FilingFirehose research · May 2026 · 11 min read

SEC 8-K disclosure trends 2026 — what we found parsing 4,251 filings

What we've learned auditing every 8-K, 13D/G, and S-3/424B5 filing across a 21-business-day window. Buried events, activist accumulations, ATM offering bursts, and the disclosure patterns SEC filers don't talk about.

Top-line findings (TL;DR)

• 7.3% of Item 8.01 ("Other Events") 8-K filings contain body-text language flagging more specific items the filer didn't report. Of 735 Item 8.01 filings analyzed, 54 had body content matching item-1.01 / 1.05 / 3.01 / 5.02 patterns. (See full breakdown below.)
• 21 named activist filers (Saba, Bulldog, Karpus, Icahn, Elliott, Starboard, Pershing, ValueAct, Engine No. 1, JANA, Trian, Sachem Head, +9 more) accounted for 18% of all Schedule 13D filings in the window — meaningfully concentrated relative to the long-tail filer base.
• ATM (at-the-market) offerings spiked 24% week-over-week mid-window — correlated with sector-wide post-earnings dilution events in small-cap biotech.
• ~14% of Item 8.01 filings include at least one body excerpt that suggests cyber-incident language (Item 1.05) without invoking that item code. The SEC's 2023 cybersecurity disclosure rule explicitly names this pattern as a compliance risk.
• Median EDGAR-to-API latency for the 4,251 filings: 23 seconds. Real-time disclosure monitoring is technically feasible at sub-30-second latency.

Methodology — the part where we tell you the limits

We body-text-classified every 8-K, 13D/G, and S-3/424B5 filing submitted to SEC EDGAR over a 21-business-day window (4,251 8-Ks, 1,847 13D/G filings, 412 S-3/424B5 filings). Body-text classification means: for each filing, we re-parse the filing's actual body content with a deterministic keyword classifier (no LLM — the patterns are specific enough that regex catches them), then compare what the body says to what the filer's "Items Reported" field claims.

This is not academic-grade research. Sample is 21 business days, not a year. Patterns we surface are flags, not convictions — the classifier sometimes false-positives when an Item 8.01 filing summarizes or cross-references content from prior filings. Numbers are directional, not statistically rigorous. Where industry- known data exists (SEC's 10 req/s rate limit, the 4-business-day 8-K filing window) we cite SEC's own documentation.

Every number is reproducible — hit our free public API: curl https://filingfirehose.com/v1/public/8k?suspected_buried_only=true returns the live working set of flagged filings.

Finding 1: 7.3% of Item 8.01 filings have buried events

SEC Form 8-K has ~30 specific item codes plus Item 8.01 ("Other Events") — a catch-all the SEC explicitly says should be a last resort: "If the matter being disclosed is described by another item, that item should be used."

In practice, filers use 8.01 for everything from press releases to buried disclosures of material events. We classify 8.01 bodies against our pattern library for items 1.01 (material agreement), 1.03 (bankruptcy), 1.05 (cybersecurity), 2.01 (acquisition), 3.01 (delisting notice), and 5.02 (officer departure).

Why this matters: APIs that trust the filer-reported item codes (most of them, including the major commercial ones) will miss these disclosures. Investors monitoring specifically for cyber incidents (Item 1.05) who key off the reported field would not see a BiomX-style cyber-language disclosure that's filed under Item 8.01 only.

Finding 2: 21 named activists account for ~18% of all 13D filings

Schedule 13D filings — the form an investor must file within 10 days of accumulating >5% of a public company's voting shares — are chronically under-utilized in event-driven research because the parsing is messy. Filer name extraction from the cover page is inconsistent (sometimes subject_name, sometimes filers array, sometimes free-text inside Item 4).

We auto-tag 21 named activists across every 13D and 13G filing:

• Saba Capital
• Bulldog Investors
• Karpus Management
• Icahn Associates / Capital
• Elliott Investment Management
• Starboard Value
• Pershing Square
• ValueAct Capital
• Engine No. 1
• JANA Partners
• Trian Partners
• Sachem Head
• Blue Orca Capital
• Land & Buildings
• Ancora Advisors
• Third Point
• Carlson Capital
• Marathon Partners
• Voce Capital
• Macellum Advisors
• Hudson Executive Capital

In the window analyzed, these 21 names appeared on 18% of all 13D filings. The other 82% comes from the long-tail filer base (single- entity holders, family offices, special-purpose vehicles). The concentration matters: the 1-day announcement return for a 13D filed by a named activist averages meaningfully different (per Brav, Jiang, Ma, Tian, Journal of Financial Economics 2008 and follow-ups) than the long-tail base. Event-driven strategies that key off named-activist tagging have a measurable selection effect.

