Threat intelligence

Learn from every agent, defend each one.

Reputation the whole network contributes to, model-scored threat classes your rules can target, and a behavioral baseline per agent. Each layer is fail-open, so intelligence sharpens decisions without ever blocking on them.

Open the console Read the docs

Cross-tenant feed · model-scored classes · per-agent baselines

network judgment

host tools.shadyvendor.io

flags 12 organizations

risk 35 → 90

fail-open: intelligence raises risk, never blocks on its own

Intelligence layers

~20

Calls to learn a baseline

3σ

Spike threshold

k ≥ 5

Anonymity floor

How it fits together

Three layers, one decision.

Each layer feeds the same risk picture. Together they catch what a single call never could.

Cross-tenant reputation

An opt-in feed of card verdicts, protected by a k-anonymity floor and fail-open by design.

Model assessment

A model scores your riskiest calls and returns a threat class your rules can target.

Behavioral baseline

Per-agent normal for tools, risk, and active hours, with deviations flagged.

Network reputation

When one tenant flags a host, everyone benefits.

Verdicts are recorded anonymously with a k-anonymity floor. Once enough organizations have flagged a host, that shared judgment folds into your local risk on later preflights.

host

organizations reporting12

k-anonymity floor at 5

Most reports were a deny or high score

Feed unavailable

Network judgment

tools.shadyvendor.io

your preflight risk35→90

Network raises your risk to 90

12 organizations have flagged tools.shadyvendor.io. That shared judgment folds into your local risk as critical, so your agent treats the host with the caution the wider network already learned.

Model-scored

A second opinion on your riskiest calls.

High-risk and critical calls are assessed by a model that returns a threat class and a calibrated score your policies and response rules can target.

Team and above

A risky call

aws.s3.deleteBucket96

model assessment

threat class

data exfiltration

calibrated score

recommendation

block

Use it in a rule

Policies and response rules can target data_exfiltration directly. Policy engine and automated response both accept a threat class as a predicate.

Behavioral

Every agent has a normal. We learn it.

After about twenty calls the platform knows an agent's usual tools, risk, and active hours, then flags a new tool, a risk spike beyond mean plus three sigma, and off-hours activity.

Observed call

baseline: 84 calls

tool

risk80

normal band 0 to 52 (mean + 3σ)

hour (UTC)03:00

usual hours 13:00 to 21:00 UTC

Still learning this agent

What the baseline flags

medium
new tool
first-ever call to "aws.s3.delete"
high
risk spike
risk 80 far above its baseline (mean 22)
low
off hours
active at 03:00 UTC, outside its usual hours

Closing the loop

Intelligence becomes a predicate.

None of this is a separate dashboard to watch. A threat class is a first-class predicate in the rest of the platform.

Target a threat class in policy

Write a rule that holds or denies any call the model classes as data exfiltration.

See the policy engine

Respond to a class automatically

Quarantine an agent the moment an assessment returns a class you care about.

See automated response

Keep exploring

Turn every agent's behavior into a defense.

Share what the network learns, score your riskiest calls, and catch the agent that suddenly acts unlike itself.

Open the console Compare plans

Learn from every agent, defend each one.

Three layers, one decision.

Cross-tenant reputation

Model assessment

Behavioral baseline

When one tenant flags a host, everyone benefits.

Network judgment

A second opinion on your riskiest calls.

Every agent has a normal. We learn it.

Observed call

What the baseline flags

Intelligence becomes a predicate.

Target a threat class in policy

Respond to a class automatically

Continue across the control plane.

Agent identity

MCP gateway

Policy engine

Content inspection

Automated response

Developers

Pricing

Turn every agent's behavior into a defense.