What is a Keylogger? Guide 101 to Protecting Your Enterprise

Today’s companies experience an enormous number of threats, ranging from sophisticated malware to stealthy surveillance. As per the latest statistics, 61% of cyberstalkers use ordinary gadgets such as phones or emails, and 10% use malware and phishing to get unauthorized access to accounts. This surge in digital spying underscores the urgency of knowing what is keylogger and its potential to compromise sensitive information. Understanding how these tools function can help organizations protect employee data, customer information, and valuable assets such as patents or copyrights.

In this article, we will discuss keylogging meaning, consider various types of keyloggers, their ways of infiltration, and methods to identify and eradicate them. We will also discuss their historical development, some of the most famous attacks, and general security measures. Lastly, you will learn how solutions such as SentinelOne provide strong protection as they eliminate keylogger threats before they can cause significant harm to a business.

What is a Keylogger?

A keylogger can be described as a software program that captures all the keys that the user types on a particular device, and it does this without the user’s consent. Businesses often ask, “What is keylogger?” because these silent applications or hardware devices can intercept passwords, financial details, and private chats. The actual definition of keylogger is not fixed, but the primary function is the same – recording input for the purpose of monitoring or for personal benefit. Often, a keylogger keystroke logger runs hidden in the background, making detection challenging. Understanding what is a keylogger is a vital first step in safeguarding organizational systems and user privacy.

History of Keylogger

Keyloggers can be traced back to the 1970s in the form of physical circuit boards that were connected to the keyboards of target computers and were advanced to become more sophisticated software programs with root access. A survey conducted by researchers reveals that about 10 million computers in the United States are infected with keyloggers, and thus, there is a need to define keylogger origins. Every stage in keylogger evolution is associated with wider trends, such as remote work and enhanced infiltration methods. Here is a brief chronological overview of how these threats evolved and proliferated over the years:

1. The First Hardware Monitors: The first versions of a keylogger were external devices that connected to typewriters or mainframe terminals in the 1970s. These primitive devices recorded keystrokes in internal memory chips. The question “are keyloggers illegal?” surfaced when organizations discovered their usage outside authorized contexts. When computing became more widespread, these covert watchers were seen as opportunities by malicious actors.
2. Simple Software Keyloggers Phase: In the early 1990s, with the advent of the digital age, new possibilities for keylogger applications were developed at the OS level. The emergence of the internet also made it easier to distribute infected files using floppy disks and early email attachments. Keylogger definitions broadened to encompass cross-platform versions that operate on Windows, Mac, and early Linux. Authorities also tried using keyloggers to monitor criminals, and this raised concerns about the right to privacy.
3. Email Proliferation Phase: With the millennium in the early 2000s came widespread email usage, which birthed new keylogger infections. The target would innocently open attachments and in turn download loggers into the corporate systems without their knowledge. Hackers improved keylogging malware to capture and send the information in real-time. Several financial institutions reported a rise in keylogger attacks and enhanced multi-factor authentication and user awareness programs.
4. Remote Administration and Mobile Keyloggers Phase: As smartphones soared in popularity between the period 2010 – 2020, criminals adapted old tools into mobile-specific keylogger vs spyware combos. At the same time, targeted espionage campaigns were observed, which utilized remote administration trojans (RATs) with sophisticated keylogging capabilities for covert operations. The use of “bring your own device” (BYOD) policies introduced new risks in the workplace. The keylogger’s dangerous functions made them the ideal tools for corporate spying, researchers said.
5. AI-Enhanced Keyloggers Phase: Recent years (2021 – 2025) have brought the enhanced utilization of artificial intelligence throughout the keylogger analysis phase and improved techniques in the infiltration process. Keyloggers became a popular threat since attackers used machine learning to predict user activity, thus making keyloggers hard to detect. Recent events showed that keylogger attacks employed sophisticated social engineering tactics, which became evident in high-profile breaches. Some variants even penetrated encrypted channels, intercepting typed messages before they were encrypted, which pointed to a significant increase in cyber threats.

How Keyloggers Are Used?

Keyloggers are most commonly used for monitoring the activity of employees and are also used in tracking the activity of a particular computer user. While some organizations use them for tracking employee productivity—a topic of discussion regarding the pros and cons of using keyloggers—cybercriminals use them to obtain personal information, steal money, or extort money.