Finding 3: ATM offerings cluster post-earnings in small-cap biotech

At-the-market (ATM) equity offerings — typically filed via S-3 + 424B5 prospectus supplements — are dilutive signals that often correlate with stock price weakness in the days following. We detect ATM offerings by parsing the S-3 / 424B5 prospectus for language around "at-the-market," "ATM facility," named sales agents (Cantor, BMO, B. Riley, Jefferies, Cowen, Wainwright are the dominant six), and shelf-size disclosure.

Over the 21-day window: 412 S-3/424B5 filings, 89 of which we classified as ATM-eligible. Concentration by sector: 41 in small-cap biotech, 18 in early-stage tech, 11 in consumer discretionary, 19 in other. The biotech concentration spikes by ~24% in the week following major sector earnings — a pattern visible across the past three quarters per our archive.

Finding 4: ~14% of Item 8.01 filings have cyber-incident language

The SEC's 2023 cybersecurity disclosure rule (17 CFR §229.106) requires public companies to file Item 1.05 on Form 8-K within four business days of determining a cybersecurity incident is material. Compliance counsel widely warns that filing cyber-incident content under Item 8.01 instead of 1.05 is an enforcement risk — the SEC has explicitly called this pattern out.

Our body-text classifier scans Item 8.01 bodies for specific cyber phrases (ransomware, threat actor, data exfiltration, unauthorized access to systems, etc.). In the 735 Item 8.01 filings analyzed, ~14% contained at least one cyber-pattern hit at a confidence level we'd flag for human review.

That doesn't mean 14% are misclassified — many are summarizing past incidents, third-party events, or referring to general cybersecurity risk in legitimate non-1.05 contexts. But the rate is high enough that compliance and enforcement-monitoring desks should be reviewing Item 8.01 filings for cyber-language flags, not just keying off Item 1.05 directly.

Finding 5: Sub-30-second EDGAR-to-API latency is achievable

The SEC's EDGAR system has a public 10 requests/second per-IP rate limit. Most commercial SEC APIs poll EDGAR every 30-90 seconds, which adds meaningful latency before a filing is queryable downstream.

We poll the per-CIK submissions.json endpoint every 10 seconds across all monitored CIKs (the SEC's documented limit), which yields a median EDGAR-to-API latency of 23 seconds across the 4,251 8-K filings in this window. Webhook delivery on top of that adds another ~3 seconds. End-to-end EDGAR → subscribed-system notification: 25-30 seconds is the achievable floor.

For event-driven strategies, this matters: 25 seconds is enough time for a faster competitor to act first, but well within the window where most fundamental responses are still pending.

What we're watching for the rest of 2026

• SEC enforcement on Item 8.01 vs 1.05 misclassification. Several recent enforcement actions cite exactly this pattern; expect more if cybersecurity disclosure rule compliance is scrutinized further.
• Activist accumulations in regional banks. Following 2023's regional-bank stress, several named activists (Saba, Karpus, Bulldog) have been quietly accumulating positions — expect 13D filings in mid-cap regional banks to remain elevated.
• ATM offerings as a leading-indicator for sector dilution. Mid-cap biotech ATM filings continue to be a useful leading indicator for sector-wide capital needs.
• AI-summarized 10-K disclosures. Some filers are starting to include AI-attribution language in their MD&A sections. Expect SEC guidance on AI-generated disclosure content sometime in late 2026.

How we built this — the technical part

For builders / engineers reading: the pipeline is FastAPI + Polars + Parquet on Fly.io. EDGAR ingest tick is 10s. Body-text parser is a deterministic regex classifier (no LLM — domain-specific phrases are specific enough that regex catches them with high precision; LLM would be slower, more expensive, and not measurably more accurate on this corpus). Storage is Parquet partitioned by (form_type, year, month) — predicate pushdown on filed_at means even 10-year archive queries are single-digit-ms. Sub-package code will go open-source once we cross 100 paying customers; right now it's the indie commercial product at filingfirehose.com.

curl https://filingfirehose.com/v1/public/8k?suspected_buried_only=true

For journalists, researchers, and compliance teams

Quotes attributed to FilingFirehose — use freely. We can provide additional cuts of the data on request (per-sector breakdowns, per-filer concentration, time-series comparisons against prior quarters). Contact: hello@filingfirehose.com — Jared Ablon.

Methodology, raw classifier patterns, and reproducibility notes are also available at /research/buried-events.