Knowledge Graph Domains Resources Datasets Research Tools AI Models Learning Ecosystem Explore Atlas Free
Discovery Platform Knowledge · Resources · Datasets · AI · Tools · Research

The Cybersecurity
Discovery Platform.

CT Atlas is where every cybersecurity journey begins. Discover knowledge, explore relationships, find datasets, research tools, AI models, and intelligence — all connected through one living graph.

50K+
Knowledge Nodes
2M+
Relationships
180+
Domains
4K+
Tools Indexed
Live
Real-time Updates
Example · Log4Shell Traversal
CVE-2021-44228 · Log4Shell
Apache Log4j 2.x · Affected Library
1,600+ Affected Products
Threat Actors · APT41, Lazarus, Conti
MITRE ATT&CK · T1190 Exploit Public App
Detection Rules · YARA / Sigma / Snort
AI Models · Datasets · Learning Resources
Workspace 1 · Knowledge Graph

Everything is
connected.

Unlike isolated wikis or documentation, CT Atlas maps every relationship between every entity in cybersecurity. Click any node. Follow any connection. The graph expands into a universe.

Traverse in any direction
From a CVE, reach the malware that exploits it, the actors who use it, and the datasets and AI models that detect it.
Real-time relationship scoring
Relationships scored by recency, confidence, and source quality so the most relevant connections surface first.
AI-powered path discovery
Ask AI to find the shortest path between any two entities — from a CVE to a compliance control, or from an attacker to a detection rule.
Workspace 2 · Knowledge Domains

The cybersecurity universe,
organized as a graph.

Every domain is a cluster of interconnected nodes — not isolated pages. Click any domain to explore its full relationship universe.

Workspace 3 · Resource Explorer

The World's Open
Cybersecurity Ecosystem.

CT Atlas indexes trusted public resources, enriches them with AI, and connects them through meaningful relationships. Indexed — not hosted. Connected — not duplicated.

Open Source
Open Source Projects
Security-focused open source projects from GitHub and beyond — indexed, categorized, and relationship-mapped.
Indexed28,400+ projects
AI SummaryAvailable
UpdatedContinuous
DetectionOffensiveForensics
Explore Projects
Repositories
GitHub Repositories
Security-focused repositories indexed with star counts, contributors, license types, and full relationship mapping to CVEs and threats.
Indexed142K+ repos
AI SummaryAvailable
UpdatedDaily
YARASigmaExploits
Explore Repos
Frameworks
Security Frameworks
NIST, MITRE, CIS, ISO, and 280+ other frameworks — every control connected across the compliance landscape.
Indexed280+ frameworks
AI SummaryAvailable
UpdatedPer release
NISTISO 27001CIS
Explore Frameworks
Government
Government Advisories
CISA, NSA, NCSC, ANSSI, BSI, and 40+ government agencies — every advisory connected to related CVEs and mitigations.
Indexed18,200+ advisories
AI SummaryAvailable
UpdatedReal-time
CISANSANCSC
Explore Advisories
Research
Research Papers
Academic and industry research from ArXiv, IEEE, ACM, and major conferences — AI-summarized and relationship-mapped.
Indexed42K+ papers
AI SummaryAvailable
UpdatedWeekly
ArXivIEEEUSENIX
Explore Papers
Conferences
Conference Talks
DEF CON, Black Hat, RSA, CCC, and 80+ conferences — every talk indexed with speaker profiles, topics, and full graph connections.
Indexed62K+ talks
AI SummaryAvailable
UpdatedPer event
DEF CONBlack HatRSA
Explore Talks
Blogs
Security Blogs
Threat reports and research posts from 1,200+ vetted security blogs — AI-summarized, deduped, and relationship-mapped daily.
Indexed380K+ posts
AI SummaryAvailable
UpdatedReal-time
VendorIndependentAcademic
Explore Blogs
Podcasts
Podcasts
Darknet Diaries, SANS Stormcast, Risky Business, and 400+ podcasts — every episode transcribed, indexed, and connected.
Indexed48K+ episodes
AI SummaryAvailable
UpdatedDaily
TranscribedSummarized
Explore Podcasts
APIs
Security APIs
VirusTotal, Shodan, GreyNoise, and 180+ public security APIs — every endpoint documented, categorized, and connected.
Indexed180+ APIs
AI SummaryAvailable
UpdatedContinuous
Threat IntelScanning
Explore APIs
Learning
Learning Resources
TryHackMe, Hack The Box, PortSwigger, 600+ public platforms — indexed, connected, and AI-path-recommended.
Indexed240K+ resources
AI SummaryAvailable
UpdatedWeekly
LabsCoursesCerts
Explore Learning
Communities
Security Communities
Reddit, Discord servers, Slack workspaces, and forums — every community indexed as a connected knowledge node.
Indexed2,400+ communities
AI SummaryAvailable
UpdatedWeekly
DiscordRedditSlack
Explore Communities
Books
Books
Foundational and cutting-edge security books — chapter-indexed, topic-mapped, and connected to threats and frameworks they cover.
Indexed3,400+ books
AI SummaryAvailable
UpdatedWeekly
PentestingForensicsBlue Team
Explore Books
Workspace 4 · Dataset Explorer

