Paweł Rybczyk, CEO Labyrinth Security Solutions

Yuriy Gatupov, VP Sales Director at Labyrinth Security Solutions

Labyrinth Security is a cyber deception platform, an efficient tool to detect and stop hackers’ activities inside the corporate network. Put simply, making honeypots/decoys that catch real hackers.

Welcome to the first TADSummit online Conference session of 2026. I did mis-speak in the video and say TADHack, because I’ve been busy building VCONIC TADHack most of this week.

In the beginning

Labyrinth Security Solutions was founded in 2019 in the Ukraine. The war forced the business to relocate to Poland. The founding team, of which Yuriy is part are pentesters and red team members. They bring relevant experience for creating deception platforms.

A penetration tester is a cybersecurity expert who conducts authorized simulated cyberattacks (pen tests) on systems, networks, or applications to find and exploit security weaknesses (vulnerabilities) before malicious hackers can, helping organizations strengthen their defenses, Essentially, they act like to test how easily a system can be broken into, identifying flaws and providing ways to fix them.

A Red Team is a group of authorized security experts who simulate real-world cyberattacks against an organization to test its defenses, acting as ethical adversaries to find and exploit weaknesses in technology, processes, and people before malicious attackers can.

The idea was born after a discussion with a Ukrainian end-user. A solution that can detect cyber threats at the very early stage of the attack. The main request of the end-user was to have an efficient solution, that is very precise in DETECTION but at the same time does not require a lot of manpower to manage it, with low number of false positives.

That was the trigger to propose a strategy for the product, based on a honeypots / decoys. The offering from existing deception platforms was not perfect, either due to the functionality or license cost. This was the moment three colleagues: Vlad Zakhozhai (developer), Sergey Aleynikov (ethical hacker) and Yuri Gatupov (sales) decided to create the Labyrinth Deception Platform. After one year of development the product was delivered to the first customer.

Labyrinth sells through partners, they recently announce a US partnership with AB Distributing. However, Europe is their home base.

The Core of Labyrinth, Quantity and Quality

I asked a kick-off question on how their honey pots work? Yuriy made the point these are not open source based using for example T-Pot or CONPOT.

The deception must be perfect. Hackers come across those open source honeypots often. One advantage they have over open source is efficiency. The ratio is about 150:1 on using Labyrinth versus open source. Thats many more decoys with Labyrinth on what can be viewed as a numbers game, this is a quantity play.

With open source there is no charge for the software, but the compute resources do incur costs. And the deception includes multiple services to ensure the hacker spends time with the decoy services. That is also part of the Labyrinth design, high interaction, the quality play, combined with many decoys, ensuring hackers spend hours potentially days with each of the decoys, before realizing, if ever, its fake or they are getting nowhere,

Yuriy gave a good example with one of their partners’ deployments, the in-country SERT (Security Emergency Response Team) notified them of a vulnerable deployment. Even the security experts are convinced of its authenticity.

Four Layer Model

Bohdan asked about malicious insiders. Yuriy mentions Canary Tokens, a simple way to tripwire things. Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones.

Place them where nobody should be poking around and get an alarm if they are accessed. They are designed to look juicy to attackers to increase the likelihood that they are opened. They are open source.

Labyrinth differentiate from this by being represented across four layers of the security stack. Dark web monitoring, phish-backs, active directory as a bait with fake credentials, and decoys that should not be accessed unless by a hacker. Malicious insiders was raised in our session with Freaky Clown.

An important trend is not hacking systems, its logging into systems using credentials from info stealers. We covered Infostealers with Alerts Bar last year. Yuriy reference the acquisitions of Seraphic by CrowdStrike and also SGNL. Identities are now continuously granted and revoked based on real-time risk. With SGNL, CrowdStrike will extend dynamic authorization across SaaS and hyperscaler cloud access layers.

Labyrinth’s Business

Bohdan asked about the regions Labyrinth works. Definitely not China, and also not Russia, nor North Korea, because of the security risks. They are strong in the Commonwealth of Independent States (CIS), expanding in Western Europe / Latin America, and have a US deal recently announced.

Bohdan moved onto the type of customers, and the type of solution they buy. Yuriy shares Labyrinth was not the first deception solution on the market, however, they are the first to market with an optimized solution addressing quantity and quality metrics, so delivers on early threat detection, network monitoring, identity driven attacks, and malicious insiders,

One license is $4k pa, its low as deception should be present in every cyber security stack. Its an on-prem solution, not SaaS. Works in air-gap environments. That is a computer system or network physically and logically isolated from all external network. Which means it popular with government and military organizations.

They can deliver a complete solution, both hardware and software, for example an enterprise that s a number of branches distributed around a country,

After an incident if there’s a back door, the decoys will show if its still present. Monthly subscription is also available though MSSP partners (Managed Security Service Provider). There are no hardware restrictions, and it works on Azure and AWS.

Bohdan asked about AI, which resulted in a few laughs, their solution does not require an AI model. However, they do use AI for analyzing and fingerprint hacker activities, that they include in their quarterly reports. These reports are regional, e.g. within the CIS region, which is a differentiator to the big guys that tend to be US centric.

To wrap-up Bohdan asked about the role of ethical hackers. There are ethical hackers within Labyrinth. During POC (Proof of Concept) customers often engage ethical hackers, e.g. FireEye. In one case the security team only worked only one shift, giving hackers time to explore unobserved. They generated 1300 alerts with Labyrinth, which and the POC was stopped after one night. As its purpose had been served.