ANY.RUN at RootedCON 2026: Meeting Security Teams and Showcasing New Capabilities

From March 5 to March 7, the ANY.RUN team attended RootedCON 2026 in Madrid and showcase some of our latest capabilities developed for modern SOC environments at the conference expo.

The event provided a great opportunity to meet our existing clients and connect with security teams exploring advanced threat detection solutions.

Meeting the Community and Partners

RootedCON is one of the largest cybersecurity conferences in Europe, bringing together thousands of security researchers, SOC analysts, and industry professionals every year.

For us, it was a great chance to meet many of our users face-to-face, hear how SOC teams integrate ANY.RUN’s solutions into their investigation workflows, and exchange ideas with practitioners working on real-world threats every day.

Meeting clients at RootedCON 2026 — *It was a pleasure to meet so many of our clients*

It was great to connect with so many of our customers and discuss how they use our threat analysis and intelligence in their daily security operations.

*We also brought ANY.RUN swag, which didn’t stay at the booth for long*

We also had the pleasure of meeting many new companies and potential partners who were exploring ways to strengthen their threat detection and analysis workflows. Conversations like these are always valuable, they help us better understand how security teams operate and what challenges they face in modern SOC environments.

Demonstrating New Capabilities and Exclusives

At the booth, visitors were able to see both existing ANY.RUN solutions and several new capabilities that expand our products’ visibility and detection power. Some of these updates were shown publicly for the first time.

*RootedCON visitors were among the first to see ANY.RUN’s newest capabilities*

One of the new technologies we demonstrated was automatic SSL decryption in the Interactive Sandbox.

As phishing infrastructure increasingly relies on encrypted HTTPS traffic, many malicious actions can appear as normal web activity.

By automatically extracting session keys from process memory and decrypting traffic internally during analysis, the sandbox provides full visibility into encrypted sessions and helps security teams increase the phishing detection rate and drive down the MTTR.

And that’s just one example of how ANY.RUN continues to evolve. More capabilities are already in development to further strengthen threat detection, investigation workflows, and cross-platform visibility for modern SOC teams.

See You Next Year

We’re grateful to everyone who stopped by the ANY.RUN booth to talk with the team, share feedback, or simply say hello. Events like RootedCON are always a great reminder of how strong and collaborative the cybersecurity community is.

We’re already looking forward to returning next year.

About ANY.RUN

ANY.RUN provides interactive malware analysis and actionable threat intelligence used by more than 15,000 organizations and 600,000 security professionals worldwide.

The combined solution stack that includes the Interactive Sandbox, Threat Intelligence Lookup, and Threat Intelligence Feeds helps SOC and MSSP teams analyze threats faster, investigate incidents with deeper context, and detect emerging attacks earlier.

ANY.RUN also meets enterprise security and compliance expectations. The company is SOC 2 Type II certified, reinforcing its commitment to protecting customer data and maintaining strong security controls.