Security Firm Releases 114m-Record Dataset Built From Live Enterprise Attack Traffic

Real‑world, high‑fidelity cyber‑security data has been a scarce commodity for researchers and vendors alike. Most public repositories, such as CICIDS2017, rely on synthetic traffic that fails to capture the nuanced patterns of live attacks. WitFoo’s Precinct 6 dataset bridges that gap by delivering 114 million labelled events sourced from five US‑based enterprises, representing a breadth of telemetry across 158 security tools and more than 70 vendors. The sheer volume and authentic labeling provide a rare foundation for training and benchmarking next‑generation detection models.

The dataset’s release is especially timely as large language models (LLMs) like Anthropic’s upcoming Claude Mythos seek extensive, diverse inputs to understand adversary behavior. WitFoo estimates that processing the entire trove could require up to 250 billion tokens, translating to a compute cost between $1.88 million and $9.38 million depending on the model tier. Beyond the financial outlay, the energy demand—roughly 360 MWh, enough to power 33 homes for a year—raises sustainability concerns for organizations scaling AI‑driven security operations. These figures underscore the trade‑off between model performance and operational expense, prompting a re‑evaluation of data‑efficient training techniques.

By publishing the dataset under an Apache 2.0 licence on Hugging Face, WitFoo encourages open collaboration and democratizes access to enterprise‑grade threat data. Security vendors can leverage the set to refine rule‑based detection, while academic teams gain a benchmark for provenance‑graph intrusion detection and AI‑simulated cyber‑defence exercises. As regulatory pressure mounts for transparent, accountable AI in critical infrastructure, such shared resources may become a cornerstone of industry standards, fostering faster innovation while mitigating the risks of proprietary data silos.