The 5 Phases of PRE-Crime™ to Preempt Cybercrime

The 5 Phases of PRE-Crime™ to Preempt Cybercrime

June 09, 2025 / in Blog / by Zafar Khan, RPost CEO

Preempt is more than prediction — it's prediction, prevention, and permanent cure.

Rocky here, RPost’s raptor product evangelist for AI-infused cybersecurity. I thought I would share an important part of our RAPTOR™ AI security (so elegantly named after my species 😉).

Today I thought I would explain in simple terms why Gartner recently named RPost a Visionary for our PRE-Crime preemptive cybersecurity solution. 

First, when we (and Gartner) refer to “preempt” we mean more than predict. We mean predict, thwart, and cure future reoccurrence. We are predicting where the risk will emerge, killing it at the root, and then, importantly seeing who, what content, what systems, or what threat actors were involved to mitigate the risk of a similar situation happening in the future.

We hope to tell you more at the Gartner Security and Risk conference in Washington D.C. National Harbor (RPost Stand 460 at Gartner in the Threat Intelligence Village) or the Info-Tech LIVE security conference in Las Vegas (RPost Stand 15 at Info-Tech LIVE).

For those not attending these IT security conferences, I’ll elaborate more here…

There are five phases of PRE-Crime™ to preempt cybercrime.

  1. Mass Metadata Collection of Outside Endpoints. To see what you cannot see today. RAPTOR™ AI (raptors have the keenest eyesight😉) can do this.
  2. AI-Powered Risk Analysis. To isolate the lurking cybercriminal activity in a vast sea of data and interaction with content, even if this is happening at external third-party systems (think, your third-party supplier, accountant or lawyer’s computer is leaking).
  3. Agentic AI Leak Remediation. To automatically have RAPTOR AI (yes, we raptors love this part) eat the juicy fattened-up sea-worm phish bait lure before someone on your team eats the bait and gets hooked.
  4. Threat Actor Reconnaissance Data Curated. Isolate all the patterns of activity related to this threat, even if those activities are again, at third parties outside of your endpoints.
  5. Cyber Attribution Mapping. This is perhaps most important, identifying who caused the leak or is being actively lured by threat actors, what information is being targeted or was leaked, what threat actors are involved and thus, being able to hypothesize as to what the threat actor’s goals are.

In summary, RAPTOR™ AI can predict which type of threat techniques and threat actors may be involved, and based on the hypothesized threat actor, what future threats may be lingering or may be building. The cyber attribution provides actionable insights into various security issues.

Attribution results can identify specific message threads and documents that are being actively reviewed by cybercriminals, determine whether there is an AI powered impersonation in progress (e.g., web meeting face and voice replication clone, email address impersonation, lookalike domain impersonation, reply-hijack, multi-party impersonation), targeted screen photo DLP subverting leaker, widespread insider account compromise, an account compromise at a third party, and more.

Compared to defensive security that looks to identify threats after the attack, which RPost additionally provides, this PRE-Crime™ solution is offensive security. 

We hope to tell you more at the Gartner Security and Risk conference in Washington D.C. National Harbor (RPost Stand 460 at Gartner in the Threat Intelligence Village) or the Info-Tech LIVE security conference in Las Vegas (RPost Stand 15 at Info-Tech LIVE). Find us there or contact us for more information.