Advanced Persistent Threats (APTs) are often associated with large enterprises, critical infrastructure, and high-value corporate targets. However, the reality is broader. Private individuals, such as (but not limited to) investigative journalists, activists, or even spouses in abusive relationships, can also become entry points or direct victims of sophisticated, long-term attacks.

In our latest APT Detection Coverage 2026 study, we evaluated how well leading consumer security products detect well-known APT toolsets. This is particularly relevant given that many real-world APT campaigns begin on endpoints outside traditional enterprise environments.

The findings show that modern consumer security solutions provide strong protection against known APT threats, especially during execution, where behavioural detection technologies significantly enhance protection levels.

At the same time, the results reveal important technical challenges. When samples were slightly modified, without changing their malicious behaviour, detection rates decreased for some products, highlighting ongoing limitations in generalising detection beyond known indicators.

The study also examined whether detection performance varies depending on the origin of threat actors or vendors. No meaningful correlation was found, suggesting that remaining detection gaps are primarily technical rather than geopolitical in nature.

As APT techniques continue to evolve, the question is no longer just how well security products detect known threats, but how effectively they can adapt to increasingly subtle and modified attack techniques across all types of users and environments.

The report also features forewords by 4 reknown experts, highlighting the importance to shed light onto this topic.

Read the full report here: APT Detection Coverage 2026