In what cybersecurity experts are calling one of the most sophisticated operations of its kind, researchers of the Dutch Cyber Defense Force (DCDF) have uncovered a botnet of mind-boggling scale and complexity.

Dubbed the “Scooby Snack” botnet, the network is believed to surpass all previously known botnets both in size and technical sophistication, consisting of more than 1.337 million IP addresses, according to sources familiar with the ongoing inquiry.

In the words of DCDF’s Chief Paranoia Officer Henk de Vries:

“The Scooby Snack botnet represented an unprecedented level of scale and sophistication, surpassing any previously known botnets in size and complexity, according to our researchers.

We immediately launched a probe into the botnet’s activities. What we discovered sent shockwaves throughout the whole Dutch government. The Scooby Snack botnet was secretly mining Shaggy Coins and funneling the proceeds towards an AI agent optimized to promote and evangelize the Agile Scaling Framework SAFe. The AI agent was spending millions every day to buy ads on X, Facebook, TikTok, and many other social media platforms, to convince as many Dutch institutions as possible to adopt SAFe."

The discovery didn’t make any sense. Why would such a massive and elaborate botnet waste their time channeling money for something silly like promoting Scaled Agile Framework?

Then the DCDF started looking into project failure rates across governmental departments and it suddenly all clicked. The project failure rates for government departments using SAFe was close to 99%. Every team using SAFe was struggling to complete their projects on time.

“The threat landscape is evolving,” according to CPO de Vries. “It’s no longer about hacking infrastructure, it’s about compromising the way institutions think and operate. SAFe was employed as a trojan horse to intentionally degrade institutional performance, ushering in a new era of cyber security warfare that represents a massive threat to our national security.”

The Dutch authorities have yet to determine the origin of the botnet or the identity of those behind the operation, but officials say the investigation is ongoing and spans multiple jurisdictions.

The Dutch government has launched a quiet review of all the large-scale SAFe implementations across all 15 different ministries, with the vast majority of them having adopted SAFe.

The intent is to use SAFe to get rid of SAFe, and the currently projected end date to completely part ways with SAFe is 2049.

Dutch authorities have begun a gradual transition away from SAFe toward alternative approaches such as LeSS (Large Scale Scrum) and unFIX. These approaches, both with roots in the Netherlands, are seen as offering greater organizational flexibility and resilience—qualities increasingly prioritized amid concerns over institutional vulnerability and national security.