Some of the corporate keylogger definition suggest that the application of keyloggers in the corporate world can be beneficial when used appropriately, but it becomes a vice when used by the wrong people. The line between legitimate oversight and privacy invasion can blur, intensifying the question: Are keyloggers illegal? In the long run, the possibility of exploitation negates any slight advantage that comes with the implementation of security measures when they are weak.

Interestingly, the proliferation of GPS tracking devices parallels concerns around “what is keylogger?” For example, small tags used to identify pets or lost items can turn into a channel through which people with malicious intentions can stalk others. A recent study showed that 10% of Americans had their devices tracked without their consent, including fitness trackers. Combined with a stealthy keylogger program, the attacker is able to assemble a rather detailed picture of the targeted person, including their current location, typed messages, and so on. Such revelations call for increased awareness and implementation of keylogger prevention measures at the organizational and personal levels.

How Keyloggers Infect Devices?

One critical aspect of addressing what is keylogger? is understanding the varied infection methods. Criminals use social engineering, infected attachments, and exploit kits to surreptitiously install a keylogger on the target computers. Once installed, these loggers remain hidden and capture all the typed information, such as passwords and even conversations. Below is a breakdown of five distribution channels that are commonly used to spread keyloggers:

1. Malicious Email Attachments: As for the means for delivering the keylogger, it is worth noting that phishing emails are still one of the most popular means of delivering various threats. The attachment appears in the form of invoices, official documents, and other files that the recipient would not expect to be malicious. The embedded code leads to the silent installation of the program and makes the system act as a conduit for criminals to gather information. This risk can, however, be managed effectively through regular training and proper filtering of emails.
2. Drive-By Downloads: When a user visits a malicious website, they can accidentally trigger a keylogger scan. In some cases, it is achieved through exploits within the browser or plugins, and this makes the site download and launch malicious code. Since the process is carried out under normal browsing activities, it is hard to detect it. The use of web filtering and regular patching minimizes the chances of being attacked by such silent downloads.
3. Bundled Software: Some free programs contain a keylogger detector sabotage tool as part of the free software package that is actually legitimate. Thus, the end user might grant permissions without even understanding the potential danger behind it. This trick is prevalent in software trial or piracy sites, which are known to contain suspicious file packages. When it comes to infiltration, one can avoid it by being cautious while verifying sources and reading installation prompts.
4. Physical USB or Hardware Installation: A hardware keylogger module can be installed by an insider or a visiting attacker to capture output from the keyboard. These devices are usually disguised as simple USB adaptors. In high security settings, proper access controls and the use of devices in the facility reduce the likelihood of this form of alteration. Periodic checks of the cables and ports can also be helpful in identifying unauthorized connections.
5. Exploited Vulnerabilities: Old builds of operating systems or applications that have not been updated contain exploitable vulnerabilities that allow for silent keylogger attacks. Criminals exploit known CVEs or use vulnerability scanners to gain unauthorized access into the systems. When at the target location, they deploy a keylogging tool that is designed for that specific location. These infiltration attempts can be minimized through proper patch management and threat intelligence information.

Types of Keyloggers

Answering “what is keylogger?” also involves exploring various categories, as each type caters to different goals. While some of them are purely digital, based on others, some of them use interceptors that are real physical objects. As a form of surveillance, keyloggers vary in complexity, concealment, and the way they transfer collected information. In the following section, we describe the key classes that challenge modern business organizations.

1. Software Keyloggers: These are the programs that operate at the operating system level, and they record keystrokes through system application programming interfaces or hooking techniques. They may also include other features such as taking screenshots or logging clipboard activity. Even today, keylogger software variants remain the most frequently used among all the keyloggers. Attackers favor them for remote deployment and easy updates.
2. Hardware Keyloggers: These are devices that are inserted between the keyboard and the computer’s USB or PS/2 port. Some are disguised as standard adapters. Since they operate on the lowest level of the hardware, keyloggers are more difficult to detect by antivirus solutions. They store account information locally in the form of keystroke records, which the attacker can get later on.
3. Kernel-Level Keyloggers: These advanced forms work in the kernel and avoid user-mode security measures. It can capture input before it reaches other layers of security measures. The results of the analysis of kernel-level loggers reveal that keyloggers are quite powerful when it comes to stealth. They can only be detected by specialized scanning or behavior monitoring.
4. Remote Access Trojans (RATs) with Keylogging Modules: There are different types of RATs and some of them use keylogger as one of the additional features. It can record video or capture the mic input along with what is typed and can also corrupt files. This technique combines several vectors of infiltration into a single one. Most commonly used in extended, covert operations aimed at businesses or governments.
5. Browser-Based Keyloggers: Connecting directly to forms in the browser, they tap into typed data on sites such as login pages or payment gateways. It is a class of malware that can intercept data before it is encrypted by SSL. To criminals, form-based keylogger attacks are a one-stop shop for direct financial or credential theft. Such threats can be addressed through strict browser security features, script blockers, and up-to-date add-ons.

