PersistWatch
Sign inBook demo
AI-Powered Cyber Threat Intelligence

The AI that finds

threats humans miss.

Before damage is done.

Your adversaries don't use your company name. They use code words, foreign languages, and dark-web forums your analysts will never see. PersistWatch AI reads everything — in 6 languages — and surfaces what matters to you in minutes.

583+
Dark-web & intel sources
3-8 min
Post → classified alert
5-layer
AI entity resolver
6
Languages incl. HE, AR
Get the free weekly reportBook a 30-min demo
PersistWatch · Analyst Console
Live
3
Critical
11
High
24
Tenants
  • CRIT
    LockBit 3.0 — Bank Hapoalim — 240GB — 47h 12m countdown
    ransomware blog · 4 min ago · Score 100/100
    99%
  • HIGH
    "green logo Tel Aviv bank" — 200k card records — 5 BTC
    telegram · dark web · 9 min ago · Score 82/100
    91%
  • HIGH
    CEO credential in breach — TechDatabase2025 — bcrypt + phone
    hibp · watchlist match · 22 min ago · Score 75/100
    75%
  • MED
    Hezbollah-linked — SCADA 0day — Israeli water infra — 48h window
    telegram · geopolitical · 38 min ago · ⚑ Nation-state
    63%
GEOHezbollah · Hamas · APT33/35 · Sandworm · APT41 · Lazarus — auto-tagged + IL-CERT correlated
⚠️ LockBit leak site updated — 12 new victims·🔥 47 new CVEs published this week — 6 KEV-listed·🎯 Akira ransomware — 12 victims this period·🌍 APT34 activity spike targeting Israeli energy sector·💀 1.2M new credentials surfaced on Telegram stealer markets·🔓 IAB selling Fortinet RDP into Israeli telco — $4500·🚨 Cl0p MOVEit campaign — new victim added·🛡️ Cisco IOS XE CVE — patches available, deploy now·⚠️ LockBit leak site updated — 12 new victims·🔥 47 new CVEs published this week — 6 KEV-listed·🎯 Akira ransomware — 12 victims this period·🌍 APT34 activity spike targeting Israeli energy sector·💀 1.2M new credentials surfaced on Telegram stealer markets·🔓 IAB selling Fortinet RDP into Israeli telco — $4500·🚨 Cl0p MOVEit campaign — new victim added·🛡️ Cisco IOS XE CVE — patches available, deploy now·
Free — no credit card

Get the weekly Cyber Status report.

21-section branded PDF. CISA KEV, top ransomware groups, MITRE ATT&CK trends, IOC feed, Microsoft / Google / CISA advisories — tailored to your region.

CISA KEVNVD CVEsRansomware victimsIOC feedEN + HE

Double opt-in. We send a confirmation email — your first report arrives right after you click confirm.

The Differentiator

Why AI — and why this AI?

Traditional CTI tools rely on keyword matching against a fixed list of company names and domains. They miss everything obfuscated.

Real example. A Telegram channel posts "selling data from the big green logo Tel Aviv bank." No company name. No keyword match. Traditional tools see nothing.

PersistWatch AI resolves the entity in seconds — cross-referencing brand colours, HQ city, sector, and executive names against your client's profile — and delivers a classified HIGH alert before the post is 10 minutes old.

Built For Your Role
CISO

CISOs & Security Directors

Board-ready reports. Severity-scored alerts. Full AI reasoning chain. Every decision explained — no black boxes.

IT

IT Security Managers

Zero installation. Browser-only. SIEM push, MISP export, email alerts. Your team sees exactly their clients — nothing else.

GOV

Government & Defense

Nation-state actor attribution. Geopolitical tagging. APT group tracking. STIX 2.1 / TAXII feeds. IL-CERT integration.

How The AI Works
1

Collect & translate simultaneously

583+ sources monitored in parallel. Arabic, Russian, Farsi, Chinese content is translated before AI analysis — a threat written in any language is treated identically to English.

