Blog
/
Network
/
October 3, 2023

Unveiling ViperSoftX: A Darktrace Investigation

Read about the ViperSoftX threat and how Darktrace's innovative detection methods exposed this cyber intrusion and its potential impacts.
Written by
Zoe Tilsiter
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Zoe Tilsiter
Cyber Analyst
Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
03
Oct 2023

Fighting Info-Stealing Malware

The escalating threat posed by information-stealing malware designed to harvest and steal the sensitive data of individuals and organizations alike has become a paramount concern for security teams across the threat landscape. In direct response to security teams improving their threat detection and prevention capabilities, threat actors are forced to continually adapt and advance their techniques, striving for greater sophistication to ensure they can achieve the malicious goals.

What is ViperSoftX?

ViperSoftX is an information stealer and Remote Access Trojan (RAT) malware known to steal privileged information such as cryptocurrency wallet addresses and password information stored in browsers and password managers. It is commonly distributed via the download of cracked software from multiple sources such as suspicious domains, torrent downloads, and key generators (keygens) from third-party sites.

ViperSoftX was first observed in the wild in 2020 [1] but more recently, new strains were identified in 2022 and 2023 utilizing more sophisticated detection evasion techniques, making it more difficult for security teams to identify and analyze. This includes using more advanced encryption methods alongside monthly changes to command-and-control servers (C2) [2], using dynamic-link library (DLL) sideloading for execution techiques, and subsequently loading a malicious browser extension upon infection which works as an independent info-stealer named VenomSoftX [3].

Between February and June 2023, Darktrace detected activity related to the VipersoftX and VenomSoftX information stealers on the networks of more than 100 customers across its fleet. Darktrace DETECT™ was able to successfully identify the anomalous network activity surrounding these emerging information stealer infections and bring them to the attention of the customers, while Darktrace RESPOND™, when enabled in autonomous response mode, was able to quickly intervene and shut down malicious downloads and data exfiltration attempts.

ViperSoftX Attack & Darktrace Coverage

In cases of ViperSoftX information stealer activity observed by Darktrace, the initial infection was caused through the download of malicious files from multimedia sites, endpoints of cracked software like Adobe Illustrator, and torrent sites. Endpoint users typically unknowingly download the malware from these endpoints with a sideloaded DLL, posing as legitimate software executables.

Darktrace detected multiple downloads from such multimedia sites and endpoints related to cracked software and BitTorrent, which were likely representative of the initial source of ViperSoftX infection. Darktrace DETECT models such as ‘Anomalous File / Anomalous Octet Stream (No User Agent)’ breached in response to this activity and were brought to the immediate attention of customer security teams. In instances where Darktrace RESPOND was configured in autonomous response mode, Darktrace was able to enforce a pattern of life on offending devices, preventing them from downloading malicious files.  This ensures that devices are limited to conducting only their pre-established expected activit, minimizing disruption to the business whilst targetedly mitigating suspicious file downloads.

The downloads are then extracted, decrypted and begin to run on the device. The now compromised device will then proceed to make external connections to C2 servers to retrieve secondary PowerShell executable. Darktrace identified that infected devices using PowerShell user agents whilst making HTTP GET requests to domain generation algorithm (DGA) ViperSoftX domains represented new, and therefore unusual, activity in a large number of cases.

For example, Darktrace detected one customer device making an HTTP GET request to the endpoint ‘chatgigi2[.]com’, using the PowerShell user agent ‘Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.2364’. This new activity triggered a number of DETECT models, including ‘Anomalous Connection / PowerShell to Rare External’ and ‘Device / New PowerShell User Agent’. Repeated connections to these endpoints also triggered C2 beaconing models including:  

  • Compromise / Agent Beacon (Short Period)
  • Compromise / Agent Beacon (Medium Period)
  • Compromise / Agent Beacon (Long Period)
  • Compromise / Quick and Regular Windows HTTP Beaconing
  • Compromise / SSL or HTTP Beacon

Although a large number of different DGA domains were detected, commonalities in URI formats were seen across affected customers which matched formats previously identified as ViperSoftX C2 communication by open-source intelligence (OSINT), and in other Darktrace investigations.  