Keyloggers Techniques

While “what is keylogger?” looks simple on the surface—tools that record keystrokes—the underlying methods can be exceedingly intricate. They are able to avoid detection through different hooking techniques and other OS manipulations. The following are the main keylogging methods that threat actors use to monitor the inputs of users secretly.

1. API-Based Keyloggers: These intercept keystrokes by leveraging the available application programming interfaces of the operating systems. Since OS calls are common, these methods are easy to integrate and can be applied to virtually any system. However, strong endpoint protection can often detect their patterns. Periodic keylogger scan tasks and advanced heuristic checks affect them severely.
2. Kernel-Based Keyloggers: Kernel space operation provides nearly full control, which means that attackers can avoid most of the limitations that are present in user mode. This makes it one of the most potent keylogger dangerous variants—it can capture keystrokes at the hardware level without being detected. Deactivating them sometimes may be possible only with the help of special tools or through reinstallation of the operating system. This is usually achieved through limiting the kernel drivers with trusted certificates.
3. Hook-Based Keyloggers: They attach themselves to Windows “hooks” or similar OS functions for handling input events. In this way, a keylogger captures keystrokes in the event queue, which means that it works in real time. It is very difficult for users to notice any difference in performance, which makes it difficult to detect it. There are some credible security programs which are designed to detect such abnormal hooking activity.
4. Form Grabbing Keyloggers: Unlike others, these are more interested in gathering information from web forms once the user hits the “Submit” button. This is why even encrypted sites can be compromised because data is taken before it is encrypted. This approach is also used often in identity theft campaigns. Monitoring for form-based calls, which are suspicious in nature, assists in identifying these specialized threats.
5. Hardware Keyloggers: Despite being mentioned earlier, it is crucial to highlight that hardware-based infiltration lacks detectability. None of the programs have a signature that can be identified by standard antivirus tools. This type of keylogger scenario is most likely to appear in cases of espionage or insider threat situations. Physical inspections and device usage policies are still among the best measures of protection.

How Do Keyloggers Work?

To thoroughly grasp what is keylogger? you need to see how they function at each step: capturing inputs, storing data, and transmitting it to an attacker. In any type of attack, the process is always the same: identification, documentation, and extraction. Here is a breakdown of how these malicious or semi-legitimate monitors get user input in a smooth manner.

1. Intercept Keystrokes: When installed, the logger hooks or listens for keyboard interrupts. Even if it is a letter, digit, or one of the special keys, each character typed is stored in the local buffer. It operates in the background and, therefore, the users are not aware of any changes that have been made to the interface. Normally, keylogger detection is based on observing minor changes in performance, such as delays in the execution of a program or background processes that were not initiated by the user.
2. Store Data Locally: Often the information collected is stored in obscure files or in blocks of computer memory not easily accessible to the user. Where basic loggers are likely to record plain text, advanced ones are likely to encrypt the data to prevent scanning tools from accessing it. When analyzing keylogger activities, administrators usually pay attention to suspicious hidden directories. The integration of local scanning with monitoring of the suspicious process is helpful in early identification.
3. Encrypt and Transfer to Attacker: Some of the keylogger software types send the logs to the remote server at regular intervals, using FTP, email, or control panels. In the case of stolen data, the data is encrypted, making it difficult to identify at the perimeter level. Firewalls that can be programmed to monitor and detect unusual outgoing traffic can prevent or notify users of these broadcasts. It is possible to identify patterns that indicate exfiltration attempts by analyzing logs in real-time.
4. Conceal Operations: Secrecy is another essential factor when it comes to conducting surveillance, especially for a long time. Loggers rename processes, disable security features, or use rootkit tactics to hide. At this stage, keylogger techniques can also include clearing tracks in System Event Logs. A good threat monitoring system scans for such changes and alerts a user of any modifications made to the key OS files.
5. Persist Through Reboots: A well-coded keylogger can install itself in such a manner that it starts running automatically whenever the user starts the computer. This is usually done by using the registry edits, manipulating the startup folder, or advanced driver injection. To perform a thorough keylogger removal, these persistence mechanisms should also be eradicated. This is why safe boot scans and registry audits are still crucial in a comprehensive removal of such threats.

