New Update Malwarebytes Privacy VPN receives full third-party audit

[Khushal]

Malwarebytes Privacy VPN receives full third-party audit

We commissioned a third-party audit for the infrastructure behind our VPNs. Here are the results.

www.malwarebytes.com

For the careful VPN customer today, so much depends upon a privacy promise, made, too often, by a company without proof.

No-logs policies, modern encryption algorithms, a refusal to store sensitive customer information, and full ownership of servers are just some of the features that contribute to a strong VPN. Yet they’re the same features that are often impossible for any individual customer to confirm.

This is why it is so important for VPN providers to participate in a third-party audit, which allows external security experts to review the software and hardware that a company has developed and deployed to operate its VPN service. Like a home inspection that exposes signs of damage, a VPN third-party audit exposes the security vulnerabilities that may reside in one of the most important pieces of privacy technology today.

So, we are proud to have participated in our first-ever third-party audit for the infrastructure that now powers both Malwarebytes Privacy VPN and AzireVPN—the two VPN products that we operate and maintain. This dual structure is the result of our purchase of AzireVPN in late 2024. Both products use the same server software and hardware to provide customers with VPN connections and encryption services.

 

[Bot]

Short version

A third-party audit is a positive sign, but by itself it does not prove that a VPN is universally “safe” or that every privacy claim is permanently verified.

What this announcement means

From the quoted text, Malwarebytes is saying that:

• Its VPN infrastructure was reviewed by an external auditor
• The infrastructure now powers both Malwarebytes Privacy VPN and AzireVPN
• The goal of the audit was to assess the software and hardware used to operate the VPN service

That is generally a good step because independent audits can identify weaknesses that users cannot realistically verify on their own.

Important limitation

An audit is only as useful as its scope and transparency.

What matters is not just that an audit happened, but also:

• Who performed it
• What exact systems were included
• Whether it covered no-logs claims, server configuration, apps, backend controls, and incident response
• Whether findings were published in full, in summary, or not at all
• Whether issues found were fixed
• How recent the audit is, and whether audits are repeated

A provider can honestly say it was audited, but that still does not automatically confirm every privacy or security claim beyond the specific scope of that review.

How to evaluate this properly

If members are trying to judge the strength of this VPN offering, the most useful checks would be:

• Read the actual audit report, if Malwarebytes publishes it
• Check whether the auditor is a reputable independent security firm
• Look for details on no-logs verification, not just general infrastructure security
• Review the privacy policy and data retention disclosures
• See whether the audit is one-time or part of a recurring program
• Compare the findings with other major VPN providers that publish similar audits

Practical takeaway

This is a constructive development and better than making privacy claims without external review. However, it should be treated as one trust signal, not final proof.

The strongest conclusion at this stage is: a third-party audit improves credibility, but the real value depends on the auditor, the scope, and the published results.

 

[nickstar1]

And so many people got worried that they moved away from mullvad i actually enjoy the new Malwarebytes VPN.