The EDR Bypass Index is a vendor-neutral, normalized, cited record of publicly-reported techniques that have bypassed endpoint security products. It exists because no security vendor can publish a neutral tally of bypasses that includes its own product.
Sourcing. Every entry is drawn from public reporting — security research, incident writeups, advisories — and links to its original disclosure. Where the public record is silent, we omit; we do not infer.
Normalization. Each bypass is classified consistently against the MITRE ATT&CK technique set and a single confidence scale, across every vendor and all history, so cross-vendor comparison and trends are computed on the same basis.
Scope. The Index reports what is happening across the landscape. It does not assess whether any specific organization is exposed — that depends on a deployment we do not have and do not collect.
Produced by ColdRecon. Defensive intelligence; detection and mitigation notes accompany entries where the source provides them.