Malwarebytes just proved its no-logs VPN policy is the real deal
The cybersecurity veteran handed over its source code to X41 D-Sec to verify its privacy claims, taking a major step toward radical transparency
by https://www.techradar.com/uk/author/rene-millman · TechRadarNews By Rene Millman published 6 April 2026
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Become a Member in Seconds
Unlock instant access to exclusive member features.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
You are now subscribed
Your newsletter sign-up was successful
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
An account already exists for this email address, please log in. Subscribe to our newsletter
- Malwarebytes completed its first third-party no-log audit
- The deep-dive assessment found zero evidence of user data logging
- Identified vulnerabilities, including one critical, have been addressed
Malwarebytes has announced the completion of the first-ever independent, third-party security audit of its VPN infrastructure. Following its 2024 acquisition of AzireVPN, Malwarebytes handed over the keys to its custom privacy architecture to the renowned security audit provider X41 D-Sec.
Why does this matter to you? A no-logs policy is a promise that a VPN provider isn't tracking, storing, or sharing your IP address, browsing history, or DNS queries. But without an external audit, there's no way to verify that your data isn't being quietly collected on the backend. By opening up its core source code and server configurations, Malwarebytes follows the lead of the best VPNs on the market to deliver concrete proof that your internet traffic remains entirely invisible.
Unlike a surface-level scan, X41 D-Sec conducted a grueling two-month "white-box" penetration test. This methodology gave the auditors full access to the Malwarebytes Privacy VPN apps across Windows, macOS, iOS, and Android, as well as a deep dive into its global network of RAM-only, diskless servers.
Moving beyond "trust us"
For a VPN to be truly secure, the infrastructure running the service needs to be bulletproof. In the final report, auditors confirmed that the provider's technical architecture is consistent with its privacy policy, finding no evidence of logging user activity.
"During our assessment, we did not observe evidence of user activity logging, and access to systems is tightly controlled, with no unnecessary remote, local, or SSH access exposed," X41 D-Sec noted in the official audit report.
In an industry where transparency is becoming a mandatory requirement to compete with heavyweights like NordVPN and ExpressVPN, this move positions Malwarebytes as a verified privacy defender.
According to Marcin Kleczynski, Founder and CEO of Malwarebytes, the days of blind faith in cybersecurity are over.
"Trust shouldn't be a leap of faith; it should be an informed choice based on evidence,” Kleczynski explained. "If a VPN provider can’t offer that level of transparency through an independent audit, it’s worth questioning whether it should be trusted at all."
Patching the gaps
The true value of an independent audit isn't just proving a company is doing things right; it's finding the flaws before malicious actors do.
The X41 D-Sec report concluded that Malwarebytes' systems are at a "good security level" compared to systems of similar size and complexity. Crucially, the auditors did uncover vulnerabilities during their deep dive, including one critical issue. Rather than hiding these flaws, Malwarebytes collaborated with the auditors to patch them.
According to X41, "While vulnerabilities were identified, most have already been addressed, including one critical issue, with remaining items in the process of being resolved."
By combining a software audit with hardware penetration testing, Malwarebytes is setting a high bar for its future privacy features. As Jérôme Boursier, Principal Research Engineer at Malwarebytes, noted: "This thorough security audit provides the level of transparency any VPN provider and privacy company should aim for."
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors