Arctic Wolf has spent much of this year aggressively building out its Aurora Platform and AI-powered security operations center offering (SOC), most recently last week
expanding its relationship with cloud giant
Amazon Web Services (AWS) to grow their reach and capabilities.
That followed a series of other moves, from
integrating Databricks into Aurora to boost the amount of security telemetry the platform can process to rolling out Aurora Endpoint Security for MSPs as part of Aurora, giving its partners a scalable way to protect their clients.
The Minnesota-based company took another step this week with the acquisition of startup
UpSight Security in a deal that will help accelerate Arctic Wolf’s efforts to deliver AI-driven ransomware prevention and rollback functions through Aurora Endpoint Security.
It will be an important step for both customers as well as MSSPs and MSPs and their clients, according to
Dan Schiappa, president of technology and services for Arctic Wolf.
“AI is central to how we’re evolving the Aurora Platform, and UpSight brings patented, on-device AI that detects and stops ransomware before encryption or data theft occurs,” Schiappa told MSSP Alert. “Their technology and engineering expertise accelerate capabilities we were already developing internally, helping us deliver innovation to customers faster.”
Stopping Ransomware Before It Begins
UpSight’s predictive AI model is designed to improve security tools like extended detection and response (XDR) and endpoint detection and response (EDR) systems, using a causal engine and a patented small language model (SLM) that predicts attacks in real time. The platform is made to transform machine language into natural language and then stops attacks before they can cause damage.
According to the company, the platform operates at the kernel level, intercepting threat actors’ actions before files are encrypted, data is stolen, or privileges are escalated. The aim is to not only stop ransomware attacks before they can get underway but also to eliminate the costs that come with remediation efforts, investigations, and recovery processes.
Data remains in place, and because nothing is stolen, no ransom is demanded.
It’s using AI to stop AI-driven cyberattacks, Schiappa said.
“Attackers are using AI to move faster and smarter, so defenders need to do the same,” he said. “By embedding UpSight’s predictive AI into Aurora Endpoint Security, we will detect and contain ransomware earlier, enabling rollback to pre-attack states for faster recovery.”
Matching AI with AI
In September, UpSight researchers wrote about the rapidly expanding AI-vs.-AI battle in cyberspace, noting that “the uncomfortable truth is that attackers no longer need to outthink defenders. They can let algorithms do it for them.” What AI did in phishing – more convincing malicious messages, for example – it’s now doing in ransomware, giving attackers an advantage over traditional EDR and endpoint protection platform (EPP) defenses, with analysts defining what is malicious and then having systems alert to what matches the definition.
That doesn’t work when AI can create massive numbers of unique payloads, they wrote.
“This is why ransomware is increasingly slipping past defenses,” the UpSight researchers wrote. “It’s not a matter of one product missing an alert; it’s an architectural mismatch between static detection and adaptive offense.”
According to the
vendor’s 2025 threat report, 44% of all incidents that Arctic Wolf responded to involved ransomware or data extortion, and in 96% of those attacks, the hackers exfiltrated data to put more pressure on victims to pay. The speed and sophistication of ransomware campaigns is evolving rapidly, and defenses need to keep pace, company officials argue.
Integration Underway
Now, Arctic Wolf will continue developing UpSight’s technical capabilities and integrate them into Aurora to match the AI capabilities of bad actors. The vendor has already begun the integration work, but there’s no public timeframe for when Aurora users will begin seeing the UpSight capabilities in Aurora, Schiappa said.
For the channel-first company, the benefits from the UpSight acquisition will benefit partners, including MSSPs and MSPs, he said.
“This acquisition underscores Arctic Wolf’s commitment to investing in Aurora Endpoint Security through both organic development and strategic M&A,” Schiappa said. “It strengthens the protection our partners will deliver to customers and demonstrates our continued focus on advancing the Aurora Platform with powerful, AI-driven capabilities that make security work.”