URI paths for example, were always of the format /api/, /api/v1/, /v2/, or /v3/, appearing to detail version number, as can be seen in Figure 1.

Figure 1: A Packet Capture (PCAP) taken from Darktrace showing a connection made to a ViperSoftX C2 endpoint containing versioning information, consistent with ViperSoftX pattern of communication.  

Before the secondary PowerShell executables are loaded, ViperSoftX takes a digital fingerprint of the infected machine to gather its configuration details, and exfiltrates them to the C2 server. These include the computer name, username, Operating System (OS), and ensures there are no anti-virus or montoring tools on the device. If no security tool are detected, ViperSoftX then downloads, decrypts and executes the PowerShell file.

Following the GET requests Darktrace observed numerous devices performing HTTP POST requests and beaconing connections to ViperSoftX endpoints with varying globally unique identifiers (GUIDs) within the URIs. These connections represented the exfiltration of device configuration details, such as “anti-virus detected”, “app used”, and “device name”. As seen on another customer’s deployment, this caused the model ‘Anomalous Connection / Multiple HTTP POSTs to Rare Hostname’ to breach, which was also detected by Cyber AI Analyst as seen in Figure 2.

Figure 2: Cyber AI Analyst’s detection of HTTP POSTs being made to apibiling[.]com, a ViperSoftX C2 endpoint.

The malicious PowerShell download then crawls the infected device’s systems and directories looking for any cryptocurrency wallet information and password managers, and exfiltrates harvest data to the C2 infrastructure. The C2 server then provides further browser extensions to Chromium browsers to be downloaded and act as a separate stand-alone information stealer, also known as VenomSoftX.

Similar to the initial download of ViperSoftX, these malicious extensions are disguised as legitimate browser extensions to evade the detection of security teams. VenomSoft X, in turn, searches through and attempts to gather sensitive data from password managers and crypto wallets stored in user browsers. Using this information, VenomSoftX is able to redirect crypocurrency transactions by intercepting and manipulating API requests between the sender and the intended recipient, directing the cryptocurrency to the attacker instead [3].

Following investigation into VipersoftX activity across the customer base, Darktrace notified all affected customers and opened Ask the Expert (ATE) tickets through which customer’s could directly contact the analyst team for support and guidance in the face on the information stealer infection.

How did the attack bypass the rest of the security stack?

As previously mentioned, both the initial download of ViperSoftX and the subsequent download of the VenomX browser extension are disguised as legitimate software or browser downloads. This is a common technique employed by threat actors to infect target devices with malicious software, while going unnoticed by security teams traditional security measures. Furthermore, by masquerading as a legitimate piece of software endpoint users are more likely to trust and therefore download the malware, increasing the likelihood of threat actor’s successfully carrying out their objectives. Additionally, post-infection analysis of shellcode, the executable code used as the payload, is made significantly more difficult by VenomSoftX’s use of bytemapping. Bytemapping prevents the encryption of shellcodes without its corresponding byte map, meaning that the payloads cannot easily be decrypted and analysed by security researchers. [3]

ViperSoftX also takes numerous attempts to prevent their C2 infrastructure from being identified by blocking access to it on browsers, and using multiple DGA domains, thus renderring defunct traditional security measures that rely on threat intelligence and static lists of indicators of compromise (IoCs).

Fortunately for Darktrace customers, Darktrace’s anomaly-based approach to threat detection means that it was able to detect and alert customers to this suspicious activity that may have gone unnoticed by other security tools.

Insights/Conclusion

Faced with the challenge of increasingly competent and capable security teams, malicious actors are having to adopt more sophisticated techniques to successfully compromise target systems and achieve their nefarious goals.

ViperSoftX information stealer makes use of numerous tactics, techniques and procedures (TTPs) designed to fly under the radar and carry out their objectives without being detected. ViperSoftX does not rely on just one information stealing malware, but two with the subsequent injection of the VenomSoftX browser extension, adding an additional layer of sophistication to the informational stealing operation and increasing the potential yield of sensitive data. Furthermore, the use of evasion techniques like disguising malicious file downloads as legitimate software and frequently changing DGA domains means that ViperSoftX is well equipped to infiltrate target systems and exfiltrate confidential information without being detected.

