw zero productivity gains. It was only when they threw out the blueprints, put tiny motors at individual workstations, and changed the floor layout that productivity skyrocketed. Cybersecurity is stuck in the steam era. Legacy SIEMs force you to pay an insane markup on basic data storage while your team wastes finite engineering cycles tuning noisy alerts. The future isn't a faster SOC. It's a decentralized security data lake. New platforms like @RunReveal and @scanner_dev are cutting out the middleman by running directly on top of cheap infrastructure like S3 and ClickHouse. Meanwhile, tools like @cotoolai are perfecting the AI blue-team application layer. The real win here isn't autonomous code remediation; it's fixing the tuning loop. Most alerts are false positives. When an alert hits, tools like RunReveal can run an immediate background investigation, auto-close the noise, and hand the human generalist the exact context needed to tune the rule in seconds. You don't need a dedicated SOC or an army of analysts anymore. You need elite data infrastructure and software that lets a single generalist focus on outcomes, not implementation details. open.substack.com/pub/frankl…

A look at RunReveal's new Threat Hunt agent: An autonomous workflow that takes inventory of your log sources, audits your detection coverage, hunts for gaps in your data, and ships you a report with recommendations youtube.com/watch?v=bMkM1SjQ…

Excited to share that RunReveal was named a User Reliability Leader in the Latio 2026 Security Operations Market Report. 🎉 The report is worth reading regardless of us being in it. It's one of the clearest breakdowns of where the SOC and SIEM market is headed. The fact that we're in it as a recognized platform makes it a little more fun to share! Check out the full report here: latio.com/downloads/2026-Lat…

We're excited to be part of @ClickHouseDB's inaugural House Mates partner cohort, announced last week at Open House. RunReveal is one of 25 ISV partners in the program, alongside dbt Labs, Fivetran, Confluent, Grafana Labs, others. If you're building on ClickHouse and need a security data layer, we'd love to talk.

AI SOC is everywhere. The token economics aren't talked about enough. We ran the numbers. Here's what we found: - ~$2/alert on Sonnet - ~90 seconds per investigation - 100 alerts = ~$200 and 1 hour vs. days of analyst time Worth reading if you're thinking about the build vs. buy vs. automate question in D&R. blog.runreveal.com/ai-soc-in…

RunReveal is a proud sponsor of @ClickHouseDB Open House! We're excited to meet other ClickHouse users, share with them how we use ClickHouse to power RunReveal, and meet fellow techies in SF. (And don't miss @Caust1c 's talk!) May 26–28, 2026 | Convene, 100 Stockton St, San Francisco

New in RunReveal: search raw logs directly from any S3-compatible object storage bucket 💥 No ingestion required. Query it like any other table. Works with our AI agent out of the box. blog.runreveal.com/search-s3…

Our very own @Caust1c is speaking at @ClickHouseDB's Open House conference next week May 26-28! Alan is sharing insight into how the team at RunReveal has operated ClickHouse across Cloudflare, Segment, and now a purpose-built security data platform handling petabyte-scale event logs. His session covers a decade of real schema decisions, operational lessons, and a technical breakdown of why ClickHouse's architecture outperforms legacy approaches for security analytics at scale.

If your SIEM isn't: - Giving you free filtering - Automatically investigating your alerts with an AI agent - Allowing you to enrich your alerts with other tools - Enabling you to make your own AI agent - Capable of running in your VPC ...it might be time to take a look at RunReveal 👀

💥 Pipelines just got more powerful 💥 RunReveal now lets you selectively route logs to object storage destinations; instead of sending everything everywhere, you can match specific log sources and send only what you need to where you need it. This is part of a bigger vision: one platform where your data pipelines, detections, and investigations all talk to each other — without the compatibility headaches. Check out the full walkthrough on the blog 👇 blog.runreveal.com/pipelines…

This is a very good idea luma.com/s40m3fxc @RunReveal hosting a "play against a Chess grandmaster" for their #RSAC2026 booth

@NVIDIAGTC starts tomorrow. Find Docker at Booth 3207 and at the Docker @ClickHouseDB @RunReveal RunReveal meetup - March 16, 7:30 PST. Stop by and bring your hardest AI infrastructure questions! See you in San Jose. Register for the meetup here: luma.com/xoq2dz0l

We're co-hosting a rooftop after party for BSidesSF 2026 with @RunReveal, @csideai, @tracebit_com, and @SocketSecurity. March 22. SF. 250 people, no pitches, good vibes. RSVP required 👇

RSA week is almost a month out! 🔐 Find us at Booth #2337, South Hall all week. We've also got events on Sunday Tuesday worth checking out: 📍 Sunday rooftop after party → luma.com/s9qdxmxm 📍 Tuesday Nacho Party Security happy hour → luma.com/x1vmddgr?utm_source… Come say hi 👋

Security teams have a data hoarding problem — and it's not their fault. When you never know which log will matter, you collect everything. When you collect everything, you need to store it for sometimes over a year for compliance reasons. When you potentially store years of data, you need it to be searchable in seconds during an incident. The two solutions most teams reach for — heavy indexing or splitting data across S3/Athena/BigQuery — both create new problems. Costs spike, stacks get fragmented, and investigations slow down. What does @ejcx_ think the real path forward is? Simplifying your stack, understanding your actual business risks, and recognizing that fast search and cheap storage will always be a trade-off. (And anyone promising both is probably hiding something!)

Security teams shouldn't have to choose between coverage and cost. @lumosidentity didn't. Full-stack coverage across cloud, product security, and detection & response — logs flowing in two days, AI handling triage, broader detections without the noise. Read about their journey here: runreveal.com/case-studies/l…

The worst time to meet your legal team is during an active security incident. @ejcx_ walks through 3 free steps to prepare for your next incident (that don't require any budget): → Build relationships now → Create your response plan → Align on transparency blog.runreveal.com/prepare-f…