CybeeAI

[MWNormanF]

An EDR/MDR service from a Swiss cybersecurity company. Has a free tier for home users. Available for MacOS and Linux.

Cybersecurity and Regulatory Compliance Made Simple

Cybee.ai puts proactive cybersecurity and effortless compliance at your fingertips. Set up in 5 minutes with no IT team needed. Protect your business and customers, starting today.

www.cybee.ai

 

[Bot]

An EDR/MDR service from a Swiss cybersecurity company. Has a free tier for home users. Available for MacOS and Linux.

Cybersecurity and Regulatory Compliance Made Simple

Cybee.ai puts proactive cybersecurity and effortless compliance at your fingertips. Set up in 5 minutes with no IT team needed. Protect your business and customers, starting today.

www.cybee.ai

Thanks for sharing!

A free EDR/MDR for home users is definitely an interesting find, especially with support for macOS and Linux. It's not every day we see that.

I'm curious to hear what our members think if they get a chance to test it out. Looking forward to any reviews or feedback.

 

[MWNormanF]

The executable is flagged by Microsoft Defender as malware - a false positive. After allowing it, the GUI ran.

Its basically both an AI blocker and an automated MDR service. You can pay if you've a small business, the miserly sum of $8 a month for premium features.

If you run it at home the free tier is sufficient for home users, providing MDR in the cloud. Useful if you've Microsoft Defender for Business for enterprise grade protection of your endpoints.

$3 a month for the latter plus the Cybee AI free tier is a killer combo!

More info here on a behavioural EDR and how it works:

Behavioral AI EDR: Antivirus & Malware Protection for macOS & Windows | Cybee.ai

Cybee EDR uses behavioral AI to identify and squash the most advanced viruses, malware, phishing, ransomware & zero-day attacks, keeping your business safe 24/7

www.cybee.ai

 

[neven1127]

I hate it when I tried to sign in and it jumps to trial page and forces me to fill in payment info on windows platform. Also confirmed that xdr ui file is reported by defender.

 

[MWNormanF]

It doesn't force you to sign up for a paid plan. That said, they could've taken care of the false positive.

 

[MWNormanF]

I took care of the false positive by adding the executable to the Microsoft Defender Exclusions folder.

It will no longer be flagged by the AV and removed.

 

[MWNormanF]

The reason it got seen as malware is because the AI behavioural mechanism that watches and intercepts malware is identified by Microsoft Defender as a process that behaves like malware because it injects itself where it isn't expected and triggers subsequent remediation.

Its perfectly safe but it shouldn't be scanned and make sure the executable is excluded from being flagged by the AV.

 

[neven1127]

After I click sign in in the app interface, it jumps to auth page. If I choose to authenticate, it jumps to trial page. Could you tell me how to skip this? If there is no way to skip, it looks like a compulsory step for me.

 

[MWNormanF]

Don't click the sign in button! The free tier doesn't require sign in. All you will get to the right of the sign in button is the landing page, which lists everything going on your enrolled PC.

You should click the sign in button only if you want to upgrade to the paid tier.

 

[Victor M]

Took it out for a spin today. Here's what I noticed:

Set security level = Fortress ( highest setting ) and it turned on CTRL-ALT-DEL for sign-in. Maybe it did other things, but I havent noticed it yet.
Did a Scan. It performed a full scan it seems and it took an hour.
Device Info shows Health Score=88.0 . This is a freshly installed Win 11 24H2 with offline installed Nov 2025 patches from ms update catalog site.
Several notifications appeared saying "untrusted binary detected". When I clicked on the notification it says it is it's own unsigned ui binary, and it will continue monitoring it.
The AI won't answer general questions, it will only talk about the notifications. I asked if it can block things at the firewall if it found C2 communications. And it replied it is not related to issue at hand.
I asked about the 88.0 score and it couldn't tell me why.

 

[Victor M]

Just tried to install MS Baseline. Cybee stopped it saying it is malicious and says it will monitor it. So I ran the install script again, and it again stopped it. Finally turned off Cybee's protection, and it installed OK. The Health Score stayed at 88.0 . So I wonder if Cybee's Fortress protection level has more than or less than MS Baseline's protection.

Web portal 2FA is not yet ready. Thank god that there are no settings being pushed to clients.

Tthe web portals have compliance reports for various regulation bodies. But I can't find anything to set that would increase compliance level. I know that DSA STIG has more settings than MS Baseline. So I will apply that next to test if it changes any compliance levels or Health Score.

 

[Victor M]

I applied the Win 11 24H2 STIGI, the Defender STIG and the Firewall STIG. And Cybee AI gave the new Health Score as 87.0 (one point lower). Or maybe it is due to it also detecting a new non-trusted binary StoreDesktopExtension.exe .

Problem, the web portal does not sync well with the Cybee agent. Portal says 0 devices when there is 1.

 

[MWNormanF]

Thanks for the review. Unless you have hundreds of endpoints to protect, the Fortress tier is overkill. Essentials or the paid Balance is sufficient for most users.

 

[Victor M]

@MWNormanF Are you on the development team of Cybee ?

I paid, and then unsubscribe, and then re-subscribed. Maybe thats what confused Cybee to not link the agent to the portal.

 

[MWNormanF]

@MWNormanF Are you on the development team of Cybee ?

I paid, and then unsubscribe, and then re-subscribed. Maybe thats what confused Cybee to not link the agent to the portal.

No. I'm a casual user of the software running the free tier.

 

[Victor M]

My red team poked at it and made the time zone Pacific and unchangeable. Cybee ddn't beep. But thats to be expected, how could ai determine if the change was malicious.
However they then proceeded with their signature 2 DOS box attack to wreck my admin profile. No more admin. Game over.
I started Cybee from the standard user account, it noticed a bootim.exe and claimed it was suspicious. I told Cybee that the admin account cant be signed into. And it said go to safe mode and change the password. Well anyway CybeeAI wasnt that good.

 

[MWNormanF]

On its own, its never going to provide primary protection against malware attacks - its a behavioural watcher like Threatfire and CybeeAI is meant to be run alongside your AV.

You're right about the limitations of AI. Still more hype than substance and the agent's capability to ward off attacks could use improvement.

And speaking of change, its usefulness is affected by the fact it doesn't have a whitelist. You can't run certain processes without completely disabling real time protection.

I'm realistic about what expect to expect from a startup in the cybersecurity industry.

 

[LinuxFan58]

Anyne tried this on Linux?

 

[LinuxFan58]

My red team poked at it and made the time zone Pacific and unchangeable. Cybee ddn't beep. But thats to be expected, how could ai determine if the change was malicious.
However they then proceeded with their signature 2 DOS box attack to wreck my admin profile. No more admin. Game over.
I started Cybee from the standard user account, it noticed a bootim.exe and claimed it was suspicious. I told Cybee that the admin account cant be signed into. And it said go to safe mode and change the password. Well anyway CybeeAI wasnt that good.

Victor forgive me for asking (and I am not a native English speaker), but do you actually have a red team or is a tongue in cheek way of saying you tested it as a hacker?

 

[Victor M]

do you actually have a red team or is a tongue in cheek way of saying you tested it as a hacker?

I actually have a red team. Small, but it is the quality that counts. We also run penetration tests each year.

For a solo + limited budget shop, you can approximate it by putting the machine you want to test into the DMZ. There are plenty of hackers that scan the net for targets. You dont get a report, so you just pay attention to the logs, EDR and SIEM.

We are a small company too. So we use freelance pen testers from Freelancer.com