Cybersecurity Datasets,
Discovered & Connected.

CT Atlas discovers and indexes publicly available cybersecurity datasets. Every dataset is connected to related threats, malware, research, AI models, and detection rules — not hosted, just intelligently mapped.

🦠
VirusShare Malware Repository
VirusShare.com · Public Dataset
Open
Over 50 million malware samples collected since 2011. One of the largest publicly accessible malware repositories, indexed by file type, hash, and family classification.
📦 50M+ samples
📁 Binary · Hash · PCAP
🕐 Updated daily
8,600+
Malware Families
320+
Research Papers
142
AI Models
4,200+
YARA Rules
1,400+
Threat Actors
28
Timeline Events
📡
CAIDA Network Traffic Datasets
CAIDA · UC San Diego · Research License
Research
Passive traffic measurement data including packet traces, flow data, and topology datasets for network security research and anomaly detection development.
📊 Petabytes
📁 PCAP · NetFlow · BGP
🕐 Since 1998
640+
DDoS Techniques
280+
Research Papers
88
AI Models
840+
Sigma Rules
12
CT Hunt Rules
8
Timeline Events
🧠
CTI-Dataset · MITRE Threat Intelligence
MITRE · Apache 2.0
Apache 2.0
Structured threat intelligence data in STIX 2.1 format covering APT groups, malware, attack patterns, and indicators. The definitive open-source CTI dataset.
📋 STIX 2.1 · JSON
🔗 12M+ indicators
🕐 Continuous
2,400+
Threat Actors
8,600+
Malware
700+
ATT&CK TTPs
220
AI Models
640
Research
42
CT Hunt Rules
Workspace 5 · Research Explorer

Academic & Industry Research,
Intelligently Connected.

Every paper, report, and publication automatically connected to the threats, malware, CVEs, tools, datasets, and frameworks it references — creating a living research graph.

Academic Paper
ArXiv · IEEE S&P 2024
Open Access
SoK: Eternal War in Memory — A Decade of Memory Safety Vulnerabilities and Defenses
A systematic study of memory safety vulnerabilities over 10 years, analyzing 15,000+ CVEs and categorizing exploit primitives, mitigation bypasses, and the effectiveness of modern defenses including CFI and shadow stacks.
220K+ CVEs
CWE-119 · CWE-787
Exploitation techniques
MITRE ATT&CK
Threat Report
Mandiant · Google Cloud
Vendor Research
M-Trends 2024: Cyber Threat Intelligence Report — Global Threat Landscape Analysis
Comprehensive analysis of 1,400+ incident response investigations across 26 industries. Median dwell time reduced to 10 days globally. Novel APT techniques, initial access vectors, and defense recommendations from frontline IR teams.
2,400+ threat actors
8,600+ malware families
700+ ATT&CK TTPs
18K+ incidents
Government Report
CISA · NSA · FBI Joint Advisory
Government
Top Routinely Exploited Vulnerabilities 2023 — Joint Cybersecurity Advisory
Joint advisory identifying the most routinely exploited vulnerabilities in 2023. Analysis of 12 critical CVEs exploited by nation-state and cybercriminal actors, with prioritized remediation guidance for network defenders.
12 critical CVEs
Nation-state actors
CISA KEV linked
Mitigations mapped
AI Security Research
USENIX Security 2024
Open Access
PromptInject: Adversarial Prompt Attacks on Large Language Models in Security Contexts
First systematic study of prompt injection attacks targeting LLMs deployed in security tools. Identifies 14 novel attack vectors, evaluates 8 major LLMs, and proposes a defense taxonomy aligned with MITRE ATLAS framework.
AI Security domain
MITRE ATLAS
6 AI models linked
LLM datasets
Conference Talk
DEF CON 32 · 2024
Talk
Breaking Modern EDR: Novel Kernel-Level Evasion Techniques in Windows 11
Presentation revealing 6 novel kernel-level evasion techniques effective against modern EDR solutions. Demonstrates callback unhooking via direct syscalls, ETW patching, and process injection using Windows undocumented APIs.
EDR bypass techniques
T1562 ATT&CK
4 tools referenced
CVE-2024-linked
CERT Publication
CERT/CC · Carnegie Mellon
CERT
Supply Chain Vulnerability Analysis: Software Bill of Materials and Transitive Dependency Risks
Analysis of SBOM effectiveness in detecting transitive dependency vulnerabilities across 10,000 open source projects. Found 78% of critical vulnerabilities exist in transitive dependencies invisible to standard scanning tools.
Supply chain domain
28K+ CVEs linked
SBOM frameworks
SolarWinds · XZ Utils
Workspace 6 · Tool Explorer

