Independent study demonstrates strong protection against known APT threats, but highlights difficulties in detecting engineered variants
/PRNewswire/ — AV-Comparatives, the independent cybersecurity testing organization, has published its report APT Detection Coverage 2026an in-depth assessment of how effectively consumer cybersecurity solutions detect known Advanced Persistent Threat (APT) toolkits used in cyberespionage campaigns.
Advanced Persistent Threats (APTs) represent some of the most sophisticated forms of cyberattacks. Unlike conventional malware, APT campaigns are typically designed to infiltrate specific targets, remain undetected for long periods of time, and collect sensitive information. These operations often involve advanced evasion techniques, custom malware, and multi-stage attack chains.
To evaluate current protection capabilities, AV-Comparatives conducted a long-term study that examined 14 cybersecurity products for consumers using a data set of 7,579 samples from 126 publicly documented APT groups. The investigation began in November 2024 and concluded in February 2026, with testing phases that included offline and online scans, follow-up testing following vendor updates, and behavior detection during execution. The study provides one of the largest empirical data sets currently available on how consumer security products detect publicly documented APT tools.
The results show that the Modern consumer security solutions offer strong protection against known APT threatsespecially when behavior detection mechanisms are activated during execution. Run tests yielded the highest protection levels, with all products tested achieving detection rates above the 99% for the original APT samples.
Andreas Clementi, founder and CEO of AV-Comparatives, commented: “Advanced persistent threats (APTs) are often discussed in political or strategic terms, but from a technical perspective, they are simply malware. Our study shows that modern consumer security products are generally very effective at detecting known APT toolsets, especially at runtime. At the same time, the results highlight that modified variants may still pose a challenge for some detection engines, underscoring the importance of behavioral detection and continuous improvement of protection technologies.“.
When minor binary modifications were introduced to change file hashes without altering malicious behavior, detection rates decreased for some solutions. This finding indicates that protection mechanisms that rely heavily on static indicators may have difficulty recognizing altered versions of known malware.
The analysis also examined whether detection performance correlated with the geographic origin of threat actors or security vendors. The results showed no significant relationship between a provider’s location and its ability to detect regionally associated APT groupssuggesting that the remaining detection gaps are primarily technical, rather than geopolitical, in nature.
AV-Comparatives notes that the findings underline the growing importance of analysis of behavior, heuristic detection and machine learning technologies to defend against advanced and constantly evolving cyber threats. Continuous independent testing and timely threat intelligence updates remain essential to maintaining strong protection against sophisticated attacks.
The full report APT Detection Coverage 2026is available on the AV-Comparatives website.
About AV-Comparatives
AV-Comparatives is an independent organization that offers systematic testing to examine the effectiveness of security software products. Using one of the largest sample collections in the world, AV-Comparatives provides publicly available test results to help users and organizations make informed decisions about cybersecurity solutions.
Logo –https://mma.prnewswire.com/media/2608678/5869589/AV_Comparatives_Logo.jpg