However, the anomaly-based detection capabilities of Darktrace DETECT allows it to identify subtle changes in a device’s behavior, that could be indicative of an emerging compromise, and bring it to the customer’s security team. Darktrace RESPOND is then autonomously able to take action against suspicious activity and shut it down without latency, minimizing disruption to the business and preventing potentially significant financial losses.

Credit to: Zoe Tilsiter, Senior Cyber Analyst, Nathan Lorenzo, Cyber Analyst.

Appendices

References

[1] https://www.fortinet.com/blog/threat-research/vipersoftx-new-javascript-threat

[2] https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html

[3] https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/

Darktrace DETECT Model Detections

·       Anomalous File / Anomalous Octet Stream (No User Agent)

·       Anomalous Connection / PowerShell to Rare External

·       Anomalous Connection / Multiple HTTP POSTs to Rare Hostname

·       Anomalous Connection / Lots of New Connections

·       Anomalous Connection / Multiple Failed Connections to Rare Endpoint

·       Anomalous Server Activity / Outgoing from Server

·       Compromise / Large DNS Volume for Suspicious Domain

·       Compromise / Quick and Regular Windows HTTP Beaconing

·       Compromise / Beacon for 4 Days

·       Compromise / Suspicious Beaconing Behaviour

·       Compromise / Large Number of Suspicious Failed Connections

·       Compromise / Large Number of Suspicious Successful Connections

·       Compromise / POST and Beacon to Rare External

·       Compromise / DGA Beacon

·       Compromise / Agent Beacon (Long Period)

·       Compromise / Agent Beacon (Medium Period)

·       Compromise / Agent Beacon (Short Period)

·       Compromise / Fast Beaconing to DGA

·       Compromise / SSL or HTTP Beacon

·       Compromise / Slow Beaconing Activity To External Rare

·       Compromise / Beaconing Activity To External Rare

·       Compromise / Excessive Posts to Root

·       Compromise / Connections with Suspicious DNS

·       Compromise / HTTP Beaconing to Rare Destination

·       Compromise / High Volume of Connections with Beacon Score

·       Compromise / Sustained SSL or HTTP Increase

·       Device / New PowerShell User Agent

·       Device / New User Agent and New IP

Darktrace RESPOND Model Detections

·       Antigena / Network / External Threat / Antigena Suspicious File Block

·       Antigena / Network / External Threat / Antigena File then New Outbound Block

·       Antigena / Network / External Threat / Antigena Watched Domain Block

·       Antigena / Network / Significant Anomaly / Antigena Significant Anomaly from Client Block

·       Antigena / Network / External Threat / Antigena Suspicious Activity Block

·       Antigena / Network / Significant Anomaly / Antigena Breaches Over Time Block

·       Antigena / Network / Insider Threat / Antigena Large Data Volume Outbound Block

·       Antigena / Network / External Threat / Antigena Suspicious File Pattern of Life Block

·       Antigena / Network / Significant Anomaly / Antigena Controlled and Model Breach