What are the Advantages of Keyloggers?

As keyloggers are generally covert applications, some wonder what legitimate purposes they may serve besides being used maliciously. However, there are some controlled settings that use them legally, proving that there are positive aspects of the keylogger application when it is monitored. Here are some benefits of keylogger or examples of how regulated usage might provide productivity insights or compliance advantages:

1. Employee Productivity Monitoring: On-site systems are sometimes monitored so that employees continue to pay attention to their work duties. With other usage data, these logs can be used to identify potential issues with efficiency or policy compliance. A controlled use can help to define keylogger meaning in a legal context that will not infringe on people’s rights. However, transparency is a virtue that should be pursued to ensure that rights to privacy are not violated.
2. Security Audits: Incident response teams may also place short-term keylogger detection mechanisms on the suspect machines to acquire forensic information. This approach can assist in identifying an insider attack or the activity of a malicious user. After the audit, the tool is uninstalled, which complies with the corporate policies that regulate the use of keyloggers severely. The collected logs can be used as legal evidence in case of any legal proceedings.
3. Investigative Purposes: Police occasionally secure warrants to place equipment on suspect devices. In these cases, the keylogger definition changes to a tool that assists in criminal investigations. Ethical boundaries are usually safeguarded through the set laws and the judiciary system. Crossing these lines raises questions about users’ rights and freedom of speech in the digital age.
4. Credential Recovery: In some circumstances, organizations may utilize a keylogger scan or partial logging to recover forgotten credentials. This is particularly useful if an employee who has administrative access to a system resigns or is dismissed suddenly. While it is not typical to see such tools being used, it shows the versatility of such tools. The absence of policies and short usage windows reduce privacy and security threats.

How to Detect a Keylogger on Your Device?

Spotting a keylogger running stealthily can be difficult, but certain signs and scanning methods expose these hidden threats. Delayed keyboard response, sudden increase in CPU load, or connections to unknown external IPs may suggest a software presence. Here are some tips on how to identify keylogger detection flags and ensure their presence on the endpoints:

1. Monitoring Task Manager and Startup Items: Search for unfamiliar processes that consume a lot of resources or start automatically at system startup. At other times, it is an odd filename or repeated service that one cannot help but notice. Now the question arises, “How to find a keylogger ?” The answer: By looking at each entry, one can find a keylogger scanner disguised as something else. Specific tools that reveal new or changed startup entries help in identifying new additions as malicious.
2. Run Dedicated Anti-Malware Scans: Most of the security suites have keylogger detection feature, which targets specific keyloggers or any unusual activity. Adding to these with specific keylogger scan tools increases the extent of coverage. Since kernel-level loggers are concealed effectively, rootkit detection modules are necessary. The best way of preventing advanced threats is through frequent scanning.
3. Inspect Network Traffic: Some of the signs of exfiltration may include outbound connections or data uploads that occur at odd hours of the day. Deep-packet inspection firewalls can mark the domains that are potentially malicious or contain many small packets. One should also look for encrypted traffic to unknown destinations in the keylogger analysis process. Observing the flows of networks over time uncovers structures that are not apparent from static views.
4. Check for Physical Adapters: In high-security workspaces, carry out a physical examination of the keyboard cables, USB ports, and any connected devices. A hardware keylogger is normally installed between the keyboard and the computer. In the absence of a trace on the software, identification is based on the naked eye observation. This is especially important in the use of common offices or in public access terminals.
5. Review System and Security Logs: Some malicious loggers try to remove or even conceal event logs, leaving behind anomalies or only fragments of records. Admins may get keylogger warnings or be alerted by repeated log-on events or changes in registry paths. Daily log reviews reveal infiltration and tampering activities. It is important to perform detailed auditing to identify any patterns that may indicate the presence of a stealth keylogger attack.

