Arctic Wolf launches early warning tool for credential theft
Arctic Wolf has launched Decipio, a cybersecurity tool designed to detect credential theft inside corporate networks. The product is being offered through a gated community beta to organisations, including those in Australia.
Decipio is intended to identify attempts to steal login details at the point of attack, rather than after stolen credentials have been used to move through a network or cause wider damage. It targets a common early stage of intrusions, when attackers try to capture usernames and passwords before establishing a deeper foothold.
According to Arctic Wolf's threat research, credential theft remains a common starting point for cyberattacks. Stolen credentials continue to rank among the main initial access routes used by attackers, increasing pressure on security teams to detect these incidents earlier.
Decipio focuses on Windows network activity linked to credential-stealing techniques, including abuse of LLMNR and NBT-NS. It is designed to act as an early-warning tripwire, producing a binary signal with limited tuning and giving investigators a clearer indication that an attacker has attempted to harvest credentials.
The release comes as Australian organisations face a rise in phishing and credential abuse, including attacks supported by artificial intelligence tools. Security vendors and corporate defenders have been grappling with a growing volume of low-cost, automated activity that can make traditional detection methods harder to manage.
Arctic Wolf has an established presence in the Australian market, working with small and medium-sized businesses and mid-market organisations. Its local customer base includes Arts Centre Melbourne, Parramatta Eels and Brighton Grammar School, and it employs about 70 staff in Australia.
Early detection
Arctic Wolf is positioning Decipio as a defensive tool shared with the security community rather than as a fully open-source release. Access is limited to verified defenders through a gated process intended to reduce the risk of misuse.
That approach reflects a broader debate in cybersecurity over how defensive tools should be distributed when the same underlying techniques can be studied and adapted by attackers. As AI systems make it easier to scrape, copy and reuse code and methods at scale, some vendors have become more cautious about placing security tools in the public domain without restrictions.
Arctic Wolf said gated access would allow practitioners to test the product and provide feedback while limiting wider exposure. It described the beta as community-led, with the aim of involving defenders in shaping the tool's development.
For security teams, the practical issue is time. Detecting a credential theft attempt as it happens can narrow the investigation window and may help contain an incident before an attacker uses the stolen information to escalate access, move laterally or disrupt systems.
Many existing detection tools focus on activity that appears after a compromise is underway, such as unusual logins, privilege escalation or suspicious movement between systems. By contrast, Decipio is designed to flag the initial theft attempt itself, which Arctic Wolf argues could reduce the delay between intrusion and response.
The announcement also highlights how AI is shaping both sides of the cyber market. Vendors increasingly describe their products in terms of AI-based analysis or automation, while threat researchers warn that attackers are using the same technologies to make phishing and credential abuse more convincing and scalable.
Ismael Valenzuela, vice president of threat intelligence research at Arctic Wolf, said the company sees the tool as part of a shift towards earlier intervention.
"As attackers automate faster and operate more quietly, defenders can't afford to only respond after the damage is done," Valenzuela said.
"Decipio represents a defense-first approach to AI-powered attacks that is designed to catch threat actors the moment they reveal themselves and gives defenders the home-field advantage. By sharing this tool with the community, we're inviting practitioners to help shape how AI is applied responsibly in cyber defense," he said.