List of IoCs

Indicator - Type - Description

ahoravideo-blog[.]com - Hostname - ViperSoftX C2 endpoint

ahoravideo-blog[.]xyz - Hostname - ViperSoftX C2 endpoint

ahoravideo-cdn[.]com - Hostname - ViperSoftX C2 endpoint

ahoravideo-cdn[.]xyz - Hostname - ViperSoftX C2 endpoint

ahoravideo-chat[.]com - Hostname - ViperSoftX C2 endpoint

ahoravideo-chat[.]xyz - Hostname - ViperSoftX C2 endpoint

ahoravideo-endpoint[.]xyz - Hostname - ViperSoftX C2 endpoint

ahoravideo-schnellvpn[.]com - Hostname - ViperSoftX C2 endpoint

ahoravideo-schnellvpn[.]xyz - Hostname - ViperSoftX C2 endpoint

apibilng[.]com - Hostname - ViperSoftX C2 endpoint

arrowlchat[.]com - Hostname - ViperSoftX C2 endpoint

bideo-blog[.]com - Hostname - ViperSoftX C2 endpoint

bideo-blog[.]xyz - Hostname - ViperSoftX C2 endpoint

bideo-cdn[.]com - Hostname - ViperSoftX C2 endpoint

bideo-cdn[.]xyz - Hostname - ViperSoftX C2 endpoint

bideo-chat[.]com - Hostname - ViperSoftX C2 endpoint

bideo-chat[.]xyz - Hostname - ViperSoftX C2 endpoint

bideo-endpoint[.]com - Hostname - ViperSoftX C2 endpoint

bideo-endpoint[.]xyz - Hostname - ViperSoftX C2 endpoint

bideo-schnellvpn[.]com - Hostname - ViperSoftX C2 endpoint

chatgigi2[.]com - Hostname - ViperSoftX C2 endpoint

counter[.]wmail-service[.]com - Hostname - ViperSoftX C2 endpoint

fairu-cdn[.]xyz - Hostname - ViperSoftX C2 endpoint

fairu-chat[.]xyz - Hostname - ViperSoftX C2 endpoint

fairu-endpoint[.]com - Hostname - ViperSoftX C2 endpoint

fairu-schnellvpn[.]com - Hostname - ViperSoftX C2 endpoint

fairu-schnellvpn[.]xyz - Hostname - ViperSoftX C2 endpoint

privatproxy-blog[.]com - Hostname - ViperSoftX C2 endpoint

privatproxy-blog[.]xyz - Hostname - ViperSoftX C2 endpoint

privatproxy-cdn[.]com - Hostname - ViperSoftX C2 endpoint

privatproxy-cdn[.]xyz - Hostname - ViperSoftX C2 endpoint

privatproxy-endpoint[.]xyz - Hostname - ViperSoftX C2 endpoint

privatproxy-schnellvpn[.]com - Hostname - ViperSoftX C2 endpoint

privatproxy-schnellvpn[.]xyz - Hostname - ViperSoftX C2 endpoint

static-cdn-349[.]net - Hostname - ViperSoftX C2 endpoint

wmail-blog[.]com - Hostname - ViperSoftX C2 endpoint

wmail-cdn[.]xyz - Hostname - ViperSoftX C2 endpoint

wmail-chat[.]com - Hostname - ViperSoftX C2 endpoint

wmail-schnellvpn[.]com - Hostname - ViperSoftX C2 endpoint

wmail-schnellvpn[.]xyz - Hostname - ViperSoftX C2 endpoint

Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.2364 - User Agent -PowerShell User Agent

MITRE ATT&CK Mapping

Tactic - Technique - Notes

Command and Control - T1568.002 Dynamic Resolution: Domain Generation Algorithms

Command and Control - T1321 Data Encoding

Credential Access - T1555.005 Credentials from Password Stores: Password Managers

Defense Evasion - T1027 Obfuscated Files or Information

Execution - T1059.001 Command and Scripting Interpreter: PowerShell

Execution - T1204 User Execution T1204.002 Malicious File

Persistence - T1176 Browser Extensions - VenomSoftX specific

Persistence, Privilege Escalation, Defense Evasion - T1574.002 Hijack Execution Flow: DLL Side-Loading

Written by
Zoe Tilsiter
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Zoe Tilsiter
Cyber Analyst

Darktrace Malware Analysis: Jenkins Honeypot Reveals Emerging Botnet Targeting Online Games

Network
April 29, 2026
Nathaniel Bill
Malware Research Engineer
Watch the NIS2 Webinar
Trending blogs
1
Darktrace Recognized as the Only Visionary in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Mar 20, 2026
2
What the Darktrace Annual Threat Report 2026 Means for Security Leaders
Feb 26, 2026
3
State of AI Cybersecurity 2026: 92% of security professionals concerned about the impact of AI agents
Mar 26, 2026
4
Beyond MFA: Detecting Adversary-in-the-Middle Attacks and Phishing with Darktrace
Dec 15, 2025
5
Darktrace Unites Human Behavior and Threat Detection Across Email, Slack, Teams, and Zoom
Mar 24, 2026

More in this series

No items found.
Continue reading
Network
April 29, 2026

Darktrace Malware Analysis: Jenkins Honeypot Reveals Emerging Botnet Targeting Online Games

