The MITRE ATT&CK Enterprise Round 7 evaluation, considered the most demanding in the program's history, revealed significant protection gaps across the cybersecurity industry. Nine participating vendors achieved a maximum block rate of 31%, with CrowdStrike and Cybereason tying for the highest protection score. The remaining 69% of adversarial actions executed without being stopped, according to data published at https://evals.mitre.org in December 2025.
More concerning were the zero-percent blocking rates in critical attack categories. All nine vendors scored zero on identity attack protection, despite Test 2 targeting identity providers using Scattered Spider's exact techniques from the MGM Resorts and Caesars Entertainment breaches. Cloud attack blocking ranged from 0% to 7.7% across the cohort, with five vendors blocking nothing in the first AWS adversary emulation in MITRE's history. Lex Crumpton, Principal Cybersecurity Engineer at MITRE, stated the evaluation provided "a comprehensive view of today's cyber landscape, testing defenses against identity abuse, cloud exploitation, and strategic espionage."
Three major vendors—Microsoft, SentinelOne, and Palo Alto Networks—withdrew from ER7 before the evaluation began, citing various reasons including Microsoft's Secure Future Initiative and SentinelOne describing the evaluations as "PR-driven." This withdrawal trend represents a 63% decline in participation from peak levels in 2022. Allie Mellen, Principal Analyst at Forrester Research, warned that vendors claiming 100% results may be "manipulating the results by only showing parts of results that they feel benefit them" or "turning on settings in the product that are unrealistic for a real-world environment."
VectorCertain LLC took a different approach, conducting internal evaluations using MITRE's ER7 methodology while extending testing to include Volt Typhoon attacks and AI safety dimensions not covered by MITRE. The company claims SecureAgent blocked 100% of attacks across 14,208 tests covering three adversary scenarios, with zero failures and zero false positives. These results, while not MITRE-verified, represent what VectorCertain calls an architectural breakthrough over traditional detection-based systems.
The company's four-gate governance pipeline evaluates AI agent actions before execution rather than detecting threats after they occur. This approach addresses the fundamental limitation revealed in ER7: identity abuse doesn't generate endpoint telemetry that traditional EDR platforms can detect. VectorCertain's analysis of all 1,986 rows of ER7 data suggests the 31% protection ceiling is structural rather than a product quality issue.
The implications extend beyond cybersecurity to global economics. VectorCertain frames current losses as a "7% Global AI and Cybersecurity Tax" on organizations worldwide, citing data from Nasdaq Verafin's 2024 Global Financial Crime Report showing $485.6 billion in global fraud and cybersecurity losses in 2023. IBM's 2025 Cost of a Data Breach Report quantifies the average incident cost at $4.44 million globally, with U.S. organizations absorbing $10.22 million per breach. IBM's research found that prevention-focused AI workflows saved an average of $2.22 million per breach—the single largest cost-reduction factor in their study.
VectorCertain has formally enrolled in MITRE's Enterprise Round 8 evaluation, positioning SecureAgent as the first AI Safety and Governance platform in ATT&CK Evaluations history. The company's internal methodology and results are available for review, though independent verification awaits MITRE's ER8 evaluation scheduled for 2026. As Carl Manion, Managing VP at Gartner, noted, "DR-based cybersecurity will no longer be enough to keep assets safe from AI-enabled attackers." The industry faces increasing pressure to move beyond detection and response architectures that have normalized failure costs as business expenses.
