BloodHound v8.0 Expands Identity Security Horizons with OpenGraph and Enterprise Integrations

In a major leap for identity security and adversary simulation, SpecterOps unveiled BloodHound v8.0—an ambitious expansion of its widely adopted Attack Path Management (APM) platform. With the launch of OpenGraph, the open-source and enterprise editions of BloodHound gain a powerful new capability: the ability to ingest and correlate identity data from far beyond Microsoft Active Directory, enabling a panoramic view of attack paths across the modern tech stack.

This marks the most comprehensive update to BloodHound since its initial release, and it’s aimed squarely at the evolving complexity of hybrid environments.

Beyond Active Directory: A Broader Lens on Identity Risk

Historically, BloodHound focused its sharp edge on Active Directory and Entra ID, platforms that have remained central to enterprise identity. But attackers no longer limit themselves to traditional perimeter targets. With OpenGraph, SpecterOps signals its intent to map the full identity terrain—ranging from SaaS apps to cloud databases and DevOps pipelines.

OpenGraph allows security teams to ingest identity and configuration data from sources like GitHub, Snowflake, and Microsoft SQL Server. The result? A flexible framework for modeling attack paths tailored to any organization’s stack.

Identity Governance Meets Threat Modeling

In addition to OpenGraph, BloodHound v8.0 strengthens enterprise controls with support for Microsoft’s Privileged Identity Management (PIM), a critical feature for organizations pursuing zero trust and least privilege principles. By mapping how temporary privileged roles are used and configured, v8.0 helps ensure attackers don’t slip through ephemeral cracks in identity governance.

The update also brings integrations with ServiceNow and Duo. The former allows BloodHound Enterprise to automatically generate remediation tickets, while the latter secures access to the platform itself with two-factor authentication. Together, they close a vital loop between detection, tracking, and enforcement.

New “Privilege Zones” analysis further elevates the product’s utility. Security teams can now define tiers of business-critical systems and assess violations of privilege boundaries, giving enterprises tools to protect assets subject to regulatory scrutiny like HIPAA or PCI-DSS.

Usability for the Front Lines

With the addition of a Table View for attack path data, BloodHound becomes easier to use across cross-functional teams. The visual attack graphs that have long been its hallmark now have a spreadsheet-style counterpart, making path analysis and ticketing workflows more accessible to IAM and operations teams.

Also included: Kali Linux support for penetration testers, inheritance tracking to trace access rights back to their origin, and deep linking features that enhance collaboration across security and IT operations.

From Community Roots to Enterprise Vision

SpecterOps is clearly doubling down on its dual mission: to empower red teams with cutting-edge open-source tooling while providing blue teams with robust enterprise-grade controls. By building BloodHound OpenGraph on a foundation that supports both flexibility and standardization, the company is inviting the security community to innovate alongside them.

The timing isn’t accidental. BloodHound v8.0 will be showcased at Black Hat USA next week, where the SpecterOps team will be at booth #4527 demoing the new features and likely recruiting collaborators from the broader offensive and defensive security communities.

With this release, BloodHound continues to evolve from a red team reconnaissance tool into a full-spectrum identity risk platform. In an era where identity is both the new perimeter and the attacker's primary playground, BloodHound v8.0 offers a map—and a compass—for those defending the enterprise.