SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Hybrid it security control room cloud mac okta github network
#
Data Protection
#
Encryption
#
PAM

BloodHound expands identity attack path mapping reach

Fri, 20th Mar 2026
Author image
By Catherine Knowles, News Editor

SpecterOps has expanded BloodHound Enterprise to map identity attack paths across Okta, GitHub, and Mac environments managed through Jamf, as organisations face more intrusions that exploit identity relationships rather than endpoints.

The update extends its identity attack path management approach into systems that often sit at the centre of access control, software development, and device administration. Security teams often manage these platforms as separate domains, even when permissions and trust relationships connect them.

Identity-based intrusion paths can span cloud identity providers, developer tooling, and endpoint management. Attackers can exploit these relationships to move laterally and gain higher privileges. SpecterOps says such attack paths feature in about 80% of breaches.

Broader coverage

BloodHound is best known as an attack path analysis tool for Microsoft Active Directory, while BloodHound Enterprise is SpecterOps' commercial platform. It focuses on identifying relationships between identities, permissions, and resources, then highlighting routes an attacker could follow.

The new release adds coverage for Okta, GitHub, and Mac estates, with Jamf as the management layer for Mac endpoints. The additions reflect how identity and access now span multiple platforms in many organisations. Okta often sits at the centre of authentication. GitHub holds source code and access tokens. Jamf can manage configuration and privileges on macOS devices.

SpecterOps has added "OpenGraph extensions" to BloodHound Enterprise. It describes OpenGraph as an approach that expands the platform's ability to represent identity relationships across different systems, giving security teams visibility into cross-platform attack paths in hybrid environments.

Privilege zones

The update also introduces "privilege zones", a way to group critical assets and more precisely analyse which identities can reach them. SpecterOps cited code repositories and sensitive customer data as examples of assets organisations may want to isolate more tightly.

One set of features focuses on detecting identity misconfigurations and privilege escalation paths across Okta, GitHub repositories, and Jamf-managed Macs. Another adds analysis based on multiple privilege tiers, which SpecterOps says can flag violations across business-critical applications and regulated systems.

BloodHound Enterprise has also added controls to restrict user access by environment boundaries. The platform now supports enhanced role-based access controls for domains, tenants, accounts, and organisations. This can reduce the risk of overly broad administrative access and limit the impact of compromised accounts.

Key management

BloodHound Enterprise now supports a bring-your-own-key option, allowing customers to manage their own encryption keys. SpecterOps positioned the feature as relevant for internal security policies and compliance requirements.

Key management has become a more common requirement for security and data platforms sold into regulated sectors and large enterprises. Buyers often want stronger control over encryption material and clearer separation of duties between vendor operations and customer security teams.

Workflow integrations

The release also adds integrations with Palo Alto Cortex XSOAR, Microsoft Sentinel, and ServiceNow Vendor Risk Management. SpecterOps says these integrations can turn attack path findings into incidents and correlate identity risk within security operations workflows.

Many security teams rely on a mix of SIEM, SOAR, and ticketing systems. Integration often determines whether a risk finding becomes an actionable task or remains a report. By connecting identity attack path findings with existing workflows, SpecterOps aims to reduce friction between identity teams and security operations.

SpecterOps also linked the expanded platform coverage to its BloodHound Scentry service, which it described as pairing tradecraft expertise with BloodHound Enterprise to speed up maturity in attack path management practices.

Attackers have increasingly targeted identity infrastructure and systems that hold privileged access. Git platforms and identity providers can act as force multipliers in an incident, since access often cascades from them into production environments, cloud services, and corporate data.

Justin Kohler, SpecterOps' chief product officer, framed the update around cross-platform trust relationships.

"Attackers increasingly exploit identities and the trust relationships between platforms, people, and agents to gain access to critical assets. With the introduction of OpenGraph for BloodHound Enterprise, identity and security teams can extend attack path management across Okta, GitHub, and Mac systems, reducing attack paths and protecting critical assets across hybrid environments," Kohler said.

SpecterOps plans to demonstrate the updated BloodHound Enterprise at RSAC 2026, focusing on the new OpenGraph extensions and expanded coverage for Okta, GitHub, and Mac environments.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding