Silent Push 6.0 adds AI workflows and unified cyber platform

Silent Push has launched version 6.0 of its cyber defence platform, reorganising its products into three main modules and adding new data and workflow features.

The update centres on a redesign aimed at making the platform easier for security teams to navigate while bringing together several parts of the company's threat intelligence offering. The new structure groups products under Defend, Insight and Reconnaissance, with a separate Advanced Attribution area for Traffic Origin.

Defend is aimed at security operations teams that feed intelligence into tools such as SIEM, SOAR and firewalls. Insight is positioned as a single-view workspace for analysts handling triage, while Reconnaissance focuses on threat hunting and incident response teams tracking hostile infrastructure.

One of the main additions is an expanded version of Traffic Origin, which is based on Silent Push's own dataset and is designed to show the true country of origin of internet traffic. The revised interface offers full-year data access and tighter permission controls.

Traffic Origin is intended for use in fraud prevention, know-your-customer checks, hiring verification and incident response. That places the tool beyond traditional threat intelligence tasks and into broader operational and compliance work, where organisations are under pressure to validate online activity more accurately.

Another new feature is a hosted MCP server that connects Silent Push data to artificial intelligence environments including Claude and ChatGPT. Analysts can use natural-language prompts to investigate indicators, review historical DNS data, trace shared infrastructure, cluster adversaries by fingerprint, score risk and generate pivot graphs without opening the main platform interface.

That reflects a broader move across the cybersecurity market to embed AI assistants into analyst workflows rather than requiring teams to work in separate products. Vendors have been trying to reduce the manual enrichment and searching needed during investigations, particularly in security operations centres handling large volumes of alerts.

Silent Push said the AI connection is designed to return structured answers grounded in source data while reducing token usage through automatic context reduction. The company presented that as a way to shorten the path from query to completed investigation, though it did not disclose pricing or customer deployment numbers.

Platform changes

The 6.0 release also adds a bulk enrichment function in the Insight module. It is intended for analysts reviewing sets of suspicious assets and deciding which warrant immediate attention, rather than relying on one-by-one lookups.

In threat intelligence and security operations, that kind of bulk processing has become increasingly important as teams try to prioritise alerts and indicators more quickly. Analysts often need to compare domains, IP addresses and other artefacts across multiple datasets before deciding whether to escalate an investigation.

Silent Push has also updated its TLP Amber reports, which are used to distribute threat information with restricted sharing rules. The company said it has improved the underlying infrastructure to speed up report loading, added video tutorials within reports, made indicators clickable for further analysis and opened an API for report metadata.

The emphasis on workflow and interface changes suggests Silent Push is trying to widen use of its data across different teams within customer organisations. Rather than selling only to specialist threat intelligence staff, the new structure appears designed to appeal to security operations, fraud, compliance and incident response users who need to work from a shared set of signals.

The broader platform is available both as a standalone product and through APIs that connect with external security tools. Silent Push also said its customer base includes large enterprises and government agencies, though it did not identify them.

The cybersecurity sector has seen growing demand for tools that claim to identify malicious infrastructure earlier in the attack cycle, especially as defenders contend with phishing campaigns, credential theft and fast-changing criminal infrastructure. Providers have responded by offering services that track domains, IP addresses and internet routing behaviour in near real time, while trying to fit into existing customer software stacks rather than replace them.

For Silent Push, version 6.0 appears to be as much a packaging and workflow shift as a product launch. By separating its tools into clearer modules and adding AI access, the company is attempting to make its data more usable across a wider range of security tasks.

A brief statement from the company's leadership accompanied the launch. "Silent Push 6.0 truly eliminates noise to build meaningful signals on attacker infrastructure to preempt potential attacks - no one else can do this in the market," said Ken Bagnall, Chief Executive Officer and Co-Founder of Silent Push.

"Launching 6.0 gives enterprise teams and government defenders an opportunity to detect significant threats earlier to inform decisive action to continuously improve cyber risk posture as early as possible in the attack kill chain to defend with a threat-informed approach to cyber defense," Bagnall said.