.svg)
.svg)
.svg)
VerifiedThreat is an AI-driven threat and vulnerability platform originally designed for governments and sovereign nations. It simulates state-sponsored red team attacks on critical infrastructure, national security assets, and enterprise systems. The VerifiedThreat Index (VTI) is an evaluation tool designed to measure the overall vulnerability level to external cybersecurity threats within the corporate sectors.
It is designed to assess 21 key criteria, from WAF & Firewall operations, to vulnerability to automated traffic, and provides companies with an overall picture of how well their perimeter defence is performing against their peers.
All results derive from non-invasive, controlled simulation activity and do not reflect active breach indicators or confirmed adversarial campaigns. Rather, they reveal the types of exposure that may be exploited through known methods such as bot-based reconnaissance, session hijacking, site impersonation, and unmitigated behavioural simulation.
This context is provided solely to inform strategic cybersecurity planning and sectoral hardening. The VerifiedThreat Index (VTI) reflects exposure-level intelligence derived from the VerifiedThreat telemetry, and real-time digital vulnerability analysis conducted during a monthly 30-day assessment window.
The VTI index produces regional and sector aggregated threat data to measure overall performance amongst the relevant peer group. The competitive and sector context is important. Often in security, you don’t have to be the very best, but you do have to be better than your closest neighbour. Inadequately protected sites will inevitably become a focus for attackers, who are encouraged by the lack of robust protection, to launch further sophisticated attacks, with the certain knowledge the defence is proven to be weak.
The agentic AI runs an extremely lightweight series of risk assessments that has no impact on performance, but is nevertheless very powerful at identifying vulnerabilities. It measures the vulnerability from an outside in perspective, using Red Team simulation to identify major weak spots.
GenAI-powered services - previously limited to advanced threat actors - are now widely available through darknet marketplaces, often operated by syndicates based in Iran, North Africa, and Eastern Europe. These toolkits are enabling both state-aligned and non-state actors to launch scalable, highly automated cyber operations with minimal technical expertise. VerifiedThreat simulates these types of attacks. If a vulnerability is discovered, the VerifiedThreat agents then go into ‘swarm mode’ - where smart agents act in concert to expose, validate and provide the evidential proof of the scale of the underlying risk. This helps to validate the real risk to prevent false positives, and also exposes the scale of the risk.
Although the exact sequence of tests isn’t disclosed to keep the VerifiedThreat Index (VTI) entirely objective, the following represents the types of attack simulation performed:
- Vulnerability to reconnaissance based attacks using common hacker tools and platforms.
- WAF settings / configuration testing
- Tests common agents in “stealth’ mode that attempt to hide their origins by rotating IP, user agents, and footprints.
- Identifies vulnerable asset protection on login paths, APIs, payment gateways, etc.
- Propensity for fake account creation
- Site Cloning - for high value targets such as banks, financial portals, or major ecommerce sites, where the entire brand is cloned and data mined for access credentials made into the fake site.
- Identifying fake search engine crawlers e.g. fake googlebot
- Cookie Data Integrity / propensity for cookie manipulation & hijacking
- Overall site exposure to automated traffic
- Mitigation bypass techniques for e.g. CAPTCHA.
- Exposure to data mining / API abuse
- Fingerprint / footprint client authentication and blocking
- Overall user latency / access and performance.
What do the results actually mean?
"There is no such thing as 99% security"