Threat Intelligence
MITRITY's threat intelligence system provides a shared, privacy-first feed of threat indicators specific to AI agent governance. Unlike traditional threat intel focused on network IOCs and malware signatures, MITRITY's feed tracks behavioral patterns, injection signatures, and tool abuse techniques observed across the platform.
Overview
The threat intelligence system operates on three principles:
- Privacy-first: No tenant data, agent identifiers, or payloads are shared. Only anonymized, abstracted threat patterns are distributed.
- Tenant-isolated: Each tenant's data is isolated. Threat indicators are generated from aggregate, anonymized observations.
- Actionable: Every indicator includes severity, recommended action, and detection rules that can be automatically applied.
When MITRITY detects a novel attack pattern against one tenant, the pattern is abstracted into a threat indicator and distributed to all tenants via the threat feed. This creates a network effect: the more tenants use MITRITY, the stronger the threat detection for everyone.
Indicator Types
The threat feed includes five types of indicators:
Action Pattern
Specific agent action patterns associated with malicious behavior.
{
"id": "ind_8k2m4n",
"type": "action_pattern",
"severity": "high",
"title": "Recursive file enumeration before exfiltration",
"description": "Agent systematically enumerates filesystem directories before attempting bulk data transfer. Observed in 3 independent incidents across the platform.",
"indicator": {
"pattern": "regex:^fs\\.(list_dir|enumerate|walk)$",
"followed_by": "regex:^(http\\.post|s3\\.put_object|blob\\.upload)$",
"window": "5m",
"min_occurrences": 10
},
"source": "platform_generated",
"first_seen": "2026-02-15T08:00:00Z",
"last_seen": "2026-02-28T14:30:00Z",
"match_count_global": 47
}
Behavioral Hash
A hash representing a specific sequence of agent behaviors that has been associated with malicious activity. Behavioral hashes are generated by the ML models and capture complex multi-step attack patterns.
{
"id": "ind_9j3n5p",
"type": "behavioral_hash",
"severity": "critical",
"title": "Credential harvesting behavioral signature",
"description": "Multi-step behavioral pattern: agent reads configuration files, extracts credentials, then attempts outbound network connection to an unrecognized endpoint.",
"indicator": {
"hash": "bhash_a1b2c3d4e5f6",
"model_version": "tcn-v2.4",
"confidence": 0.94
},
"source": "platform_generated",
"first_seen": "2026-02-20T12:00:00Z",
"last_seen": "2026-03-01T09:15:00Z",
"match_count_global": 12
}
Injection Signature
Specific prompt injection patterns, including novel techniques not yet covered by the standard detection rules.
{
"id": "ind_7p4q2r",
"type": "injection_signature",
"severity": "high",
"title": "Unicode homoglyph instruction override",
"description": "Injection technique using Unicode homoglyph characters to visually mimic legitimate text while embedding hidden instructions. Detected in customer-facing chat agents.",
"indicator": {
"signature": "\\u0456\\u0261\\u0578\\u043e\\u0433\\u0435",
"decoded": "ignore",
"technique": "unicode_homoglyph",
"detection_regex": "[\\u0400-\\u04FF\\u0500-\\u052F]{3,}.*(?:instruction|ignore|override|system)"
},
"source": "mitrity_curated",
"first_seen": "2026-02-25T16:00:00Z",
"last_seen": "2026-03-01T11:00:00Z",
"match_count_global": 23
}
Tool Abuse Pattern
Patterns of tool misuse — using legitimate tools in ways that indicate malicious intent.
{
"id": "ind_5r2s8t",
"type": "tool_abuse_pattern",
"severity": "medium",
"title": "Database enumeration via information_schema",
"description": "Agent querying information_schema tables to enumerate database structure before accessing sensitive tables. Common reconnaissance technique.",
"indicator": {
"tool_category": "database",
"action_sequence": [
"db.postgres.query:information_schema.tables",
"db.postgres.query:information_schema.columns",
"db.postgres.query:*"
],
"window": "10m"
},
"source": "mitrity_curated",
"first_seen": "2026-01-15T10:00:00Z",
"last_seen": "2026-03-01T08:00:00Z",
"match_count_global": 156
}
Delegation Pattern
Malicious delegation patterns — agent-to-agent delegation sequences associated with privilege escalation or circular attacks.
