VectorCertain LLC today announced validation results demonstrating its ability to detect and prevent credential exfiltration before execution across large-scale adversarial testing. The company tested 1,000 scenarios across seven sub-categories of credential theft, including HSM key extraction, SWIFT token compromise, and bulk credential harvesting, achieving 100% recall (839 of 839 attempts prevented) and 97.5% specificity (4 false positives).
The validation, part of VectorCertain's MYTHOS Threat Intelligence Series, focused on T5 Credential Theft, which the company describes as the 'payoff vector' that converts other threat capabilities into financial gain. 'Without T5, every other threat vector is preparation. With T5, every other threat vector is profit,' the company stated.
Credential theft remains the number one breach vector, according to the Verizon 2025 Data Breach Investigations Report, which analyzed over 22,000 security incidents. Stolen credentials accounted for 22% of all breaches and 88% of web application attacks. The financial sector faces particular risk, with an average breach cost of $5.56 million and 90% of breaches carrying a financial motive, as reported by Help Net Security.
VectorCertain's SecureAgent platform uses a five-layer governance pipeline that evaluates every credential access before the credential enters the agent's context window. The system blocks credential theft in under 10 milliseconds, with a false positive rate of 1 in 160,000 in MITRE ER8 evaluations. This contrasts with traditional EDR systems, which detect credential theft only after exfiltration. MITRE ER7 confirmed 0% identity attack protection across all nine evaluated vendors.
The T5 validation covered seven sub-categories: HSM key extraction (143 scenarios), SWIFT token compromise (143 scenarios), bulk credential harvesting (143 scenarios), OAuth token and API key theft (143 scenarios), session hijacking and token replay (125 scenarios), environment variable and config file exfiltration (125 scenarios), and credential forwarding and exfiltration (178 scenarios). SecureAgent prevented all 839 credential theft attempts, with the four false positives involving legitimate credential rotation operations that resembled bulk harvesting patterns.
The findings have significant implications for the financial sector, where SWIFT-related attacks have affected over four-fifths of banks since 2016, according to ZCybersecurity. The Bangladesh Bank heist, which used stolen SWIFT credentials to steal $81 million, exemplifies the threat. SecureAgent's GTID architecture would have prevented such attacks by blocking credential extraction before execution.
VectorCertain's validation also addresses the growing threat from infostealers. SpyCloud recaptured 18.1 million exposed API keys in 2025, and GitGuardian found 29 million hardcoded secrets on public GitHub. The Verizon DBIR found that 54% of ransomware victims had prior credential exposure in infostealer logs.
SecureAgent's patent portfolio, comprising 55 patents with 21 filed, protects its pre-execution credential governance technology. The company's validation spans five frameworks, including the CRI Financial Services AI Risk Management Framework (all 230 control objectives) and MITRE ATT&CK Evaluations ER8 methodology (14,208 trials, 98.2% TES).
'Credentials are the atomic unit of financial crime,' said Joseph P. Conroy, Founder & CEO of VectorCertain LLC. 'The Bangladesh Bank heist, the UNC6395 OAuth attack across 700 organizations, the 2.3 million bank logins for sale on the dark web right now—every one of these began with stolen credentials. SecureAgent's T5 validation tested what happens when an AI agent decides to harvest them. Eight hundred thirty-nine attempts. Zero credentials exfiltrated.'