4,400+ Security Tools,
Relationship-Mapped.

Every security tool — open source and commercial — connected to related threats, malware, ATT&CK techniques, datasets, research, and playbooks through the knowledge graph.

All Tools 4,400+
Network Analysis 320
Threat Detection 480
Forensics 620
Threat Intelligence 380
Vuln Management 290
SIEM / SOAR 240
Offensive / Red Team 560
Wireshark
Network Analysis · Open Source · Cross-platform
Open SourceNetwork
The world's foremost network protocol analyzer. Captures and interactively browses traffic running on a computer network in extreme detail. Connected to every network-based MITRE ATT&CK technique, PCAP datasets, threat hunting playbooks, and detection research.
2,400+
Related Threats
340+
ATT&CK TTPs
1,200+
Research Papers
84
Playbooks
320
PCAP Datasets
22
AI Models
Velociraptor
Digital Forensics & Incident Response · Open Source
Open SourceDFIR
Advanced DFIR platform enabling digital forensics, incident response, and endpoint monitoring at scale. Uses VQL query language to collect forensic artifacts across thousands of endpoints simultaneously.
3,200+
Artifacts
480+
ATT&CK TTPs
280+
Research
840+
Malware Linked
120
CT Forensics
42
Playbooks
OpenCTI
Threat Intelligence Platform · Open Source
Open SourceCTI
Open source threat intelligence platform built on the OpenCTI framework. Structures, stores, and visualizes technical and non-technical information about cyber threats using STIX2 standards. Every entity connected to the CT Atlas graph.
2,400+
Threat Actors
8,600+
Malware
700+
ATT&CK TTPs
12M+
IOCs
640+
Research
38
Playbooks
Metasploit Framework
Offensive Security · Open Source
Open SourceRed Team
The world's most used penetration testing framework. Contains 2,100+ exploits, payloads, and auxiliary modules. Every module connected to CVEs, CWEs, ATT&CK techniques, affected products, and threat actor usage patterns.
2,100+
Exploits
220K+
CVEs Linked
560+
ATT&CK TTPs
1,400+
Threat Actors
480+
Research
64
Playbooks
Workspace 7 · AI Model Explorer

Security AI Models,
Indexed & Connected.

CT Atlas discovers and indexes AI models built for cybersecurity. Every model connected to related research, datasets, threats, and frameworks. Models are indexed here — deployed in CT Market.

All Models
Malware Detection
Phishing Detection
Security LLMs
Embeddings
Detection Models
Security Agents
MCP Servers
RAG Systems
🛡
MalBERT
HuggingFace · Open Source
Malware Detection
BERT-based transformer fine-tuned on Android malware analysis. Classifies malware families from static code features with 97.4% accuracy across 14 malware families.
ClassificationStatic AnalysisAndroid
840 malware families
12 research papers
3 datasets linked
28 ATT&CK TTPs
🤖
SecureLLM
CyberSec AI Lab · Open Weights
Security LLM
7B parameter language model fine-tuned on cybersecurity corpora including CVE descriptions, MITRE ATT&CK, threat reports, and YARA/Sigma rules. Optimized for security reasoning tasks.
Threat AnalysisRule GenerationCVE Summary
220K CVEs connected
42K research papers
700+ ATT&CK TTPs
8 datasets linked
🎣
PhishGuard-v2
Google Research · Apache 2.0
Phishing Detection
Real-time URL and email phishing detection model. Achieves 99.2% precision on zero-day phishing URLs combining lexical analysis with visual similarity scoring.
URL AnalysisEmail FilteringReal-time
160 phishing datasets
840+ threat actors
T1566 ATT&CK
22 research papers
🔍
CyberBERT Embeddings
Microsoft Research · Open
Embeddings
Sentence embeddings specialized for cybersecurity text. Dramatically improves semantic similarity search across CVE descriptions, threat reports, and technical documentation.
Semantic SearchSimilarityRAG
CT Atlas integration
220K CVEs vectorized
42K papers indexed
8 RAG systems
🕵
ThreatHunter Agent
Elastic · Apache 2.0
Security Agent
Autonomous threat hunting agent that traverses SIEM logs, correlates with ATT&CK techniques, generates hunting hypotheses, and produces structured investigation reports.
Threat HuntingLog AnalysisSIEM
700+ ATT&CK TTPs
CT Hunt integration
420 log datasets
2,400+ threat actors
SecurityMCP
Community · Open Source
MCP Server
Model Context Protocol server exposing cybersecurity knowledge to AI assistants. Connects Claude, GPT-4, and other LLMs directly to CVE data, threat intelligence, and MITRE ATT&CK through the CT Atlas API.
MCPTool UseContext
CT Atlas API
220K CVEs exposed
180+ security APIs
CT Intelligence
Workspace 8 · Learning Explorer

Learn Cybersecurity.
Connected to Everything.

Every learning resource — labs, courses, certifications, and CTFs — connected to the threats, techniques, tools, and real incidents they teach. AI paths recommend your next step.

All Resources
Labs & CTFs
Courses
Certifications
Workshops
Free Only
🟥
Hack The Box Academy
Hack The Box · Platform · Free + Pro
Hands-on cybersecurity learning with structured paths, real-world labs, and active machines. Every module connected to ATT&CK techniques, malware families, and real threat actor TTPs.
Labs Free Tier 700+ ATT&CK TTPs 8,600+ malware families
🟩
TryHackMe
TryHackMe · Platform · Free + Premium
Browser-based cybersecurity training with guided learning paths for beginners through advanced practitioners. SOC, pentesting, and threat intelligence tracks fully mapped to real-world knowledge.
Beginner-Friendly Free Tier ATT&CK Mapped 480+ rooms
🔵
PortSwigger Web Security Academy
PortSwigger · Web Application Security · Free
Completely free, world-class web security training. Every OWASP vulnerability category covered with interactive labs — each topic connected to CVEs, exploits, and real-world incidents.
100% Free Web Security OWASP Top 10 220+ labs
🟠
SANS Institute Courses
SANS · Professional Training · Paid
Industry-leading security training with GIAC certifications. FOR508, SEC504, SEC560 and 60+ courses — every curriculum connected to ATT&CK, DFIR artifacts, and real incident case studies.
Professional GIAC Certs DFIR · Pentesting 60+ courses
🟣
pwn.college
Arizona State University · Free · Academic
Free university-grade cybersecurity education covering binary exploitation, reverse engineering, and system security. Academic rigor connected to real-world vulnerability research and exploit databases.
100% Free Academic Binary Exploitation University-grade
Atlas Connections for Learning
ATT&CK Techniques Taught
T1059 · Command & Scripting
84 courses
T1566 · Phishing
62 courses
T1110 · Brute Force
48 courses
T1055 · Process Injection
38 courses
Connected Malware Families
WannaCry · Ransomware
42 resources
Mimikatz · Credential Tool
38 resources
Cobalt Strike · C2
29 resources
Real Incidents Covered
SolarWinds Supply Chain
18 resources
Log4Shell Exploitation
24 resources
Colonial Pipeline Attack
16 resources
AI Path · SOC Analyst
1
TryHackMe · SOC Level 1 Path
2
PortSwigger · Web Security Academy
3
Hack The Box · Blue Team Labs
4
SANS SEC504 · Incident Response
5
GIAC GCIH Certification
API Explorer

180+ Security APIs,
Mapped & Connected.

Every public cybersecurity API indexed with full documentation links, relationship maps, and CT Atlas integration status.

VirusTotal API
Google · Threat Intelligence
Live
Analyze files, URLs, domains, and IPs against 70+ antivirus engines. Access threat intelligence feeds and behavioral analysis data via REST API.
RESTJSONFree tierEnterprise
Threats8,600+ malware families connected
CVEs220K+ vulnerability records
Actors2,400+ threat actor profiles
Shodan API
Shodan · Internet Intelligence
Live
Search engine for internet-connected devices. Query exposed services, banners, SSL certificates, and vulnerabilities across the entire internet from a single API.
RESTJSONFree tierStreaming
CVEs220K+ vulnerability scan data
InfraIndustrial · IoT · OT systems
ActorsNation-state infrastructure tracking
GreyNoise API
GreyNoise · Internet Noise Intelligence
Live
Distinguishes internet background noise from targeted threats. Identifies IPs scanning the internet, their intent, and associated threat context for cleaner SOC investigations.
RESTJSONCommunityEnterprise
ThreatsMass scanning activity mapped
CVEsExploitation activity tracking
IOCsBenign vs. malicious classification
NVD / NIST CVE API
NIST · Official CVE Database
Live
Official U.S. government vulnerability database API. Access 220K+ CVEs with CVSS scores, CWE mappings, CPE affected products, and remediation guidance in structured JSON.
RESTJSONFreeNo auth
CVEs220K+ vulnerability records
ProductsCPE affected product mapping
Research42K+ paper connections
AbuseIPDB API
AbuseIPDB · IP Reputation
Live
Community-driven IP address blacklist and reputation database. Check, report, and monitor abusive IPs, spam sources, brute force attackers, and malicious actors at scale.
RESTJSONFree tierBulk
IOCs12M+ malicious IP records
ThreatsBrute force · spam · DDoS
TTPsT1110 · T1498 ATT&CK linked
Censys Search API
Censys · Attack Surface Intelligence
Live
Attack surface management and internet intelligence platform. Query certificates, hosts, and services with deep protocol-level scanning data and historical snapshots for attribution.
RESTGraphQLFree tierEnterprise
InfraInternet-wide certificate mapping
CVEsExposed service vulnerability data
OSINTActor infrastructure attribution
Live Knowledge Feed

The graph updates
in real-time.

New CVEs, threat actor updates, malware discoveries, advisories, and research — every new node is instantly connected to the existing knowledge graph the moment it is indexed.

New CVEs Today
48
Published & mapped
↑ +12 from yesterday
Threat Updates
124
Actor & malware updates
↑ Live monitoring
New Relationships
2.1K
Graph edges added today
↑ Continuous mapping
Advisories Indexed
17
Government & CERT
↑ Real-time indexing
Live Graph Updates
2,847 updates today
New CVE
CVE-2025-1234 · Critical RCE in Apache HTTP Server
Connected → 840 affected products · ATT&CK T1190 · 3 threat actors
2m ago
Threat Actor Update
APT29 · New Infrastructure Identified
Connected → 14 new IOCs · 3 malware families · CISA advisory
8m ago
Research Paper
New Research: LLM-based Malware Generation Analysis
Connected → AI Security domain · 12 malware families · SecureLLM model
14m ago
CISA Advisory
KEV Update · 4 New Exploited Vulnerabilities Added
Connected → CVE-2025-0891, CVE-2025-0892 · Patch deadlines linked
22m ago
New Malware
BlackMamba v3 · New Ransomware Variant Discovered
Connected → LockBit family · 6 YARA rules · T1486 ATT&CK
35m ago
Framework Update
MITRE ATT&CK v16.1 · 12 New Techniques Added
Connected → 840+ existing techniques · 2,400+ threat actor profiles updated
1h ago
AI Model Indexed
VulnBERT · New Vulnerability Severity Prediction Model
Connected → 220K CVEs · CVSS scoring · 3 research papers
2h ago
Dataset Added
SANS ICS Dataset 2025 Published
Connected → 14 AI models · 3 research papers · learning resources
3h ago
Workspace 10 · AI Graph Explorer

Ask anything.
The graph answers.

