Sample evidence
Preview redacted attacker telemetry, top scanners, indicator shape, payload clues, and campaign patterns from BlackDome honeypot sessions.
View Sample Evidence ->BlackDome captures real attacker sessions through honeypots, packages the evidence, and makes it queryable through MCP, API, reports, and enterprise feeds. Sentinel is the guided defence layer we are hardening next.
Start free with public evidence and MCP. Move up to real-time API access, paid intelligence packages, and enterprise delivery when the workflow is proven.
Preview redacted attacker telemetry, top scanners, indicator shape, payload clues, and campaign patterns from BlackDome honeypot sessions.
View Sample Evidence ->Connect Claude, Cursor, ChatGPT, Slack workflows, or your own LLM so agents can query evidence instead of guessing from stale dashboards.
Connect MCP ->Buy IOC bundles, attack-pattern reports, and targeted intelligence packages generated from real attacker contact.
View Packages ->License real-time API access, STIX/TAXII delivery, firehose data, managed collection, and MSSP/OEM distribution paths.
View Pricing ->Sentinel is the future defence layer: deployable host tripwires, customer honeypots, detonation evidence, and bounded response. It is visible because it matters, but it is not the default self-serve product yet.
Sentinel and managed honeypot deployments are available for selected clients while the self-serve agent matures.
The public offer starts with intelligence, MCP, API, and packages. Sentinel becomes the host-response layer when the customer is ready.
The same attacker contact that powers the feeds will drive Sentinel tripwires, detonation context, and bounded response.
These are the named BlackDome offers that sit under the intelligence platform.
Observed IOCs, attacker infrastructure, payload context, and STIX/TAXII paths.
Explore ->Credential attempts captured during active exploitation across exposed protocols.
Explore ->Forward suspicious emails and turn results into evidence reports and workflows.
Explore ->Phishing, impersonation, and takedown workflows backed by live attacker signal.
Explore ->BlackDome is not just another dashboard. The long-term architecture is AI-readable evidence, bounded action, and verifiable decisions across security workflows.
The research layer behind bounded agent decisions, typed events, and audit-ready proof trails.
Decision records are designed to carry evidence, reasoning, and action context for review.
BlackDome data is structured so LLM tools can query sessions, IOCs, credentials, and anomalies directly.
Connect MCP for free, inspect the public intelligence layer, then upgrade to real-time data, Red Team packages, or enterprise feed delivery when you need more.