Attack Prophecy

Rewriting the rules of protection

Attack Prophecy

Rewriting the rules of protection


Artificial Intelligence behind your applications

Machine learning behind your protection

Attack Prophecy® is the most advanced system for the detection and protection against web attacks. It automatically learns the legitimate (normal) traffic profile by observing its live traces and works in three steps.
Learn the profile
of legitimate traffic
Detect anomalous events
to highlight computer attacks
Protect web services
according to the detected anomalies

Discover the effectiveness of our Next Generation Web Services Protection Solution

Forget the Web applications vulnerabilities

Traditional Firewalls and Intrusion Detection Systems can do nothing in terms of protecting Web Applications during operations, as they inspect the traffic at a level which is actually not that of the application. Similarly, standard Web Application firewalls based on pre-configured sets of signatures can offer very poor protection, since they can eventually detect standard vulnerabilities (such as for instance those of a standard Content Management System installation) but not those present in custom application.

Forget the rules

Attack Prophecy®
rewrites them

Using its Machine Learning Engine, Attack Prophecy® is able to reconstruct autonomously the logic behind the monitored Web Services. This is what makes Attack Prophecy® different from other Web Application firewalls. There is not any pre-configured set of rules, which may be eventually effective only in protecting applications distributed on a large scale (such as, for instance, standard CMS installations). The protection model of Attack Prophecy® is built around the monitored services, which can be then effectively protected even against attack exploiting ad-hoc and non-public vulnerabilities.

Forget the vulnerabilities of
AI-based technologies

Our AI is safe by design

Leveraging the Pluribus One leading research on Security of Machine Learning, Attack Prophecy® features an improved AI-based detection engine with increased capabilities of:
- Detecting attacks against the monitored Web Services: this offers enhanced protection and coverage against a broader range of attacks; ad-hoc detection algorithms can be also defined, upon request, to meet specific needs.
- Ensuring the safety of the learning and detection process: this makes Attack Prophecy® more resilient against attacks who attempt to evade the detection mechanism.
- Explaining the operators, in presence of  anomalies, reasons why an alert has been raised: this increases the accountability of the solution.
Web applications, being often exposed in the wild, are continuously subject to scans and attack attempts. A number of highly automatized tools and services is in fact available which allows also the less experienced hostile users to identify trivial bugs and vulnerabilities in the applications and eventually to exploit them. When this happens, the application and the data it manages are put at a high risk, since the is barrier to overcome to compromise the application results very low.

Firewall, IDS & IPS can’t detect attacks against the WebApp as they do not  look at the right level on the stack.

In order to stop attacks which are caused by vulnerabilities at the application layer, it is necessary to deploy in front of the WebApp a component able to look at what the WebApp receives and interprets as an input.
A WAF which is not aware of how the application is expected to work and what to take as inputs, CAN’T detect attacks. If the WAF relies on pre-configured sets of signatures generated from a set of widely used standard applications and components, it is intrinsecally ineffective against custom applications.

The only way to effectively protect Web Applications during operations is to reconstruct from the traffic the logic based on which the application has been developed and works.
Attack Prophecy® does actually such kind of work, leveraging Machine Learning and Artificial Intelligence to analyse and model the traffic incoming toward the Web services and automatically, to learn how the application is expected to behave and work, and to generate virtual patches and protection rules tailored on the monitored applications.
Thanks to the integration with OPLON LBL WAF, protection rules can be finally applied to filter out from the incoming traffic malicious requests.

Powerful, scalable, easy to use

What detects?

Attack Prophecy® is able to protect Web Services against malicious requests that, leveraging vulnerabilities, poor and misconfigurations of such Services, put at risk the services themselves as well as the data they manage.
  • Attacks in the OWASP Top 10
  • Injection attacks
  • Cross-Site Scripting (XSS)
  • Sensitive Data Exposure
  • Phishing
  • Zero-day attacks

What protects?

From single servers to cloud systems, the scalability of Attack Prophecy® allows the integration with any environment 

 Unparalleled protection and detection capabilities

Sophisticated features, but easy to use

by any operator or system admin

Thanks to an Intuitive Graphical User Interface

Complete package with easy installation and User Manual

How it works

Want to see a live demo?

Schedule a Trial


Contact us for further information.
Our staff will contact you as soon as possible to schedule a live demo.

Attack Prophecy received funding from European Union and has been partially developed with the support of Regione Autonoma della Sardegna (POR FESR Regione Sardegna 2007 - 2013; Linea di Attività 6.2.1.a)


Pluribus One S.r.l.

Via Bellini 9, 09128, Cagliari (CA)


PEC: pluribus-one[at]


Legal entity

Share capital: € 10008

VAT no.: 03621820921

R.E.A.: Cagliari 285352


University of Cagliari

  Pluribus One is a spin-off

  of the Department of

  Electrical and Electronic Engineering

  University of Cagliari, Italy


© 2020 Pluribus One s.r.l. All Rights Reserved.