ANY.RUN has added automatic SSL decryption to its Interactive Sandbox across all subscription tiers. The feature extracts TLS session keys directly from process memory at runtime, enabling inspection of encrypted traffic without requiring certificate installation or proxy configuration. This addresses a core evasion tactic: phishing sites increasingly hide behind HTTPS, making sandbox detection blind to payload delivery and credential harvesting over encrypted channels. With 90% of cyberattacks originating from phishing and volumes rising, the upgrade improves detection rates for SOC teams by exposing what was previously opaque encrypted traffic inside sandbox sessions.