CT Atlas AI doesn't just search — it traverses the knowledge graph, follows relationships, and synthesizes answers from hundreds of connected nodes across all workspaces.

What threat actors use Log4Shell and what malware do they deploy?
Map every MITRE technique used in the SolarWinds attack
Which AI models can detect LockBit ransomware variants?
Find all datasets and tools for hunting APT29 infrastructure
AI
CT Atlas Intelligence
Graph traversal active
AI
Ask me anything about the cybersecurity knowledge graph. I traverse relationships across threats, techniques, tools, datasets, research, and AI models to give you connected answers.
You
What threat actors use Log4Shell and what malware do they deploy?
AI
Traversing: CVE-2021-44228 → Threat Actors → Malware...
APT41 (China) · deployed Cobalt Strike, DUSTPAN
Hafnium · initial access + web shells
Conti (Cybercrime) · ransomware delivery
Lazarus Group (NK) · cryptomining + backdoors
Prophet Spider · access broker exploitation
Workspace 11 · Cyber Maps

Specialized views of
the knowledge graph.

Pre-built interactive map visualizations for common cybersecurity workflows, analysis patterns, and landscape exploration.

CVE Map
Vulnerability Exploit Timeline
CVEs ordered by exploitation in the wild, CVSS scores, and threat actor usage. Identify what is being actively exploited right now.
CISA KEVLive Updates
ATT&CK Map
ATT&CK Technique Heatmap
MITRE ATT&CK matrix visualized by frequency of use across observed threat actor campaigns and real-world incidents.
700+ TechniquesHeat Scored
Supply Chain
Supply Chain Attack Graph
Software supply chain dependencies mapped against known compromises, malicious packages, and upstream vulnerabilities in the ecosystem.
DependenciesSBOMs
Compliance
Framework Crosswalk Map
Map controls across NIST, ISO 27001, CIS, SOC 2, PCI DSS, GDPR, and 280+ frameworks with visual overlap and gap analysis.
280+ FrameworksCrosswalk
AI Security
AI Security Threat Landscape
AI-specific attack surfaces, adversarial ML techniques, prompt injection vectors, and the evolving MITRE ATLAS framework visualized as an interactive graph.
MITRE ATLASLLM Threats
Workspace 12 · Knowledge Timeline

History of cybersecurity,
fully connected.

Every major incident, research breakthrough, and framework release mapped to the actors, malware, techniques, tools, and datasets it produced. Not a list — a living connected timeline.

2020
SolarWinds Supply Chain Attack
APT29 / Cozy Bear compromised SolarWinds Orion software, affecting 18,000+ organizations including US government agencies. Defined the era of software supply chain threats.
APT29Supply ChainSUNBURSTNation State
2021
Colonial Pipeline Ransomware
DarkSide ransomware group attacked Colonial Pipeline, disrupting fuel supply to the US East Coast. First critical infrastructure ransomware attack to cause real-world physical impact and a US federal emergency declaration.
DarkSideRansomwareCritical InfrastructureICS
2021
Log4Shell · CVE-2021-44228
Critical JNDI injection vulnerability in Apache Log4j affecting billions of devices globally. Became one of the most exploited vulnerabilities in history within days of disclosure with exploitation by nation-state and criminal actors.
Log4jRCEZero-DayMass Exploitation
2023
MOVEit Transfer Mass Exploitation
Cl0p ransomware group exploited CVE-2023-34362 in MOVEit Transfer, compromising 2,500+ organizations and 95 million+ individuals in a single coordinated mass exploitation campaign.
Cl0pMOVEitMass ExploitationData Theft
2024
XZ Utils Supply Chain Backdoor
Nation-state actor spent two years building trust in the XZ Utils open source project before inserting a sophisticated SSH backdoor. A masterclass in long-term supply chain infiltration discovered by a single developer.
Supply ChainBackdoorOpen SourceNation State
Entity Graph Profile

Every entity has
a full graph profile.

Click any node in the Atlas and see its complete relationship map — who uses it, what it connects to, where it appears, and how it relates to every other entity across all workspaces.

