Research & news
Dream researchers push technology to its furthest edge, building and testing breakthrough capabilities, from artificial intelligence and advanced threat hunting to malware reverse engineering, and vulnerability research in existing and emerging attack surfaces.
Operating at the frontier of cyber and artificial intelligence research, we turn bold ideas into working innovation that strengthens how nations anticipate, understand, and neutralize the most complex threats.
Anthropic’s Claude Code Security announcement triggered predictable reactions across the industry. Excitement, curiosity, and in some corners, anxiety. Whenever a frontier LLM vendor steps into anything labeled “security,” the same question surfaces: is this the beginning of displacement?
In January 2026, Dream uncovered a targeted supply-chain attack in Southeast Asia, where malicious updates were delivered through MicroWorld Technologies’ eScan antivirus infrastructure. Dubbed Verglas internally, the campaign replaced a trusted component with a trojanized version, enabling remote access and blocking future updates to prevent cleanup. Building on earlier reports from MORPHISEC and others, Dream’s platform identified additional indicators and autonomously reconstructed the full infection chain. Organizations using the affected update mechanism should assume compromise and act immediately.
Between late Dec 2025 and mid-Jan 2026, a covert cyber-espionage campaign targeted diplomatic, election, and policy officials by exploiting trust rather than technical vulnerabilities. Attackers distributed malicious documents masquerading as diplomatic briefings or materials that appeared credible, timely, and aligned with real geopolitical events. Simply opening the files triggered compromise, deploying a customized PlugX malware variant associated with the China-nexus threat actor Mustang Panda. Identified by Dream’s threat-hunting AI, the campaign underscores a defining trend in modern espionage: credibility and impersonation have become more effective than technical exploits in enabling long-term intelligence collection.
Dream’s Identity Researcher is an LLM-powered tool that finds hidden privilege escalation routes in Active Directory by identifying tiering violations where lower-tier objects can access Tier 0 assets. These misconfigurations are common and often create silent paths to full-domain compromise, but now with the Identity Researcher, they are exposed before attackers can exploit them.
This analysis of the F5 BIG-IP breach showcases how Dream’s Posture Engine transforms static visibility into genuine defensive intelligence. Powered by CLM and Dream’s cyber ontology, the platform reveals how misconfigurations and privilege relationships create real attack paths by prioritizing risks based on exploitability and impact. In the F5 supply chain case, this reasoning-based approach uncovered hidden exposure patterns that traditional tools missed, showing that the Dream platform not only identifies risks but truly understands them.