The MITRE ATT&CK Enterprise Evaluations, widely considered the most rigorous cybersecurity testing program, published results for Enterprise Round 7 in December 2025, revealing significant protection gaps across the industry. The evaluation incorporated cloud adversary emulation, identity-centric attacks, and cross-environment lateral movement simultaneously for the first time, testing platforms against real-world adversaries including Scattered Spider, the criminal collective responsible for the MGM Resorts and Caesars Entertainment breaches, and Mustang Panda, a PRC state-sponsored espionage group.
Nine vendors participated in the evaluation, with three major players—Microsoft, SentinelOne, and Palo Alto Networks—withdrawing before testing began. The results showed a maximum block rate of 31% achieved by any ER7 vendor, with CrowdStrike and Cybereason tying for the highest protection score. More concerning was the zero percent identity attack blocking rate across all nine vendors, despite Test 2 specifically targeting identity providers using Scattered Spider's exact techniques. Cloud attack blocking rates ranged from zero to 7.7%, with five of nine vendors blocking nothing in the first AWS adversary emulation in MITRE's history.
VectorCertain LLC took a different approach, conducting its own rigorous self-evaluation using MITRE's published ER7 adversary emulations as a baseline. The company extended the evaluation beyond ER7's scope by adding Volt Typhoon, a third adversary targeting U.S. critical infrastructure, and incorporating behavioral governance testing via the H-Neuron Overcompliance Test Suite and memory governance testing via the Adaptive Memory Relevance Scoring framework. VectorCertain's internal results showed 100% protection rate against all three adversaries across 14,208 total tests, with zero failures and a false positive rate of zero percent.
The architectural difference between VectorCertain's SecureAgent platform and traditional cybersecurity solutions explains the performance gap, according to the company's analysis. SecureAgent employs a four-gate governance pipeline that evaluates every proposed AI agent action before execution, rather than detecting threats after they occur. This approach addresses the fundamental limitation identified in ER7: identity abuse does not generate endpoint telemetry, making it invisible to traditional detection systems. The complete methodology and results are available for independent review at evals.mitre.org.
The implications of these findings extend beyond individual vendor performance to global economic consequences. According to multiple industry reports, global fraud and cybersecurity losses totaled $485.6 billion in 2023, with companies worldwide losing 7.7% of their annual revenue on average to fraud. VectorCertain characterizes this as a "7% Global AI and Cybersecurity Tax" that represents an invisible, compounding extraction on the world's economies. IBM's 2025 Cost of a Data Breach Report quantifies the average incident cost at $4.44 million globally, with more than $4 million spent after attackers are already inside.
VectorCertain has formally enrolled in MITRE's ATT&CK Evaluations Enterprise 2026 (ER8), positioning SecureAgent as the first AI Safety and Governance platform in the program's history. ER8 will introduce a standardized composite scoring framework that moves beyond binary detection and protection flags toward holistic measurement of how completely platforms stop adversaries. The company's enrollment contrasts with the withdrawal trend among major vendors, which has seen participation decline 63% from peak levels in three years.
The evaluation results highlight a fundamental architectural challenge in cybersecurity: platforms built to detect threats after execution rather than prevent actions before them face structural limitations. As AI-enabled attacks mature and scale across criminal and nation-state operations, prevention-focused architectures may become essential rather than optional. VectorCertain's internal testing suggests that governance-before-execution approaches could significantly reduce the economic burden of cybersecurity failures, though independent verification through MITRE's ER8 evaluation will provide definitive third-party validation.