{
"id": "ind_3u6v9w",
"type": "delegation_pattern",
"severity": "critical",
"title": "Privilege escalation via intermediary delegation",
"description": "Agent with low privileges delegates to an intermediary, which delegates to a high-privilege agent. The intermediary has no legitimate business purpose in the chain.",
"indicator": {
"chain_pattern": [
{ "role": "low_privilege", "action": "delegate.*" },
{ "role": "intermediary", "action": "delegate.*" },
{ "role": "high_privilege", "action": "*" }
],
"depth": 3,
"privilege_escalation": true
},
"source": "platform_generated",
"first_seen": "2026-02-10T14:00:00Z",
"last_seen": "2026-02-28T16:45:00Z",
"match_count_global": 8
}
Severity Levels
Each indicator is assigned a severity level:
| Level | Description | Recommended Response |
|---|---|---|
critical | Active exploit technique with confirmed impact | Block immediately, investigate all matches |
high | Known attack pattern with high confidence | Block or hold for review |
medium | Suspicious pattern that may indicate malicious activity | Alert and monitor |
low | Informational pattern that warrants awareness | Log for analysis |
info | Context and background information | No action required |
Feed Sources
Indicators come from three sources:
MITRITY Curated
Hand-crafted indicators maintained by the MITRITY security research team. These are high-confidence, well-documented patterns based on active research and incident analysis.
- Update frequency: Weekly or as needed for critical threats
- Confidence: Very high
- Documentation: Detailed analysis and remediation guidance included
Platform Generated
Automatically generated by MITRITY's ML models based on patterns observed across the platform. These indicators represent anomalies detected at scale.
- Update frequency: Continuous
- Confidence: High (validated by ML models with >90% precision)
- Documentation: Automated description with statistical context
Community
Indicators submitted by MITRITY customers via the threat submission API. Community indicators are reviewed and validated by the MITRITY security team before distribution.
- Update frequency: Varies
- Confidence: Moderate (requires validation)
- Documentation: Submitter-provided description, validated by MITRITY
Tenant Matching
MITRITY automatically matches threat indicators against your agent activity. When a match is found, a tenant match event is created.
How Matching Works
- New indicators are pushed via the heartbeat channel.
- The gateway evaluates each agent action against the active indicator set.
- When a match is found, the match event is reported to the control plane.
- The control plane enriches the event and applies the configured response action.
Match Event Structure
{
"id": "0c5d4f3a-1b2c-4d5e-9f8a-7b6c5d4e3f2a",
"tenant_id": "9f8a7b6c-5d4e-3f2a-1b2c-4d5e6f7a8b9c",
"indicator_id": "5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a",
"indicator_name": "Database enumeration via information_schema",
"indicator_type": "tool_abuse_pattern",
"agent_id": "1b2c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7e",
"agent_name": "data-bot",
"event_id": "3f2a1b2c-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
"matched_value": "SELECT * FROM information_schema.tables",
"action_taken": "alerted",
"severity": "medium",
"occurred_at": "2026-03-01T14:30:00Z",
"created_at": "2026-03-01T14:30:01Z"
}
action_taken is one of blocked, alerted, logged, or suppressed. The suppressed value appears only when a per-tenant suppression with mode: log_only was active at match time — see Suppressions below.
Viewing Matches
Navigate to Security > Threat Intelligence > Matches in the dashboard to view all indicator matches for your tenant.
Settings
Tenant-Wide Settings
Tenant-wide threat-intel settings cover three things: feed subscription, anonymized-contribution opt-in, and the default action applied to all matches that don't have a per-indicator override.
curl https://api.mitrity.com/api/v1/threat-intelligence/settings \
-H "Authorization: Bearer mk_your-api-key"
{
"id": "5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a",
"tenant_id": "9f8a7b6c-5d4e-3f2a-1b2c-4d5e6f7a8b9c",
"contribute_data": true,
"subscribed_feeds": ["mitrity_curated", "platform_generated", "osv"],
"default_action": "alert",
"created_at": "2026-02-01T00:00:00Z",
"updated_at": "2026-03-01T00:00:00Z"
}
| Field | Type | Description |
|---|---|---|
contribute_data | bool | Whether to share anonymized threat patterns with the community feed. |
subscribed_feeds | array | Which feeds to ingest. Subset of mitrity_curated, platform_generated, community, osv (OSV.dev + CISA KEV auto-ingest). |
default_action | enum | One of block, alert, log. Applied to every match unless a per-indicator override says otherwise. |
Update with PUT /api/v1/threat-intelligence/settings:
curl -X PUT https://api.mitrity.com/api/v1/threat-intelligence/settings \
-H "Authorization: Bearer mk_your-api-key" \
-H "Content-Type: application/json" \
-d '{
"contribute_data": true,
"subscribed_feeds": ["mitrity_curated", "platform_generated", "osv"],
"default_action": "alert"
}'
Editors and above. Viewers receive 403 Forbidden.
