WhoisXML API Blog

Early Threat Detection: Using AI as the First Line of Defense

The longer a threat remains undetected, the more costly and disruptive it becomes. This is particularly concerning given that, on average, attackers stay hidden within a network for 24 days, as highlighted in Verizon’s 2025 Data Breach Investigations Report (DBIR). 

The data breaches resulting from those attacks hit the organizations quite heavily. According to IBM’s Cost of a Data Breach Report 2025, the average cost of a data breach is $4.44 million. The bright side is that this figure is 9% lower than the previous year, thanks to faster threat detection and response (TDR). 

If fast threat detection and response can significantly reduce the global average cost of a data breach, imagine what early detection can do. In this post, we explore early threat detection — what it actually means, why it matters, and the role AI plays in it.

WhoisXML API Joins DEATHCon 2025

WhoisXML API’s Alex Ronquillo, Vice President, and Ed Gibbs, VP of Research, participated in DEATHCon 2025 on November 8–9, 2025. The community-driven event on Detection Engineering and Threat Hunting (DEATH) successfully blended a virtual global conference with several localized in-person community gatherings in cities around the world, including Tacoma, San Diego, Austin, and Amsterdam.

Our team directly contributed to the event’s technical focus, with Alex Ronquillo and Ed Gibbs hosting an online workshop titled “TXTually Explicit: Malware & Middleware in Motion.” The session demonstrated modern techniques for leveraging DNS TXT records—often overlooked in security analysis—to uncover hidden software dependencies, trace command-and-control (C2) communications for malware, and expose system misconfigurations.

WhoisXML API Participates in the Cyber Security Nordic 2025 Conference

Brendan O’Doherty, Strategic Account Development Officer at WhoisXML API, recently attended the Cyber Security Nordic 2025 conference held at the Helsinki Expo and Convention Centre on November 4-5, 2025. He joined more than 2,000 professionals from Nordic governments, critical infrastructure sectors, enterprises, and academia.

Brendan reflected on the two-day event, saying, “Cyber Security Nordic 2025 reinforced Helsinki’s position as a cornerstone of European cybersecurity thought and practice. Across all sessions, the message was consistent – resilience in cybersecurity depends equally on technical sophistication, human composure, and policy integrity.”

Based on his on-the-ground report, here are the three key themes that defined this year's conference.

WhoisXML API Joins Code Blue 2025 in Tokyo

Earlier this month, the global cybersecurity community converged in Tokyo, Japan, for Code Blue 2025. WhoisXML API was proud to be part of the conversation, represented by our top executives: Jonathan Zhang (CEO), Ed Gibbs (Vice President of Research), and Ching Chao (Head of APAC and Global Partnerships).

Running from November 16–19, 2025, the event kicked off with two days of intensive, specialized training sessions—covering everything from attacking and defending AI agents to advanced IDA decompiler skills—before diving into the main conference tracks. 

WXA Forum Tokyo 2025 Recap: Japan’s Cyber Leaders Unite for a New Era of DNS-Driven Threat Intelligence

Tokyo, November 2025 — The WXA Forum Tokyo 2025 concluded with remarkable energy and engagement, bringing together more than two dozen C-suite and executive leaders from Japan’s top-tier cybersecurity companies. Leaders from major MSSPs, SOC operators, and enterprise security divisions gathered for an unprecedented deep-dive into the evolving DNS threat landscape — and how Japan can stay ahead of it.

Hosted by WhoisXML API, the forum showcased original research, live case studies, and advanced demonstrations of next-generation DNS, domain, and traffic intelligence. The event highlighted one core message: DNS is no longer just infrastructure — it is the earliest and most universal signal of cyber risk.

WhoisXML API Participates in the 2025 FIRST Mexico City Technical Colloquium

With the cybersecurity landscape constantly evolving, regional gatherings like the 2025 Mexico City Technical Colloquium are vital for incident response professionals. Organized by the Forum of Incident Response and Security Teams (FIRST), the event took place in Mexico City from October 27 to 29, 2025.  

WhoisXML API’s Vice President of Research, Ed Gibbs, was one of the speakers at the gathering. He co-led a session titled "Advanced Signals: NextGen Threat Hunting using Active and Passive DNS and Internet NetFlow Telemetry," along with Ernesto Guzmán, Head of the Digital Forensics and Incident Response team at ES Consulting.

In this post, we share some of the recurring themes and our key takeaways from the event.

WhoisXML API Launches Two-Factor Authentication

WhoisXML API is pleased to announce the addition of support for two-factor authentication (2FA) — an important new security upgrade for user accounts.

WhoisXML API Participates in the BSides Chicago 2025 Conference

Representatives from WhoisXML API joined hundreds of cybersecurity professionals and enthusiasts at the BSides Chicago 2025 conference, held at the Hilton Chicago from October 31 to November 1, 2025.

The WhoisXML API team, including Tara Conneally (Enterprise Partnership Development III), Hanna Frank (Technical Account Executive), and Michael Kaparos (DevSecOps & Threat Researcher), was on site. We participated with a booth alongside vendors from across the cybersecurity community, such as Aikido, Bitwarden, GitGuardian, Guidepoint Security, Push Security, and SecurityScorecard.