Publicly-reported instances of AMSI Bypass bypassing endpoint security products. Maintained on the same basis for every technique in the Index.
| Product | Entries | High-confidence | Most recent |
|---|---|---|---|
| Microsoft | 34 | 29 | 2026-05-21 |
| Palo Alto Networks | 3 | 2 | 2025-06-18 |
| Sophos | 2 | 1 | 2025-04-15 |
| SentinelOne | 1 | 1 | 2024-02-12 |
| Trellix | 1 | 1 | 2023-10-04 |
| CrowdStrike | 1 | 1 | 2025-04-15 |
| Any security vendor relying on AMSI | 1 | 0 | 2025-06-03 |
| McAfee | 1 | 0 | 2024-08-02 |
| Product | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Microsoft | high | 2026-05-21 | www.tiraniddo.dev | record → |
| Microsoft | high | 2026-05-16 | infosecwriteups.com | record → |
| Microsoft | high | 2026-04-18 | medium.com | record → |
| Microsoft | high | 2026-03-05 | github.com | record → |
| Microsoft | high | 2026-01-13 | medium.com | record → |
| Microsoft | high | 2026-01-10 | gist.github.com | record → |
| Microsoft | high | 2025-12-28 | medium.com | record → |
| Microsoft | medium | 2025-11-14 | medium.com | record → |
| Microsoft | high | 2025-10-17 | blog.ukatemi.com | record → |
| Microsoft | high | 2025-07-28 | www.netskope.com | record → |
| Microsoft | high | 2025-07-23 | github.com | record → |
| Microsoft | high | 2025-06-24 | github.com | record → |
| Palo Alto Networks | high | 2025-06-18 | medium.com | record → |
| Microsoft | high | 2025-06-06 | medium.com | record → |
| Microsoft | high | 2025-06-03 | medium.com | record → |
| Any security vendor relying on AMSI | medium | 2025-06-03 | medium.com | record → |
| Microsoft | medium | 2025-05-16 | shells.systems | record → |
| Microsoft | high | 2025-05-12 | github.com | record → |
| Microsoft | high | 2025-04-24 | github.com | record → |
| Sophos | high | 2025-04-15 | github.com | record → |
| CrowdStrike | high | 2025-04-15 | github.com | record → |
| Microsoft | high | 2025-04-15 | github.com | record → |
| Palo Alto Networks | high | 2025-04-15 | github.com | record → |
| Microsoft | medium | 2025-03-11 | github.com | record → |
| Microsoft | high | 2025-02-28 | lumu.io | record → |
| Microsoft | high | 2024-11-21 | practicalsecurityanalytics.com | record → |
| Microsoft | high | 2024-10-20 | github.com | record → |
| McAfee | medium | 2024-08-02 | github.com | record → |
| Sophos | medium | 2024-08-02 | github.com | record → |
| Palo Alto Networks | medium | 2024-08-02 | github.com | record → |
| Microsoft | medium | 2024-08-02 | github.com | record → |
| Microsoft | high | 2024-06-22 | www.elastic.co | record → |
| Microsoft | high | 2024-05-04 | github.com | record → |
| Microsoft | high | 2024-05-03 | www.offsec.com | record → |
| Microsoft | medium | 2024-03-07 | github.com | record → |
| SentinelOne | high | 2024-02-12 | www.linkedin.com | record → |
| Microsoft | high | 2024-01-21 | medium.com | record → |
| Microsoft | high | 2023-11-30 | gist.github.com | record → |
| Microsoft | high | 2023-10-24 | github.com | record → |
| Microsoft | high | 2023-10-06 | github.com | record → |
| Trellix | high | 2023-10-04 | www.sentinelone.com | record → |
| Microsoft | high | 2023-08-28 | github.com | record → |
| Microsoft | high | 2023-07-19 | github.com | record → |
| Microsoft | high | 2023-06-01 | github.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file.