Darktrace analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the malware installs a multi-platform payload, evades detection, and launches UDP, TCP, and application-layer attacks, highlighting ongoing risks from opportunistic botnet activity across internet-facing environments.
Nathaniel Bill
Malware Research Engineer
Read more
Network
April 21, 2026

How a Compromised eScan Update Enabled Multi‑Stage Malware and Blockchain C2

A malicious eScan software update triggered a supply chain compromise that deployed multi‑stage malware and used blockchain‑based domains for resilient C2 communications. Darktrace identified rare, anomalous network activity across customer environments, helping organizations uncover the attack chain and strengthen defenses against increasingly sophisticated supply chain threats.
Joanna Ng
Associate Principal Analyst
Read more
Network
April 2, 2026

How Chinese-Nexus Cyber Operations Have Evolved – And What It Means For Cyber Risk and Resilience 

Darktrace's latest threat research reveals how Chinese-nexus cyber operations have evolved from isolated intrusions into long-term strategic positioning, with attackers prioritizing persistent access to critical infrastructure and digital ecosystems to gain lasting operational and economic advantage.
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
Read more

Blog

/

Email

/

May 1, 2026

How email-delivered prompt injection attacks can target enterprise AI – and why it matters

Default blog imageDefault blog image

What are email-delivered prompt injection attacks?

As organizations rapidly adopt AI assistants to improve productivity, a new class of cyber risk is emerging alongside them: email-delivered AI prompt injection. Unlike traditional attacks that target software vulnerabilities or rely on social engineering, this is the act of embedding malicious or manipulative instructions into content that an AI system will process as part of its normal workflow. Because modern AI tools are designed to ingest and reason over large volumes of data, including emails, documents, and chat histories, they can unintentionally treat hidden attacker-controlled text as legitimate input.  

At Darktrace, our analysis has shown an increase of 90% in the number of customer deployments showing signals associated with potential prompt injection attempts since we began monitoring for this type of activity in late 2025. While it is not always possible to definitively attribute each instance, internal scoring systems designed to identify characteristics consistent with prompt injection have recorded a growing number of high-confidence matches. The upward trend suggests that attackers are actively experimenting with these techniques.

Recent examples of prompt injection attacks

Two early examples of this evolving threat are HashJack and ShadowLeak, which illustrate prompt injection in practice.

HashJack is a novel prompt injection technique discovered in November 2025 that exploits AI-powered web browsers and agentic AI browser assistants. By hiding malicious instructions within the URL fragment (after the # symbol) of a legitimate, trusted website, attackers can trick AI web assistants into performing malicious actions – potentially inserting phishing links, fake contact details, or misleading guidance directly into what appears to be a trusted AI-generated output.

ShadowLeak is a prompt injection method to exfiltrate PII identified in September 2025. This was a flaw in ChatGPT (now patched by OpenAI) which worked via an agent connected to email. If attackers sent the target an email containing a hidden prompt, the agent was tricked into leaking sensitive information to the attacker with no user action or visible UI.

What’s the risk of email-delivered prompt injection attacks?

Enterprise AI assistants often have complete visibility across emails, documents, and internal platforms. This means an attacker does not need to compromise credentials or move laterally through an environment. If successful, they can influence the AI to retrieve relevant information seamlessly, without the labor of compromise and privilege escalation.

The first risk is data exfiltration. In a prompt injection scenario, malicious instructions may be embedded within an ordinary email. As in the ShadowLeak attack, when AI processes that content as part of a legitimate task, it may interpret the hidden text as an instruction. This could result in the AI disclosing sensitive data, summarizing confidential communications, or exposing internal context that would otherwise require significant effort to obtain.

The second risk is agentic workflow poisoning. As AI systems take on more active roles, prompt injection can influence how they behave over time. An attacker could embed instructions that persist across interactions, such as causing the AI to include malicious links in responses or redirect users to untrusted resources. In this way, the attacker inserts themselves into the workflow, effectively acting as a man-in-the-middle within the AI system.

Why can’t other solutions catch email-delivered prompt injection attacks?

