Customers
Why Mitiga
Request a DemoEmergency Assistance

Cutting-Edge Cloud Research. Real-World Cloud Defense.

Welcome to Mitiga Labs, our research and innovation arm dedicated to investigating emerging cloud and SaaS threats and advancing proactive response strategies to help security teams stay ahead of what's next in terms of security risks.

Explore our research

Top 10 Cloud Threats in 2025

MITIGA LABS TEAM | 00.00.25

Built for detection engineers, SOC teams, and cloud defenders, this guide is a must-read for anyone responsible for keeping modern environments secure.

Read Full Report

Purposeful Insights on the Cloud Security Frontier

Mitiga Labs is the research and development engine powering Mitiga’s threat intelligence and response strategies. Our expert team of cloud security researchers focus on emerging attack techniques, publish original findings, and help shape the future of proactive cloud defense.

Mitiga Labs doesn’t just observe the cloud threat landscape – we’re reverse-engineering it.

 Latest from the Labs

Explore the latest discoveries, deep dives, and technical how-tos from the Mitiga Labs team. Our research is dedicated to informing defenders and disrupting attackers.

CORSLeak: Abusing IAP for Stealthy Data Exfiltration

When people talk about “highly restricted” cloud environments, they usually mean environments with no public IPs, no outbound internet, and strict VPC Service Controls locking everything down.

RESEARCHERS

Ariel Kalman

Read More

From Rogue OAuth App to Cloud Infrastructure Takeover

In a recent incident response investigation, Mitiga uncovered a chilling attack that started with a single compromised email inbox and spiraled into a full-blown takeover of an organization's cloud infrastructure.

RESEARCHERS

Ucha Gobejishvili

Read More

How Threat Actors Used Salesforce Data Loader for Covert API Exfiltration

In the course of just one week, multiple organizations have gone public regarding a breach in their SaaS CRM application.

RESEARCHERS

Nir Varon

Read More

God-Mode in the Shadows: When Security Tools Become Cloud Risks

By the time the alarms go off, it’s often too late. A trusted third-party security tool, one that promised to protect your cloud and SaaS environments, has been operating with unchecked ‘god-mode’ privileges.

RESEARCHERS

Nir Varon,
Raviv Rachmiel

Read More

Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust

A major social engineering campaign by DragonForce hit UK retailers leading to ransomware deployment and data exfiltration. Mitiga Labs examines the attack and highlights where Zero Trust could have stopped it.

RESEARCHERS

Jed Morley

Read More

View More

Research Team

Austin Bollinger

Principal Incident Responder

Ariel Kalman

Senior Security Researcher

Ariel Szarf

Senior Security Researcher

Ariel Ainhoren

Head of Cloud Security Research

Gavriel Fried

Principal Cloud Security Researcher

Idan Cohen

Senior Cloud TDIR

Jed Morley

Senior Incident Responder

Nir Varon

Security analyst

Roei Sherman

Senior Director, Mitiga Research

Ucha Gobejishvili

Senior Incident Responder

Mitiga Helios Al

The next critical capability for Mitiga Al is here. Explore our new solution to automate alert triage and reduce SecOps workload.

Learn More

 Featured Videos

From Snowflake to Snowstorm:
Navigating Breaches and Detections
RSA CONFERENCE
Learn More
It’s Getting Real & Hitting the Fan 2025:
Think You See Me? No You Don't!
RSA CONFERENCE
Learn More
Cloud, Identity & SaaS Forensic
Investigation—Not What You Think!
RSA CONFERENCE
Learn More
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyGot it!
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyGot it!