Huntress has found itself at the center of controversy after revealing that an attacker mistakenly installed its endpoint detection and response tool, allowing Huntress to monitor the attacker’s activities for three months. As reported in the Register, This unprecedented visibility into the attacker’s operations revealed their use of various tools including automation, artificial intelligence, phishing kits, and various malware techniques, while they also attempted to enhance their safety online with a premium Malwarebytes browser extension. Huntress’s research highlights how the attacker downloaded the trial version through a sponsored Google link while searching for security software, leading to a unique surveillance opportunity.
While many in the cybersecurity community praised Huntress for the insights gained, others raised ethical concerns regarding the monitoring of an adversary without notifying authorities. The incident has sparked a debate about the responsibilities of private companies in cybersecurity, highlighting the balance between transparency and privacy in the field.
Following the backlash, Huntress emphasized that their research aimed to enhance community knowledge about threats while adhering to privacy obligations.
Why do we care?
Let’s not overcomplicate this—Huntress got lucky. A hacker installed their tool by mistake, and they got a three-month peek at how modern cybercrime works. AI, automation, phishing kits—you name it, the attacker used it. Some folks are wringing their hands about whether Huntress should’ve called the cops right away. But let’s be real—the attacker’s a criminal. The real value here is the intelligence Huntress shared back with the community. For MSPs, that’s the lesson: you want vendors who don’t just sell you software but actually bring you knowledge from the front lines. Because criminals aren’t waiting around, and neither should we.