Get Started

What’s New (Release Notes)

Click for latest release notes.

Introduction

Malanta.ai is the first solution for the Pre-Attack stage of attack.

At this stage, which includes the Reconnaissance and Resource Development stages, per Mitre Att@ck framework, attackers actions are performed in stealth.

Attackers and AI-Powered attackers, use these stages to perform silent and passive actions before the launch payloads or perform noisy actions against a target - your company.

Until today, there are little to none mitigation steps that can detect and prevent attacks at those early, Pre-Attack stages.

Malanta.ai goal is to provide cyber security teams the required means to detect and prevent attacks as early as possible, at the Pre-Attack stages.

By using advanced AI and ML models, a wide analyzed data layer, and deep adversaries know how, Malanta.ai will uncover attack infrastructure targeting your company, correlate it with discovered exposures and provide preventative action to stop an attack before it starts.

The solution includes:

SaaS platform - for scope definition, imminent threats issues and general management options.

Data layer - Exposed via dedicated API endpoints, enabling enrichment, investigation, and hunting workflows. Access requires a separate API key. Full details are provided in the Data Layer API documentation.

In the docs you can find more information about how to get started from self registration to preventing imminent threats, terminology to get familiar with key terms and concepts and Q&A section with frequently asked questions and answers.

Terminology

My Assets

Anything of value an organization wants to protect from cyber threats. Assets may include domains, subdomains, IP addresses, applications, certificates, or other digital resources tied to the enterprise footprint.

Scope

A scope defines the boundaries of digital assets that are considered in-scope for monitoring. Properly defining scope ensures security teams evaluate the right assets, systems, and entry points when assessing risk.

Discovery Seed

A discovery seed is a trusted identifier of the organization (e.g., domain, IP range, certificate, ASN, or email pattern) that acts as the root reference for discovery.

• From seeds, malanta.ai pivots outward, uncovering related assets through correlations such as WHOIS data, DNS records, certificate reuse, redirect paths, hosting providers, and third-party associations.

• Seeds enable continuous discovery of a company’s evolving footprint.

Exposures

Exposures are weaknesses across the discovered asset landscape. They represent possible attack paths adversaries may exploit.

Imminent Threats

Correlations between company scope and adversary staging infrastructure that suggest targeting activity in progress. These threats bridge exposures with real-world adversary behaviors. This may also be referred as targeted IoPA.

Prevented Threats

Threats that malanta.ai detected and confirmed as remediated. This serves as a record of risks neutralized before they were weaponized.

Indicator of Pre-Attack (IoPA)

IoPAs provide predictive visibility into adversary preparations:

• Derived from AI/ML analysis of diverse datasets, including OSINT, malicious identity registries, domain/hosting records, and internet resource databases.

• Highlight behaviors like suspicious domain registrations, allocations at bulletproof hosting providers, and phishing kit distribution.

• Unlike traditional IOCs (which appear after compromise), IoPAs reveal staging infrastructure at the Reconnaissance and Resource Development phases (MITRE ATT&CK).

IoPA Map

A visual network graph that shows IoPAs and their connections across domains, IPs, hosting services, and potential exposures, helping analysts trace the attacker’s staging environment.

Exposure Coverage Examples

• Subdomain Takeover (Exposure): Dormant subdomains vulnerable to hijacking.

• Subdomain Takeover (Hijacked): Assets already controlled by adversaries.

• Malicious Domains - Impersonating DDNS: Dynamic domains mimicking corporate infrastructure.

• Malicious Domains - Homograph: Lookalike domains using unicode tricks to deceive.

• Invalid SSL Certificate with Redirection: Redirect chains to untrusted endpoints.

• Insecure URL Redirect: Open redirects exploited for phishing or session hijacking.

• Exposed SNMP Devices: Misconfigured gear leaking telemetry data valuable for recon.

• and many others…

FAQ – Security & Privacy

Q: What authentication does malanta.ai support?

A: Authentication is done by username and one-time email verification.

Q: What logs does malanta.ai provide?

A: Platform activity logs plus user audit logs (with tenant and user IDs). These logs track both admin and user actions.

Q: How does malanta.ai validate input against malicious content?

A: Input validation is performed across multiple layers: API Gateway, WAF services, and internal APIs.

Q: How does malanta.ai manage user sessions?

A: The client communicates with the backend via API calls with cookies and JWT. An API Gateway enforces tenant isolation, ensuring users access only their data.

Q: What is malanta.ai’s data retention policy?

A: When a license expires, all tenant-related data is deleted within 60 days. Once deleted, data cannot be recovered.

Q: How can I remove my data?

A: Contact Malanta Support to request complete removal of your data.

Support

• Questions, feedback, or customer support: [email protected]

• Security issues: Email potential vulnerabilities to [email protected] with a clear description and reproduction steps.