Per-Indicator Overrides
Override the severity or action for a specific indicator within your tenant. Pro plan and above.
curl -X PUT https://api.mitrity.com/api/v1/threat-intelligence/indicators/5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a/override \
-H "Authorization: Bearer mk_your-api-key" \
-H "Content-Type: application/json" \
-d '{
"severity_override": "critical",
"action_override": "block",
"note": "Verified this pattern matches a real incident in our environment"
}'
| Field | Type | Description |
|---|---|---|
severity_override | enum or "" | One of critical, high, medium, low, info. Pass "" to clear. Omit to leave unchanged. |
action_override | enum or "" | One of block, alert, log. Pass "" to clear. Omit to leave unchanged. |
note | string or "" | Free-form annotation for audit / customer review. Pass "" to clear. Omit to leave unchanged. |
Overrides take precedence over default_action. Remove an override entirely with DELETE:
curl -X DELETE https://api.mitrity.com/api/v1/threat-intelligence/indicators/5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a/override \
-H "Authorization: Bearer mk_your-api-key"
DELETE /override clears all override fields and any active suppression on that indicator. Use DELETE /suppress (below) if you only want to lift the suppression while keeping severity/action tweaks.
Tenants on the Starter plan receive 402 Payment Required with code: plan_upgrade_required when calling these endpoints.
Suppressions
Silence noisy indicators for your tenant without dropping them from the feed entirely. Pro plan and above.
Two modes — pick at suppression time based on whether you want the audit trail:
| Mode | What happens at match time |
|---|---|
log_only (default) | A threat_matches row is still written with action_taken: "suppressed". You keep a paper trail of every match. |
silent | No row written. Useful when the indicator is firing on internal infrastructure and the noise is overwhelming. |
curl -X POST https://api.mitrity.com/api/v1/threat-intelligence/indicators/5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a/suppress \
-H "Authorization: Bearer mk_your-api-key" \
-H "Content-Type: application/json" \
-d '{
"mode": "log_only",
"until": "2026-06-01T00:00:00Z",
"reason": "Known maintenance run; revisit after the migration completes"
}'
| Field | Type | Description |
|---|---|---|
mode | enum | log_only (default) or silent. Omit to default to log_only. |
until | datetime | RFC3339 timestamp at which the suppression auto-expires. Omit for indefinite. Must be in the future. |
reason | string | Free-form annotation. Highly recommended for the audit trail. |
Expired suppressions stop applying immediately — the check is at match-evaluation time, not via a cron. Lift a suppression early with DELETE:
curl -X DELETE https://api.mitrity.com/api/v1/threat-intelligence/indicators/5d4e3f2a-1b2c-4d5e-9f8a-7b6c5d4e3f2a/suppress \
-H "Authorization: Bearer mk_your-api-key"
DELETE /suppress clears only the suppression fields and preserves any severity or action override on the same indicator.
Review suppressions quarterly — the indicators are often the ones worth most attention once the temporary justification is gone.
API Reference
All threat-intelligence endpoints are mounted at /api/v1/threat-intelligence. Bearer-token auth is required throughout; see API Overview for the auth scheme.
List Indicators
curl "https://api.mitrity.com/api/v1/threat-intelligence/indicators?severity=critical&indicator_type=injection_signature" \
-H "Authorization: Bearer mk_your-api-key"
Returns the indicators visible to your tenant — that is, indicators belonging to feeds you're subscribed to via settings.subscribed_feeds. The response includes a per-tenant override object when one is set for that indicator.
