Research
A SOC that cannot describe how it measures itself is a SOC nobody can audit. This page is the methodology — the eval scaffolding, the coverage frames we work against, the research areas we publish into, and the disclosure posture for vulnerabilities and AI failures.
Eval methodology
Eval before numbers. The set is in version control before the detection ships, and CI gates promotion. When customer telemetry is in production, the same scaffolding produces continuous metrics — published in the customer’s own quarterly business review.
Every detection ships with positive cases (real attacker behavior, recorded or synthesized) and negative cases (benign-but-suspicious activity that has fooled past detections). Cases are stored alongside the detection, in git, with attribution.
Promotion to production requires the eval to pass in CI. We track precision, recall, false-positive rate, and runtime cost on every change. A regression on any of these blocks merge until the regression is owned.
Once live, the same scaffolding produces continuous quality metrics on real customer telemetry. Drift is detected, attributed, and either fixed or accepted with documentation.
Misses, late detections, and customer-reported gaps become new eval cases. The set grows monotonically; the bar rises as the customer base grows.
Coverage frames
Coverage gaps are tracked as backlog items. We publish which taxonomy a detection is mapped to, and the gaps are visible in the eval set itself.
Enterprise behavior coverage: initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration, impact.
Adversarial AI behavior: reconnaissance against AI systems, ML supply chain compromise, prompt injection, model evasion, model and data poisoning, exfiltration via inference, agent goal-hijack.
LLM-specific risk classes: prompt injection, sensitive disclosure, supply-chain risk, data and model poisoning, improper output handling, excessive agency, system-prompt leakage, vector and embedding weaknesses, misinformation, unbounded consumption.
Known-exploited vulnerabilities and exploitation likelihood folded into the same risk model that drives detection prioritization and remediation order.
Research areas
The research function exists to push the eval set forward. Every public artifact maps to a detection, an open-source tool, or a documented threat-model gap.
Indirect prompt injection vectors, tool-call abuse patterns, MCP/plugin scope drift, RAG poisoning, embedding attacks, agent goal-hijack across multi-step plans.
Reachability modeling for KEV-listed flaws, EPSS calibration on real customer telemetry, compensating-control efficacy when patch windows slip.
Privilege escalation paths through OAuth grants, service accounts, CI/CD secrets, and SaaS admin events. We publish the graph patterns we hunt against.
Open detection content, eval set design, and Sigma/KQL/SPL/eBPF patterns we believe should be table stakes — released to the community when they land.
Coordinated disclosure
Publication serves defenders. We coordinate with affected vendors and CISA before disclosure, and we ship a working detection alongside every public advisory.
Read the disclosure policyWe coordinate with vendors, customers, and CISA before publication. We do not run the press cycle ahead of the patch.
We work with CNAs to assign CVE identifiers for findings against named products. Customer-specific findings stay private.
Every public advisory ships with a working proof-of-concept and a detection rule. Defenders should not have to take our word for it.
Reading list
The blog is the public face of the research function. Posts are evergreen and updated as the threat model moves.
See the full blogThreat model and instrumentation map for production agent systems.
Exploit-aware ranking using CISA KEV and EPSS, with detection prioritization tied in.
Identity, cloud, and AI as one attack surface — and what the operating model has to enforce.
Talks and venues
We submit to venues where the audience can challenge the work. Accepted talks are listed here with slides and recordings as soon as the venue publishes them.
Researchers, CTI partners, and CNA-affiliated teams can reach the research function at research@ironsoc.com.