AI prompt injection challenges many of the assumptions that traditional email security is built on. It does not fit the usual patterns of phishing, where the goal is to trick a user into clicking a link or opening an attachment.  

Most security solutions are designed to detect signals associated with user engagement: suspicious links, unusual attachments, or social engineering cues. Prompt injection avoids these indicators entirely, meaning there are fewer obvious red flags.

In this case, the intention is actually the opposite of user solicitation. The objective is simply for the email to be delivered and remain in the inbox, appearing benign and unremarkable. The malicious element is not something the recipient is expected to engage with, or even notice.

Detection is further complicated by the nature of the prompts themselves. Unlike known malware signatures or consistent phishing patterns, injected prompts can vary widely in structure and wording. This makes simple pattern-matching approaches, such as regex, unreliable. A broad rule set risks generating large numbers of false positives, while a narrow one is unlikely to capture the diversity of possible injections.

How does Darktrace catch these types of attacks?

The Darktrace approach to email security more generally is to look beyond individual indicators and assess context, which also applies here.  

For example, our prompt density score identifies clusters of prompt-like language within an email rather than just single occurrences. Instead of treating the presence of a phrase as a blocking signal, the focus is on whether there is an unusual concentration of these patterns in a way that suggests injection. Additional weighting can be applied where there are signs of obfuscation. For example, text that is hidden from the user – such as white font or font size zero – but still readable by AI systems can indicate an attempt to conceal malicious prompts.

This is combined with broader behavioral signals. The same communication context used to detect other threats remains relevant, such as whether the content is unusual for the recipient or deviates from normal patterns.

Ask your email provider about email-delivered AI prompt injection

Prompt injection targets not just employees, but the AI systems they rely on, so security approaches need to account for both.

Though there are clear indications of emerging activity, it remains to be seen how popular prompt injection will be with attackers going forward. Still, considering the potential impact of this attack type, it’s worth checking if this risk has been considered by your email security provider.

Questions to ask your email security provider

  • What safeguards are in place to prevent emails from influencing AI‑driven workflows over time?
  • How do you assess email content that’s benign for a human reader, but may carry hidden instructions intended for AI systems?
  • If an email contains no links, no attachments, and no social engineering cues, what signals would your platform use to identify malicious intent?

Visit the Darktrace / EMAIL product hub to discover how we detect and respond to advanced communication threats.  

Learn more about securing AI in your enterprise.

Continue reading
About the author
Kiri Addison
Senior Director of Product

Blog

/

AI

/

April 30, 2026

Mythos vs Ethos: Defending in an Era of AI‑Accelerated Vulnerability Discovery

mythos vulnerability discoveryDefault blog imageDefault blog image

Anthropic’s Mythos and what it means for security teams

Recent attention on systems such as Anthropic Mythos highlights a notable problem for defenders. Namely that disclosure’s role in coordinating defensive action is eroding.

As AI systems gain stronger reasoning and coding capability, their usefulness in analyzing complex software environments and identifying weaknesses naturally increases. What has changed is not attacker motivation, but the conditions under which defenders learn about and organize around risk. Vulnerability discovery and exploitation increasingly unfold in ways that turn disclosure into a retrospective signal rather than a reliable starting point for defense.

Faster discovery was inevitable and is already visible

The acceleration of vulnerability discovery was already observable across the ecosystem. Publicly disclosed vulnerabilities (CVEs) have grown at double-digit rates for the past two years, including a 32% increase in 2024 according to NIST, driven in part by AI even prior to Anthropic’s Mythos model. Most notably XBOW topped the HackerOne US bug bounty leaderboard, marking the first time an autonomous penetration tester had done so.  

The technical frontier for AI capabilities has been described elsewhere as jagged, and the implication is that Mythos is exceptional but not unique in this capability. While Mythos appears to make significant progress in complex vulnerability analysis, many other models are already able to find and exploit weaknesses to varying degrees.  

What matters here is not which model performs best, but the fact that vulnerability discovery is no longer a scarce or tightly bounded capability.

