Most of the RSAC 2026 coverage has focused on pure-play cybersecurity vendors. Booz Allen Hamilton deserves a separate look, because what it brought to the Moscone Center this week is not a consulting firm's attempt to package services as software. It is a product suite built on a threat intelligence corpus that commercial vendors cannot easily replicate: decades of working inside the networks that state-sponsored actors most want to compromise.
The Speed Argument
Booz Allen anchored its RSAC launch to a specific number from its new threat report, "When Cyberattacks Happen at AI Speed." In 2025, the average breakout time from initial access to lateral movement capability dropped to under 30 minutes, with some cases measured in seconds. Compromising an enterprise boundary, a process that once took weeks or months, can now take minutes.
That number is not marketing language. It reflects a documented shift in adversary tooling. The same report called out specific examples from 2025: VILLAGER, an AI-native penetration testing tool built on DeepSeek v3 carrying over 4,000 exploit prompts, and CVE-GENIE, which by January 2026 was reproducing over half of all Common Vulnerabilities and Exposures as working exploits using chained AI models. These tools are removing the technical skill barrier for sophisticated attacks while simultaneously compressing the time available for detection and response.
The core argument Booz Allen is making with Vellox is that defensive architectures designed for human-speed threats cannot keep pace. The response cycle of triage in hours, remediation in days, and patching in weeks was built for a different adversary. Vellox is positioned as the infrastructure to close that gap.
Five Products, Three Stages of Availability
The Vellox suite launched at RSAC with five products spanning three availability stages, each addressing a distinct phase of the threat lifecycle. The architecture covers the full operational cycle: analyze the threat, detect it in your environment, simulate it before it arrives, stay compliant continuously, and remediate autonomously once it is found.
Vellox Reverser is the only product currently in general availability. It automates malware reverse engineering and threat intelligence analysis. The traditional alternative requires skilled reverse engineers to manually disassemble malicious code, a process that can take hours or days depending on the sample's complexity. Reverser is designed to deliver analysis in minutes, producing actionable defensive recommendations that a security operations team can act on before the attack has moved beyond its initial foothold. The training data behind the detection models is drawn from Booz Allen's operational work on actual federal and commercial incidents, not from public malware repositories alone.
Vellox Ranger is in limited preview and handles detection engineering. It autonomously maps an organization's environment to surface and block adversary activity, with a stated goal of reducing dwell time and cutting false positive alert volumes. The false positive problem in security operations is not trivial. Analyst teams that spend their time chasing noise cannot respond to real threats at the speed the threat now requires. Ranger's autonomous mapping approach attempts to build a baseline of normal behavior from which genuine anomalies are more accurately distinguishable.
Vellox Striker is also in limited preview and operates on the offensive side of defense. It emulates the AI-powered adversary, allowing security teams to assess their defensive gaps against realistic attack simulations before a real attacker finds them. The adversary emulation use case is not new
