Malwarebytes Completes Audit of AzireVPN, Reinforcing Transparency

X41 D-Sec audited VPN software and hardware

Malwarebytes, a global leader in online protection, announced the completion of its first independent third-party security audit of the AzireVPN infrastructure. Malwarebytes acquired AzireVPN in 2024 to bring its bespoke privacy features to its VPN solution and now leverages the AzireVPN infrastructure. The comprehensive assessment, conducted by renowned security audit provider X41 D-Sec, validates the integrity of Malwarebytes infrastructure and its strict adherence to its no-logs policy.

In an industry where trust is often requested but rarely verified, Malwarebytes made the strategic decision to open its entire source code, server configurations, and internal processes to external scrutiny.

Read More: Domain-Specific Language Models: Is It the Next Evolution of Enterprise AI?

“Trust shouldn’t be a leap of faith; it should be an informed choice based on evidence,” said Marcin Kleczynski, Founder and CEO, Malwarebytes. “By completing this audit, we are moving beyond promises and providing our users with objective proof that their data is handled with the highest privacy and security standards. If a VPN provider can’t offer that level of transparency through an independent audit, it’s worth questioning whether it should be trusted at all. We hope this helps people make better decisions about who they trust with their internet traffic and activity.”

Audit Scope and Methodology 
The audit was conducted by X41 D-Sec over a period of two months and employed a white-box penetration testing methodology to review the software and hardware Malwarebytes developed and deployed to operate its VPN service. This provided the auditors with full access to:

• Core applications: Source code for Windows/macOS/Android/iOS apps.
• Server infrastructure: A deep dive into the configuration of Malwarebytes’s global VPN node network.
• Privacy architecture: Verification of the “no-logs” systems to ensure no identifiable user metadata is stored or accessible.

Key Findings

• Zero-logs verification: Auditors confirmed that the technical architecture is consistent with Malwarebytes’s privacy policy, finding no evidence of logging user IP addresses, browsing history, or DNS queries. X41 noted, “During our assessment, we did not observe evidence of user activity logging, and access to systems is tightly controlled, with no unnecessary remote, local, or SSH access exposed.”
• Good security level: The final report concluded that the Malwarebytes “systems appear to be on a good security level compared to systems of similar size and complexity.”
• Swift response to findings: Malwarebytes worked with the X41 team to quickly inspect and address findings. X41 shared, “While vulnerabilities were identified; most have already been addressed, including one critical issue, with remaining items in the process of being resolved.”

“This thorough security audit provides the level of transparency any VPN provider and privacy company should aim for,” said Jérôme Boursier, Principal Research Engineer and privacy advocate at Malwarebytes. “Combining a software audit with hardware penetration testing is invaluable. It gives our users a clear understanding of how we operate and how we stand apart from competitors. These results reinforce our commitment to security and will guide us in setting a higher standard for our users.”

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.