How to Protect Against Keyloggers?

Protecting against loggers is a multi-faceted approach that involves using technology, policy, and educating the users. Whether resulting from software vulnerabilities or hardware components, these threats remain if unaddressed. In the following section, we discuss keylogger prevention methods based on layers of protection, staff education, and secure settings. Adopting these measures minimizes the likelihood of experiencing such a calamity by a great deal.

1. Employ Antivirus and Endpoint Protection: Choose programs that employ specific algorithms to detect keyloggers and other threats. New strains are hindered by automated scanning, rootkit analysis, and real-time threat intelligence. Updates are frequent and are done in accordance with the changes in strategies. Endpoint solutions must be deployed across all devices to ensure that the security level is consistent.
2. Strengthen Password Hygiene: Long and frequently changed passwords minimize losses in case a keylogger gains temporary access to a system. Multi-factor authentication adds an extra layer of protection and reduces the rate at which stolen credentials are used. It is recommended to motivate staff to use a secure password manager and store data in an encrypted form. It is therefore important to note that, even if some strokes are logged, layered protection decreases the general risk.
3. Segment Networks and Limit Privileges: Small departmental breakouts or micro-segmentation hold keylogger attacks to the least areas possible. Restricting user rights also prevents the amount of data that can be accessed in case of a breach. This “least-privilege” principle applies also to the software level, where every user has the least amount of privileges possible. In the worst-case analyses, damage is contained.
4. Conduct Regular Security Training: Most of the infiltrations are achieved by taking advantage of human factors like clicking on links. Raising awareness among employees and discouraging them from opening phishing emails, downloading anything suspicious or clicking on unfamiliar links or attachments significantly reduces the likelihood of a cyber attack. Encouraging them to understand, “What is keylogger?” fosters proactive behavior. Focusing on situation awareness builds staff into your first line of defense.
5. Keep Systems Patched and Updated: Vulnerabilities in the software provide an open door for the attacker to sneak into the system without being noticed. Make sure the operating system, browsers, plugins, and firmware are updated. Running the scans at regular intervals helps in identifying the missing patches easily. This way, you minimize the success rates of keylogger infection attempts since the vulnerabilities are closed.

How to Remove a Keylogger from Your Device?

When a keylogger surfaces, there is a need to make sure that it is removed immediately to prevent further data loss. Incomplete removal results in the root or registry entries that enable the logger to stay. Below, we detail methods for how to get rid of keylogger infiltration thoroughly, ensuring no hidden processes linger:

1. Use Reputable Anti-Malware Tools: Perform a keylogger removal process using vendors with expertise in rootkits and focusing on the target keylogger. Conducting multiple scans, including the safe-mode scans, contributes to the full elimination of threats. The post-scan log indicates whether or not the files or services that were marked as suspicious are still present. Where possible, make sure that your operating system and anti-malware definitions are up-to-date.
2. Reverting System to a Clean Restore Point: If you have system restore enabled, go to the previous point when the keylogger’s dangerous infiltration was not present. This step helps undo any new registries and background tasks that were just created. Still, it may not always effectively remove complex kernel-level threats. Ensure that the restore point is clean in order to not reinfect the system with the same elements.
3. Boot from External Media: In some cases, infections are very persistent and it may be necessary to scan the computer from another OS on a USB or DVD. This external environment eliminates the possibility of sabotage of the compromised system. An efficient keylogger scanner can then uninstall hidden processes or drivers. This way, the drive is isolated to prevent the malicious app from auto-starting.
4. Manual File and Registry Cleanup: Power users or system administrators can look for malware entries in registry keys, services, and scheduled tasks. The search for random file names and directories is also a part of keylogger analysis. However, one must be careful—deleting the wrong key may lead to instability of the OS. It is always advisable to backup all important information before going ahead with the process.
5. Reinstall the Operating System: In extreme cases where the keylogger goes deeper by installing hooks in the kernel, it is safer to reinstall the operating system. This nuclear option ensures an environment that is free from scripts or drivers that may be concealed from the user. Though it is time consuming, it is effective in eliminating any residues that have been entrenched in the system. After the installation is complete, make sure the endpoints are protected from further infections.

