ANY.RUN has added SSL decryption to its Interactive Sandbox across all subscription tiers. The feature extracts TLS session keys directly from process memory at runtime, enabling the sandbox to inspect encrypted HTTPS traffic that phishing sites rely on to evade detection. With 90% of cyberattacks starting with phishing, the upgrade targets the core evasion tactic of hiding malicious payloads behind SSL. The result is a higher phishing detection rate for all users and SOC teams without requiring manual configuration.