Skip to Content
Adversary in the middle


Block AiTM attacks before they even start

16k

Up to 16k new AiTM records per day

400%

We've seen a 400% increase in AiTM activity in 2025 already

9+

Additional feeds, allowing for further proactive blocking of malicious infrastructure

Seamless Microsoft Defender Integration

Simply enable this integration from within our portal and get indicators fed into your Microsoft Defender deployment in real time.


Block users from accessing AiTM infrastructure and raise alerts in your Defender dashboard when they do.

Real time blocking of AiTM phishing sites
Microsoft Defender indicators feed

Conditional Access Policy Integration

Don't just prevent users from accessing AiTM infrastructure, but consume our named location feed in your conditional access policies in order to block authentication to your environment from AiTM infrastructure.

Real time updates of conditional access policies
Full API access with swagger documentation

Full API access

We all have unique use cases, so we also make our data available in a flexible format via our API so that you can consume it however you wish.

We even let you pull down all recent data so you can run queries locally rather than via the API.

Great for custom use cases and great for investigations.

Our latest content

Check out our latest adversary tracking blogs:

Your Dynamic Snippet will be displayed here... This message is displayed because you did not provide both a filter and a template to use.