Notable Keylogger Attacks

While keyloggers are not new, the increased sophistication of cybercriminals makes them show up in numerous high-profile cases. The following cases are examples of how keylogger infiltration is constantly evolving, from complex malvertising attacks to the skillful manipulation of official tracking networks. Understanding these keylogger attack narratives is important for organizations to realize the extent and sophistication of the attacks today. Below are five notable examples of keylogger attacks for your reference:  

1. Apple Find My Network Exploited for Keylogging (2024): Last year, it was discovered that Apple’s Find My network was exploited to surreptitiously broadcast keylogged information via Bluetooth devices. Hackers employed low-profile chips to record the keys pressed and pass the stolen login information through Apple’s geolocation service. Companies should scan for unknown Bluetooth connections, turn off tracking services on company-owned gadgets, and use endpoint protection to look for suspicious activity. Other measures, such as encrypting sensitive inputs and segmenting the networks can also help to reduce such exploitation.
2. Construction Firm Hit by Email Keylogger Attack (2022): A construction company suffered a keylogger attack in 2022 through a fake email attachment that affected the company’s project bids and financial software. The threat actors installed malware into the company’s system, which was able to record keystrokes to obtain bank credentials. To avoid such attacks, organizations should consider using endpoint protection with the help of behavioral analysis, limiting administrative privileges, and network segmentation to minimize the attacker’s ability to move laterally. It is also important to audit third-party software and email security at least on a regular basis.
3. Snake Keylogger Variant Spreads through Malvertising (2025): A new Snake Keylogger has been identified this year using phishing emails with malicious attachments and misleading users to fake download websites, which install a keylogger that captures keystrokes and screenshots. The campaign has used compromised ad networks to target industries that include banking and e-commerce, obtaining credentials and session cookies. To mitigate the effects of malvertising, businesses should implement ad-blockers, analyze network traffic for suspicious redirects, and educate employees about unverified download sources. The use of endpoint detection tools with sandboxing of suspicious files and secure browser policies can effectively counter such threats.
4. CVE-2023-47250 Exposes Keylogger Vulnerability (2023): CVE-2023-47250 exposed a software defect through which attackers could introduce keyloggers and facilitate credential harvesting. Specifically, unpatched systems remained highly susceptible to privilege escalation and silent data theft. Organizations have to implement patch management policies, perform periodic vulnerability assessments, and integrate endpoint detection and response (EDR) systems. Other measures that may reduce exploitation risks include network traffic monitoring and the least-privilege access models.

Keyloggers Protection with SentinelOne

SentinelOne’s platform gives you complete protection from every type of keylogger. It will detect and prevent keylogging attacks before they can log what you are typing. You can use real-time monitoring that records suspicious keystrokes in real-time.

The platform detects keylogger activities using AI, even when they employ the most advanced methods. It will quarantine the threat automatically and prevent it from running. If you are forced to respond to a keylogger attack, SentinelOne indicates to you precisely how it infected your system.

SentinelOne doesn’t just find keyloggers – it stops them completely. You should know that it blocks the actual processes keyloggers use to intercept your keystrokes. They will try to hide using advanced methods, but SentinelOne’s deep visibility catches them anyway.

You can roll back any changes made by keyloggers with SentinelOne’s remediation features. It will restore any modified files to their original state. Before you choose any security solution, make sure it handles keyloggers at every level. SentinelOne covers all these bases and gives you full protection against keylogger attacks that bypass traditional security tools.

Conclusion

As keylogger tactics become more complex and diverse, it is crucial for enterprises to adopt a layered security approach. Recognizing “what is keylogger?” is merely the first step in a continuous battle. Understanding the history, infection methods, detection, and removal processes discussed in this article can significantly reduce organizations’ vulnerability to keylogger attacks. As important as these are, it is just as essential to invest in stringent staff training and real-time monitoring, which act as formidable barriers to the likelihood of an attack in the first place.

Another crucial factor that cannot be overemphasized is the need to remain vigilant and employ sophisticated security measures. Whether it is hardware interceptors or software hooking methods, lack of consideration towards keylogger threats can lead to drastic outcomes, including loss of money and tarnished reputation.

Ready to shield your enterprise from keyloggers?  Utilize SentinelOne Singularity™ Endpoint to identify, quarantine, and eliminate keylogger threats before they threaten confidential information. Protect your endpoints and keep yourself worry-free with the help of artificial intelligence real-time protection.