Oleksandr (Alex) Nahirniak, Co-Founder Vulnebify

Ivan Bayev, Co-Founder Vulnebify

Introduction

Vulnebify’s solution delivers validated geopolitical cyber threat intelligence by correlating attacker behavior in high-risk regions with each customer’s unique external exposure, supporting early identification of material risks.

They directly address the current asymmetry in cyber security. Attacks now run at the speed of AI, while defense continues to operates at a human speed. Hackers have used automations, we’ve covered last year how LLMs can create quite effective phishing emails in the session on social engineering with Matt Holland and Enrico Faccioli.

The rise of AI-enhanced hacking

Alex shared how Anthropic reported on the risk of AI-enhance attacks. The AI Models’ general levels of capability have increased for example in software coding—lending themselves to being used in cyberattacks.

Models can act as agents—that is, they can run in loops where they take autonomous actions, chain together tasks, and make decisions with only minimal, occasional human input.

AI Models have access to a wide array of software tools (often via the open standard Model Context Protocol). They can now search the web, retrieve data, and perform many other actions that were previously the sole domain of human operators. In the case of cyber attacks, the tools might include password crackers, network scanners, and other security-related software.

The attacks are now much more sophisticated, using social engineering. The timing of Vulnebify is good, there’s a clear need. They began with using AI scanning for vulnerabilities in attack surface of networks. And doing that realized the tools implemented active reasoning. Identifying gaps and how to exploit them. That required a decision, do they focus on AI-enhanced pen testing, or focus on defence.

Vulnebify’s Process

Their process requires 3 steps:

• Discovery. External exposure of a business.
• Based on that discovery process, build customer specific decoys.
• The decoy is able to deceive a hacker and hence the hacker reveals their processes. Ivan shares his experience in building drone decoys to for the war with Russia, so Russian arms, munitions, and positions are exposed and wasted.

Now Bohdan starts his questioning 🙂

• He referenced our podcast from Dec 2024 with Jeremy Turner from TacitRed, and Aaron Birnbaum (TRaViS). Who both provide external attack surface management.
• And from January 2026 the honeypots of Labyrinth Security.

Bohdan explains its not just a honeypot, with a well known signature, rather unique infrastructure based on the people, partners, and suppliers of that business automated by AI. An infrastructure with domain name history. The decoy is referenced in popular hacker channels to encourage hackers to expose their TTPs (Tactics, Techniques, and Procedures) a structured framework used in cybersecurity to analyze, understand, and defend against the behavior of cyber threat actors.

Targets and Actors

Mobile operators are popular targets, see our SKT hack debrief, because of the national significance, the revenue / security potential of hacking a telco, and the thousands of bilateral partners telcos have, even small regional telcos makes them popular targets.

AI-enhanced hacking will become a popular tool for students / people with time on their hands that previously lacked the expertise to explore the weaknesses of telcos and banks. The potential users of AI-enhanced hacking go far beyond commercial hackers and state actors. In a sense Vulnebify is fighting fire with fire, when it comes to AI.

Bohdan moved onto malicious employees, do Vulnebify have the ability to identify them? Freaky Clown highlighted this as a significant threat. Alex highlighted partnering with Labyrinth Security is a possibility. The field of Cyber Security is moving fast, Vulnebify shows the role AI can play in defense, and no one solution has 100% coverage.

For catching malicious employees the decoy companies can be repeated thousands of times, it just takes one slip by the malicious employee. This is an interesting point on the volume of content available to entice bad actors into exposing their TTPs (Tactics, Techniques, and Procedures), which are constantly evolving thanks to AI.

Ivan makes a good point, Vulnebify is not a static honeypot that is easy to fingerprint, rather dynamic, a honeypot of honeypots. With fake employees and social media that distracts hackers. They’re fighting hackers with time through distractions created by AI.

Monitoring

The discussion moved onto Alerts Bar who we interviewed in November about their deep darknet monitoring for infostealers and canary tokens (discussed with Labyrinth Security). Vulnebify alert partners on fake data they expose, so clients do not get false positive notifications. It’s becoming a highly dynamic environment.

For the fake credentials, law enforcement can be informed to catch the hackers.

The discussion moved onto Alex’s work on country-wide scanners, to discover exposed video and audio devices. We’ve covered that in the risks of open source software, those exposed devices can be used to spy on people.

Bohdan pushes on pricing, but currently its per customer pricing given the customization of the decoys and specific deployment requirements. Alex makes clear protecting their intellectual property is important. They offer a free trial, so customers can see the benefits of their approach. Their initial focus is Europe given is proximity and legal protections of intellectual property

I asked about the long term goal, as in my opinion they are automating the creation of custom decoy infrastructure, and associated fake credentials, social media, employees, and partner companies. Ivan sees training of the AI as key to enable hundred of thousands of decoys to be created. So the real enterprises are lost in the noise.

Across the companies we have interviewed through the past year, things are moving fast in cyber security, decoys and honey pots are important, with all the associated data to make them seem real. Accompanied with deep dark net monitoring to discover when your data, or faked data, is exposed to catch malicious partners / employees. And it’s all being automated, so real enterprises can hide in the noise. I’m not sure where this ends, but the volume of the cyberwar has jumped by orders of magnitude.