Traverse in any direction
From a CVE, reach the malware that exploits it, the actors who use it, the datasets that contain it, and the AI models that detect it.
Real-time relationship scoring
Relationships scored by recency, confidence, and source quality so the most relevant connections always surface first.
AI-powered path discovery
Ask AI to find the shortest path between any two entities — from a CVE to a compliance control, or from an attacker to a detection rule.
Entity Profile · LockBit 3.0
Live
LockBit 3.0
Ransomware · Cybercrime Group · RaaS
Operated by LockBit threat group since 2019 — RaaS model with 100+ affiliates
1 actor
Exploits CVE-2023-0669, CVE-2021-44228 and 40+ other CVEs for initial access
42 CVEs
Uses T1486, T1489, T1490 and 28 other ATT&CK techniques across kill chain
31 TTPs
Detected by 4,200+ YARA rules, 840 Sigma rules, and 12 AI models
5K+ rules
Subject of 140+ research papers, 8 datasets, and 24 learning resources
140 papers
Workspace 13 · CT Ecosystem

Atlas is the intelligence
layer of the CT Universe.

CT Atlas powers every other product in the Cyber Toddler ecosystem — providing the connected knowledge graph that makes them intelligent. Every CT product contributes knowledge back.

CT Atlas · The Cybersecurity Discovery Platform
The living, AI-native map of the entire cybersecurity universe. 50,000+ nodes. 2M+ relationships. Real-time. 13 discovery workspaces. Every CT product is powered by Atlas intelligence.
50K+ Knowledge Nodes 2M+ Relationships Real-time Updates AI Traversal Engine 13 Workspaces Open Ecosystem Index
Threat Hunting
CT Hunt
AI-powered threat hunting missions powered by Atlas knowledge. Every hunt rule connected to ATT&CK techniques, threat actors, and malware families in the graph.
Receives ATT&CK technique data
Pulls threat actor IOCs real-time
Sends hunt results back to graph
Vulnerability Intelligence
CT Vulnerabilities
220K+ CVEs enriched with exploitability data, threat actor usage, affected products, and prioritization scores — all sourced through Atlas.
NVD + KEV + exploit data integrated
Threat actor exploitation mapped
AI prioritization from graph context
AI Marketplace
CT Market
Deploy AI models indexed in Atlas into production workflows. Every model in CT Market is relationship-mapped to the threats, datasets, and research it was trained on.
Indexes AI models from Atlas
Dataset connections surface provenance
Deployment telemetry feeds graph
Learning Intelligence
CT Learn
Personalized cybersecurity learning paths powered by Atlas knowledge. Every lab, course, and certification connected to real threats, incidents, and techniques.
Learning paths built from threat data
Skills mapped to ATT&CK coverage
Progress contributes to graph insights
Community Intelligence
CT Community
The Cyber Toddler community contributes annotations, corrections, and connections back to the Atlas graph — making it smarter with every interaction.
Community annotations enrich graph
Expert corrections improve accuracy
CTF write-ups indexed as resources
Data Access Layer
CT API
Programmatic access to the entire CT Atlas knowledge graph. Query any node, traverse any relationship, and build security products on the most connected cybersecurity data in existence.
REST + GraphQL + MCP endpoints
Real-time webhook subscriptions
OpenAPI spec + SDK libraries
Incident Response
CT Forensics
Digital forensics and incident response powered by Atlas artifact knowledge. Every forensic artifact, IOC, and timeline event connected to malware, threat actors, and ATT&CK techniques.
Artifact knowledge from Atlas graph
IOC enrichment in real-time
Case findings enrich timeline
Reality Simulation
CT Reality
Immersive cybersecurity simulations powered by Atlas intelligence. Every scenario built from real threat actor TTPs, real malware behaviors, and real-world incident data from the graph.
Scenarios built from real TTPs
Malware behaviors from graph
Completion data enriches Atlas
"Cybersecurity knowledge has always existed in silos. A CVE here. A blog post there. A threat report somewhere else. A dataset nobody can find. CT Atlas exists to connect it all."
Not a database. Not a wiki. Not a portal. A discovery platform.
Start Exploring

The cybersecurity universe,
intelligently connected.

Start with a single search. Follow the connections. Discover everything. Every journey through CT Atlas reveals something new.

No credit card · Free tier forever · 50K+ nodes accessible · 13 workspaces