6 languagesReal-time crawlers
2

5-Layer contextual entity resolver

Vector similarity → Entity KB → LLM reasoning → Confidence routing → Thread tracking. Matches obfuscated references that have no company name — code words, metaphors, indirect descriptions.

nomic-embed-textpgvectorqwen2.5 LLM
3

0-100 severity scoring — fully transparent

Source credibility + exposure confidence + specificity + urgency + recency + countdown detection. The AI explains every point it added and why.

CRITICAL ≥85HIGH 70-84MEDIUM 50-69
4

Classified alert with full intelligence package

IOC list · MITRE ATT&CK mapping · YARA rules · Executive and customer summaries · MISP push · PDF report. Each client sees only their data in a fully isolated tenant environment.

STIX 2.1TAXII 2.1MISPYARA
Source Coverage
247
Telegram channels
124
Dark web / .onion sites
83
Discord servers
38
Ransomware blogs
91
Paste sites
CTI feeds & APIs
What Makes It Different
AI
Obfuscation-proof
Matches indirect descriptions with no company name
GL
True multilingual
Hebrew, Arabic, Russian, Farsi — AI sees all
XP
Full AI transparency
Every scoring decision explained. No black boxes
TH
Thread continuity
50-message sliding window links related posts over time
MS
MSSP multi-tenant
All clients. One dashboard. Zero data crossover
YR
Auto YARA rules
AI generates detection rules per tenant at onboarding
Integrates With Your Stack
MISPTheHiveWazuh SIEMSTIX 2.1TAXII 2.1ShodanVirusTotalOTXAbuseIPDBHIBPRansomware.live
// Live Demo

Watch it find a real threat against your org — live.

30 minutes. We run a live search against your organisation's name, domain, and executives on the dark web, Telegram, and ransomware blogs — right now, in front of you. You see the AI reasoning in real time. No slides. No demo data.

Phone
+972-3-527-8778+972-51-9999911
Email
sales@persistsec.com
Office

Shimshon St 5
Petach Tikva, Israel

We use your details only to schedule the demo. No marketing spam — see our terms in the confirmation email.

Frequently Asked

What is PersistWatch?

PersistWatch is an AI-powered managed cyber threat intelligence platform. It monitors 583+ dark-web sites, ransomware leak feeds, Telegram channels, Discord servers, and open security feeds in real time, in 6 languages including Hebrew and Arabic. When the system detects mentions of your organization, your domain, your executives, your stack, or your sector, it generates a prioritized alert and notifies your team within minutes — before the activity reaches public news.

Who built PersistWatch?

PersistWatch is built by Persist Security, an Israeli cyber security firm headquartered at Shimshon Street 5, Petach Tikva. PersistWatch is the product; Persist Security is the company.

How is PersistWatch different from a generic threat feed?

Generic feeds publish what already happened. PersistWatch surfaces what is about to happen to your organization specifically. The 5-layer AI entity resolver matches obfuscated references — code words, foreign-language references, brand-color descriptions — that have no literal company name. Findings are mapped to MITRE ATT&CK, prioritized by relevance to your assets and sector, deduplicated by our alert engine, and delivered with full evidence.

What data sources does PersistWatch monitor?

247 Telegram channels, 124 dark-web .onion sites, 83 Discord servers, 38 ransomware blogs, 91 paste sites, plus unlimited CTI feeds and APIs (CISA KEV, NVD, Shodan, VirusTotal, OTX, AbuseIPDB, HIBP, Ransomware.live and more).

How fast are alerts delivered?

Average post-to-classified-alert time is 3-8 minutes. Critical alerts (KEV-listed CVEs, your domain on a leak site, executive impersonation, nation-state attribution) trigger an analyst escalation in real time.

Is the AI explainable?

Yes. Every severity score is broken down into source credibility, exposure confidence, specificity, urgency, recency, and countdown detection. The AI shows the full reasoning chain — no black boxes. You can see exactly why an alert scored what it did.

What languages does PersistWatch read?

English, Hebrew, Arabic, Russian, Farsi, Chinese — translated before AI analysis so a threat written in any language is treated identically. Hebrew RTL UI and PDF reports natively supported.

How do I get started?

Subscribe to the free weekly Cyber Status report (no commitment, immediate value), or book a 30-minute live demo where we run a real-time search against your organization's name, domain, and executives across the dark web — right in front of you.