AV

AI threat visibility

Adversary behavior, mapped to MITRE ATT&CK.

Every signal classified by an ensemble of detection models — surfaced against a live tactic-by-technique matrix.

Techniques observed (24h)

142
+8.4%24h

Active threat actors

11
+2%24h3 high-confidence

Model precision

0.984
+0.3%24hrolling 7-day

False positive rate

0.6%
-12%24h

MITRE ATT&CK · Enterprise

Technique heat map

Cell intensity reflects observation count in the last 24 hours.

Baseline Elevated Active

Initial Access

Phishing
Valid Accounts
Supply Chain×16
Exploit Public-Facing
External Remote

Execution

PowerShell
Scheduled Task
Native API
User Execution

Persistence

Registry Run Keys
Create Account×15
Boot/Logon×16
Server Software

Privilege Esc.

Token Manipulation
Bypass UAC
Sudo Caching
Process Injection

Defense Evasion

Obfuscation
Indicator Removal
Masquerading×16
Rootkit
Disable Tools

Credential Access

OS Credential Dump
Brute Force
Keylogging×18
Forced Auth

Discovery

Account Discovery
Network Scanning
Permission Groups×18
System Info×16

Lateral Movement

Remote Services
Pass-the-Hash
SSH Hijacking×18
Internal Spear

Collection

Data Staged
Email Collection
Screen Capture
Audio Capture×16

Exfiltration

Over C2
Web Service×19
Alternative Protocol

Impact

Data Encrypted
Service Stop×15
Defacement×17
Resource Hijack

Anomaly timeline

Behavioral drift signal

Z-score normalized

AI classification stream

Model verdicts

  • Spear-phish (0.97)

    phish-bert-v9exec-mailbox-04

  • Lateral · Pass-the-Hash (0.92)

    graph-anomaly-3win-bld-srv-12

  • Data exfil signal (0.81)

    egress-llm-2vpc-eu-w-2

  • Insider drift (0.74)

    ueba-core-7user · k.fischer

  • Cobalt-Strike beacon (0.99)

    malware-cnn-5fin-db-prod-04

  • DNS tunneling (0.88)

    dns-tx-rnnedge-pop-sgp

  • Privilege escalation attempt (0.85)

    iam-gpt-1svc-account-build

Threat actor tracker

Adversary clusters

Actor

STORM-1098

rising

Likely state-aligned · EE

92

Confidence

28

TTPs

14m ago

Seen

Actor

INK-MIRAGE

steady

Cybercrime collective

78

Confidence

19

TTPs

2h ago

Seen

Actor

VELVET-OWL

rising

Insider-adjacent broker

64

Confidence

12

TTPs

9m ago

Seen

Actor

CITRINE-04

cooling

Ransomware affiliate

88

Confidence

24

TTPs

37m ago

Seen