Traditional cybersecurity approaches are focused on reporting about intrusions after the fact, in what is known as an “incident response.” What this means is that an adversary—commonly referred to as a “hacker”—finds some way to gain access to a target and compromises it. The target can be accessed through vulnerabilities in web frameworks, internet browsers, or internet infrastructure such as routers and modems. Regardless of how they gain access, once an attacker is discovered, the forensics about the attack, including basic information known as Indicators of Compromise (IOCs) like IP addresses, domain names, or malware hashes, are shared across the cybersecurity community. These IOCs are then used broadly to thwart future attacks.