AI-driven defense is only as strong as the ground-truth data it relies on.
We believe that security automation and AI-driven defense are only as effective as the ground-truth intelligence they’re built on. ELLIO delivers foundational threat intelligence focused on the earliest phases of the attack lifecycle - reconnaissance and mass exploitation - where adversaries signal intent before impact. Our mission is simple: Reduce operational burden and security spend by disrupting threats upstream, before incidents escalate and become costly.
Our story
5 JAN
Stealth Launch
Started research and analysis of the pre-attack threat landscape.
30 JUN
High-signal IP Blocklist Release
Launched our flagship IP blocklist - ELLIO Threat List MAX - a large-scale, high-fidelity IP blocklist derived from observed exploitation and recon traffic in real-time.
1 OCT
Smart ELLIO Blocklist Manager
Launched a customizable platform for precise IP blocking and allowlisting, reducing false positives while maintaining strong protection.
1 APR
ELLIO Exploitation and Recon Threat Intelligence Platform
Launched a unified platform for actionable defense against mass exploitation and network reconnaissance, including threat intelligence, perimeter protection, and cyber deception.
1 NOV
Advanced Network Fingerprints
Added network fingerprinting analysis to the ELLIO Intelligence Platform, giving teams faster insights and early-stage attack prevention.
15 DEC
Tripled Sensor Coverage
Expanded ELLIO Cyber Deception Network threefold, improving real-time detection and visibility across threats.
1 JUN
MITRE ATT&CK® Integration
Integrated the MITRE ATT&CK® framework into the ELLIO Intelligence Platform for deeper threat analysis.
5 AUG
Open-Source TCP Fingerprint Firewall
Introduced Recon Shield, an open-source TCP fingerprint firewall, boosting protection against reconnaissance and pre-attack activity.
15 JAN
Interactive Historical IP Timeline
Expanded ELLIO Intelligence with a Historical IP Timeline for deeper insights, easier filtering, and quick report exports.
2022
5 JAN
Stealth Launch
Started research and analysis of the pre-attack threat landscape.
2023
30 JUN
High-signal IP Blocklist Release
Launched our flagship IP blocklist - ELLIO Threat List MAX - a large-scale, high-fidelity IP blocklist derived from observed exploitation and recon traffic in real-time.
1 OCT
Smart ELLIO Blocklist Manager
Launched a customizable platform for precise IP blocking and allowlisting, reducing false positives while maintaining strong protection.
2024
1 APR
ELLIO Exploitation and Recon Threat Intelligence Platform
Launched a unified platform for actionable defense against mass exploitation and network reconnaissance, including threat intelligence, perimeter protection, and cyber deception.
1 NOV
Advanced Network Fingerprints
Added network fingerprinting analysis to the ELLIO Intelligence Platform, giving teams faster insights and early-stage attack prevention.
15 DEC
Tripled Sensor Coverage
Expanded ELLIO Cyber Deception Network threefold, improving real-time detection and visibility across threats.
2025
1 JUN
MITRE ATT&CK® Integration
Integrated the MITRE ATT&CK® framework into the ELLIO Intelligence Platform for deeper threat analysis.
5 AUG
Open-Source TCP Fingerprint Firewall
Introduced Recon Shield, an open-source TCP fingerprint firewall, boosting protection against reconnaissance and pre-attack activity.
2026
15 JAN
Interactive Historical IP Timeline
Expanded ELLIO Intelligence with a Historical IP Timeline for deeper insights, easier filtering, and quick report exports.
AI-adaptive cyber deception.
ELLIO operates a global deception network and honeypots, giving you direct access to core threat data with unique context, free from third-party noise and data contamination. We continuously envolve cyber deception to capture authentic adversary behavior at scale.
Inspired by the legacy of the first antivirus pioneers.
ELLIO was founded by Vlad Iliushin and Jana Tom, who met at Avast, the company behind the first Windows 95 antivirus. Backed by Presto Ventures, they launched ELLIO to automate, optimize, and uncover emerging threats before they grow into incidents.
Backed by Presto Ventures.
Latest improvements & insights.
.png)
Coordinated Credential-Stuffing Campaign Targets Palo Alto GlobalProtect Portals
A coordinated credential-stuffing campaign hit GlobalProtect VPN portals with 8,575 IPs in 48 hours. Three attack waves, 78 targeted usernames, one password. Our team breaks down the timeline, infrastructure, fingerprints, and what defenders can do.
"n8n" is the new "admin."
On February 10, 2026, our deception network recorded "n8n" overtaking "admin" as the #2 most brute-forced SSH username. The campaign scaled from a handful of probing IPs to hundreds of unique sources in under a week, with attackers rapidly iterating through password variants.
New Historical IP Timeline is live
ELLIO Threat Intelligence Platform expands its capabilities with an interactive Historical IP Timeline, giving teams deep visibility into historical IP activity with flexible filtering and report-ready exports.
Massive, realistic attack surface emulation.
Early-stage attack chain coverage.
High-interaction & behavioral capture.
Attribution-ready metadata.
Integrated with automated response systems.
FAQ
What is ELLIO?
ELLIO is a research lab focusing on real-time detection and analysis of mass exploitation and network reconnaissance.