The consequence of this shift is not simply earlier discovery. It is a change in the defender-attacker race condition. Disclosure once acted as a rough synchronization point. While attackers sometimes had earlier knowledge, disclosure generally marked the moment when risk became visible and defensive action could be broadly coordinated. Increasingly, that coordination will no longer exist. Exploitation may be underway well before a CVE is published, if it is published at all.

Why patch velocity alone is not the answer

The instinctive response to this shift is to focus on patching faster, but treating patch velocity as the primary solution misunderstands the problem. Most organizations are already constrained in how quickly they can remediate vulnerabilities. Asset sprawl, operational risk, testing requirements, uptime commitments, and unclear ownership all limit response speed, even when vulnerabilities are well understood.

If discovery and exploitation now routinely precede disclosure, then patching cannot be the first line of defense. It becomes one necessary control applied within a timeline that has already shifted. This does not imply that organizations should patch less. It means that patching cannot serve as the organizing principle for defense.

Defense needs a more stable anchor

If disclosure no longer defines when defense begins, then defense needs a reference point that does not depend on knowing the vulnerability in advance.  

Every digital environment has a behavioral character. Systems authenticate, communicate, execute processes, and access resources in relatively consistent ways over time. These patterns are not static rules or signatures. They are learned behaviors that reflect how an organization operates.

When exploitation occurs, even via previously unknown vulnerabilities, those behavioral patterns change.

Attackers may use novel techniques, but they still need to gain access, create processes, move laterally, and will ultimately interact with systems in ways that diverge from what is expected. That deviation is observable regardless of whether the underlying weakness has been formally named.

In an environment where disclosure can no longer be relied on for timing or coordination, behavioral understanding is no longer an optional enhancement; it becomes the only consistently available defensive signal.

Detecting risk before disclosure

Darktrace’s threat research has consistently shown that malicious activity often becomes visible before public disclosure.

In multiple cases, including exploitation of Ivanti, SAP NetWeaver, and Trimble Cityworks, Darktrace detected anomalous behavior days or weeks ahead of CVE publication. These detections did not rely on signatures, threat intelligence feeds, or awareness of the vulnerability itself. They emerged because systems began behaving in ways that did not align with their established patterns.

This reflects a defensive approach grounded in ‘Ethos’, in contrast to the unbounded exploration represented by ‘Mythos’. Here, Mythos describes continuous vulnerability discovery at speed and scale. Ethos reflects an understanding of what is normal and expected within a specific environment, grounded in observed behavior.

Revisiting assume breach

These conditions reinforce a principle long embedded in Zero Trust thinking: assume breach.

If exploitation can occur before disclosure, patching vulnerabilities can no longer act as the organizing principle for defense. Instead, effective defense must focus on monitoring for misuse and constraining attacker activity once access is achieved. Behavioral monitoring allows organizations to identify early‑stage compromise and respond while uncertainty remains, rather than waiting for formal verification.

AI plays a critical role here, not by predicting every exploit, but by continuously learning what normal looks like within a specific environment and identifying meaningful deviation at machine speed. Identifying that deviation enables defenders to respond by constraining activity back towards normal patterns of behavior.

Not an arms race, but an asymmetry

AI is often framed as fueling an arms race between attackers and defenders. In practice, the more important dynamic is asymmetry.

Attackers operate broadly, scanning many environments for opportunities. Defenders operate deeply within their own systems, and it’s this business context which is so significant. Behavioral understanding gives defenders a durable advantage. Attackers may automate discovery, but they cannot easily reproduce what belonging looks like inside a particular organization.

A changed defensive model

AI‑accelerated vulnerability discovery does not mean defenders have lost. It does mean that disclosure‑driven, patch‑centric models no longer provide a sufficient foundation for resilience.

As vulnerability volumes grow and exploitation timelines compress, effective defense increasingly depends on continuous behavioral understanding, detection that does not rely on prior disclosure, and rapid containment to limit impact. In this model, CVEs confirm risk rather than define when defense begins.

The industry has already seen this approach work in practice. As AI continues to reshape both offense and defense, behavioral detection will move from being complementary to being essential.

Continue reading
About the author
Andrew Hollister
Principal Solutions Engineer, Cyber Technician
Your data. Our AI.
Elevate your network security with Darktrace AI