Arctic Wolf Introduces Decipio as Gated Community Beta for Credential Theft Detection

Arctic Wolf released Decipio, a community-shared defensive cybersecurity tool, as a limited, gated community beta. The company said the tool is intended to detect credential-stealing attempts during the attempt phase inside a network.

Arctic Wolf described credential theft as a common way cyberattacks begin and as difficult to detect early, citing its annual threat report that identifies stolen credentials as a primary initial access vector. The company said Decipio was built to surface credential-stealing activity before stolen credentials were used for lateral movement or damage.

Decipio was designed as an early-warning tripwire that distinguishes attackers when they attempt to steal credentials using common Windows network techniques, including LLMNR and NBT-NS abuse. The company said the signal is binary, requires minimal tuning, and is intended to provide clear, high-confidence evidence for rapid investigation.

Arctic Wolf said Decipio will be introduced publicly during the SANS AI Summit, where it will be presented alongside leading security researchers and practitioners. It also said the beta will use access review and grant status for verified defenders.

“As attackers automate faster and operate more quietly, defenders can’t afford to only respond after the damage is done,” said Ismael Valenzuela, VP of Threat Intelligence Research at Arctic Wolf. “Decipio represents a defense-first approach to AI-powered attacks that is designed to catch threat actors the moment they reveal themselves and gives defenders the home-field advantage. By sharing this tool with the community, we’re inviting practitioners to help shape how AI is applied responsibly in cyber defense.”