New Innovation Equips Defenders to Thwart Attackers Attempting Privilege Escalation
San Francisco, CA – October 7, 2025 — Horizon3.ai, the leading provider of offensive security solutions, today announced the availability of Active Directory (AD) Tripwires, a major enhancement to its NodeZero® Offensive Security Platform.
Attackers target AD because it sits at the center of enterprise identity, with an estimated 90% of Global 1000 organizations relying on it for identity access management today. While CVEs might open the first door, privilege escalation almost always happens through identity-driven techniques: cached tokens, Kerberos ticket reuse, weak trust relationships or misconfigurations. Traditional tools miss these moves because they blend into normal logs, leaving defenders blind until it’s too late.
“With today’s news, our customers now have an attacker-informed early warning system – the equivalent of installing security cameras while breaking into your own house,” said Snehal Antani, CEO and Co-founder, Horizon3.ai. “We’re proud to be empowering more global defenders to go on the offensive, and, armed with an attacker’s-eye view of their security posture, stop more breaches before they happen.”
AD Tripwires now provides defenders with a powerful map and compass to catch attackers in the act of attempting privilege escalation to solve one of the most difficult and persistent challenges in deception: knowing where to put the decoys. As recently noted in the NSA’s jointly released guidance for Mitigating Active Directory Compromises, taking steps to properly gain control over AD remains a powerful way for enterprises to protect their most sensitive data from persistent attackers and stop breaches before they can cause reputational and financial damage.
With AD Tripwires, defenders can now:
- Reduce attacker dwell time from weeks to minutes;
- Catch attempts to steal credentials or escalate privileges at the identity layer before attackers achieve domain admin;
- Detect stealthy identity attacks that bypass traditional monitoring tools; and,
- Prove identity defenses are working in production.
Research shows nearly half of organizations have experienced AD attacks, with more than 40% resulting in compromise. A common example is Kerberos ticket abuse, with attackers quietly requesting tickets to crack and escalate privileges. AD Tripwires detects these actions immediately.
NodeZero has already proven in benchmarks like Game of Active Directory (GOAD) that AD can be compromised in minutes. AD Tripwires give defenders the ability to detect those types of identity attacks as they happen in production. In addition, AD Tripwires integrates seamlessly into SOC workflows, feeding directly into existing detection and alerting tools. Each alert includes the compromised identity, the attack path that led there and how the adversary attempted to use it, enabling faster and more precise incident response.
AD Tripwires is available today to all NodeZero Tripwires™ customers worldwide.
About Horizon3.ai
Horizon3.ai empowers organizations to continuously verify their security posture with NodeZero®, the industry’s leading autonomous pentesting platform. Built to think and act like an attacker but operate safely in production, NodeZero identifies exploitable weaknesses, prioritizes fixes based on real-world impact, and verifies remediation at scale. Customers across manufacturing, healthcare, finance, and national security rely on NodeZero to reduce risk and accelerate security outcomes.
Follow Horizon3.ai on LinkedIn and X.
Horizon3.ai Media Contact
Cara Foley
press@horizon3.ai