Skyhawk Cloud Threat Detection and Response (CDR) is a runtime cloud security solution that monitors cloud environments across AWS, Azure, and Google Cloud using machine learning models to detect and respond to malicious activity. The platform builds custom ML models at three layers: across the Skyhawk Security Cloud, within the customer's cloud environment, and at the individual user and asset level. These models are updated daily to maintain accuracy and prevent reverse engineering by threat actors. Rather than generating alerts from single events, the platform correlates multiple behaviors and activities into Malicious Behavior Indicators (MBIs), which are then sequenced into an "Attack Sequence" that represents a chain of threat actor behaviors. An alert is only raised when the risk score of an MBI sequence crosses a defined threshold, reducing false positives and alert fatigue. The product includes an AI-based Purple Team feature that uses digital twins to continuously monitor cloud environments, detect security threats, and update detection models as the environment changes. This provides adaptive, autonomous threat detection tuned to each customer's cloud. Runtime monitoring is central to the platform's design — it detects threats as they unfold rather than at scheduled intervals, allowing security teams to act before incidents escalate into full breaches.