BlackDome Product Stack

Live attacker evidence for humans, APIs, and AI agents.

BlackDome captures real attacker sessions through honeypots, packages the evidence, and makes it queryable through MCP, API, reports, and enterprise feeds. Sentinel is the guided defence layer we are hardening next.

The offer, in the order customers can use it.

Start free with public evidence and MCP. Move up to real-time API access, paid intelligence packages, and enterprise delivery when the workflow is proven.

01
Free entry point

Sample evidence

Preview redacted attacker telemetry, top scanners, indicator shape, payload clues, and campaign patterns from BlackDome honeypot sessions.

View Sample Evidence ->
02
AI access

MCP and API

Connect Claude, Cursor, ChatGPT, Slack workflows, or your own LLM so agents can query evidence instead of guessing from stale dashboards.

Connect MCP ->
03
Paid data

Red Team packages

Buy IOC bundles, attack-pattern reports, and targeted intelligence packages generated from real attacker contact.

View Packages ->
04
Enterprise

Feeds and licensing

License real-time API access, STIX/TAXII delivery, firehose data, managed collection, and MSSP/OEM distribution paths.

View Pricing ->
Sentinel Dev Preview

Sentinel and managed honeypots stay on the roadmap - gated on purpose.

Sentinel is the future defence layer: deployable host tripwires, customer honeypots, detonation evidence, and bounded response. It is visible because it matters, but it is not the default self-serve product yet.

Guided deployments only

Sentinel and managed honeypot deployments are available for selected clients while the self-serve agent matures.

Defence layer, not the front door

The public offer starts with intelligence, MCP, API, and packages. Sentinel becomes the host-response layer when the customer is ready.

Built from the same telemetry

The same attacker contact that powers the feeds will drive Sentinel tripwires, detonation context, and bounded response.

Product lines

These are the named BlackDome offers that sit under the intelligence platform.

Threat Intelligence Feed

Observed IOCs, attacker infrastructure, payload context, and STIX/TAXII paths.

Explore ->

Credential Intelligence

Credential attempts captured during active exploitation across exposed protocols.

Explore ->

ThreatDrop

Forward suspicious emails and turn results into evidence reports and workflows.

Explore ->

Brand Monitoring

Phishing, impersonation, and takedown workflows backed by live attacker signal.

Explore ->
Research Layer

Built for agentic security workflows.

BlackDome is not just another dashboard. The long-term architecture is AI-readable evidence, bounded action, and verifiable decisions across security workflows.

Semiotic Governance

The research layer behind bounded agent decisions, typed events, and audit-ready proof trails.

Proof Packs

Decision records are designed to carry evidence, reasoning, and action context for review.

Agent-Readable Evidence

BlackDome data is structured so LLM tools can query sessions, IOCs, credentials, and anomalies directly.

Start with evidence your AI can query.

Connect MCP for free, inspect the public intelligence layer, then upgrade to real-time data, Red Team packages, or enterprise feed delivery when you need more.