Miles Jamison 
- SpyCloud has launched an AI-powered investigation agent designed to accelerate cybercrime and threat intelligence analysis
- SpyCloud Research Agent enables analysts to conduct investigations using natural-language queries
- The AI investigation tool can analyze diverse data types, including emails, domains, IP addresses and device identifiers
SpyCloud has launched SpyCloud Research Agent, a conversational artificial intelligence investigation tool designed to help cyberthreat intelligence analysts, security operations center teams, fraud investigators and incident response leaders accelerate cybercrime investigations.
SpyCloud is a sponsor of the 2026 Intel Summit on Sept. 24, where intelligence community leaders and industry partners will discuss the role of AI, cyber capabilities and data-driven technologies in modernizing intelligence operations. Register today.
What Does SpyCloud Research Agent Do?
The Austin, Texas-based company said Wednesday the AI investigation agent is now available through SpyCloud’s Cybercrime Investigations console and is designed to help users investigate subjects, hypotheses or groups of assets. According to the company, Research Agent can plan investigations, sequence pivots and return findings in formats such as narrative summaries, tables, timelines or prioritized escalation recommendations.
The agent works with natural-language prompts and can analyze mixed asset batches, including emails, domains, IP addresses, usernames and machine identifiers.
How Does Research Agent Operate?
Research Agent leverages SpyCloud’s repository of more than 1 trillion recaptured identity assets sourced from infostealer malware logs, phishing kits, combolists and data breaches to automatically correlate fragmented identity signals during every investigation. Built on the expertise of SpyCloud’s cybercrime investigators, the AI-powered tool begins by linking related credentials, devices, domains and exposure data to establish investigative context. It then applies expert-level reasoning to determine relevant investigative paths before delivering findings in formats such as narrative reports, timelines, tables or prioritized recommendations for analysts.
In a LinkedIn post, Phil Fuster, vice president of federal sales at SpyCloud, said Research Agent combines conversational AI with the company’s recaptured criminal-underground intelligence and investigator tradecraft to help analysts connect disparate data points and accelerate cybercrime investigations.
“Analysts are connecting fragments, following threads, validating relationships, and trying to move from a single data point to an actionable conclusion as quickly as possible,” said Fuster. “When AI is paired with the right data and the right investigative expertise, it can help teams move faster without taking analysts out of control,” he added.
How Does It Fit Into SpyCloud’s Platform?
Research Agent builds on SpyCloud’s previous Cybercrime Investigations capabilities, including IDLink, an automated digital identity correlation engine, and AI Insights, which generates exportable identity findings reports.
SpyCloud said the new agentic layer adds planning and investigative automation intended to help analysts connect data points and produce finished intelligence more quickly.
Research Agent builds on SpyCloud’s broader identity threat intelligence platform. In June, the company expanded its partnership with Okta through integrations that use SpyCloud’s repository of more than 1 trillion recaptured identity assets and its IDLink correlation technology to automate identity threat detection and response.