Query parameters — all optional, independently composable. Empty-string values are treated as absent; invalid values 400.
| Parameter | Values |
|---|---|
indicator_type | action_pattern, behavioral_hash, injection_signature, tool_abuse_pattern, delegation_pattern |
severity | critical, high, medium, low, info |
feed | mitrity_curated, platform_generated, community |
Response:
[
{
"id": "7b6c5d4e-3f2a-1b2c-4d5e-9f8a7b6c5d4e",
"indicator_type": "injection_signature",
"pattern": "(?i)ignore\\s+previous\\s+instructions",
"name": "Prompt injection: ignore previous",
"description": "Detects common prompt-injection pattern",
"severity": "high",
"feed": "mitrity_curated",
"contributing_tenant_count": 12,
"total_event_count": 87,
"enabled": true,
"expires_at": null,
"created_at": "2026-02-25T16:00:00Z",
"updated_at": "2026-03-01T11:00:00Z",
"override": {
"severity_override": "critical",
"action_override": "block",
"suppressed_mode": null,
"suppressed_until": null,
"suppressed_reason": null,
"note": "Verified incident in production",
"created_at": "2026-03-01T09:00:00Z",
"updated_at": "2026-03-01T09:00:00Z"
}
}
]
Get Indicator
curl https://api.mitrity.com/api/v1/threat-intelligence/indicators/7b6c5d4e-3f2a-1b2c-4d5e-9f8a7b6c5d4e \
-H "Authorization: Bearer mk_your-api-key"
Returns a single indicator. Same shape as one element of GET /indicators, including the override object when present.
Set / Clear Override
See Per-Indicator Overrides above for the request body and semantics.
PUT /api/v1/threat-intelligence/indicators/{id}/override
DELETE /api/v1/threat-intelligence/indicators/{id}/override
Suppress / Lift Suppression
See Suppressions above for the request body and the log_only vs silent modes.
POST /api/v1/threat-intelligence/indicators/{id}/suppress
DELETE /api/v1/threat-intelligence/indicators/{id}/suppress
List Matches
curl "https://api.mitrity.com/api/v1/threat-intelligence/matches?limit=50&offset=0" \
-H "Authorization: Bearer mk_your-api-key"
Query parameters:
| Parameter | Type | Description |
|---|---|---|
limit | integer | Results per page. Default 50, max 100. |
offset | integer | Pagination offset. Capped at 1,000,000. |
Returns an array of match-event objects. Sorted by occurred_at desc.
Match Summary
curl https://api.mitrity.com/api/v1/threat-intelligence/matches/summary \
-H "Authorization: Bearer mk_your-api-key"
Aggregate counts across all matches for the calling tenant — no time window, lifetime totals.
Response:
{
"total": 47,
"by_severity": {
"critical": 2,
"high": 9,
"medium": 21,
"low": 12,
"info": 3
},
"by_action": {
"blocked": 11,
"alerted": 28,
"logged": 4,
"suppressed": 4
},
"by_type": {
"injection_signature": 18,
"tool_abuse_pattern": 14,
"behavioral_hash": 9,
"action_pattern": 5,
"delegation_pattern": 1
},
"top_agents": [
{
"agent_id": "1b2c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7e",
"agent_name": "data-bot",
"match_count": 12
}
]
}
Trending Indicators
curl "https://api.mitrity.com/api/v1/threat-intelligence/trending?window_days=30&limit=20" \
-H "Authorization: Bearer mk_your-api-key"
Indicators ranked by how many times they fired against your tenant within a rolling window. Powers the Landscape view in the dashboard.
Query parameters — both optional.
| Parameter | Range | Default |
|---|---|---|
window_days | 1..90 | 7 |
limit | 1..100 | 20 |
Response:
[
{
"indicator": { "id": "…", "name": "…", "severity": "high", "indicator_type": "injection_signature", "...": "..." },
"match_count": 42,
"affected_agent_count": 3,
"first_match_at": "2026-05-15T10:00:00Z",
"last_match_at": "2026-05-21T20:00:00Z"
}
]
The indicator field uses the same shape as the List Indicators response, including the per-tenant override object when one is set. Ties on match_count break by last_match_at desc.
Settings
See Tenant-Wide Settings above.
GET /api/v1/threat-intelligence/settings
PUT /api/v1/threat-intelligence/settings
Dashboard Features
Indicators
The Indicators tab at Security > Threat Intelligence shows the active indicators visible to your tenant — name, type, severity, feed, pattern, expiry. Rows with a per-tenant override show a Tuned or Suppressed (log only / silent) badge in the Override column, and the severity cell shows the effective severity with the original feed value crossed out alongside.
The action column on each row lets editors and above:
- Set or clear a severity / action override.
- Suppress an indicator (log-only or silent, with optional expiry).
- Lift a suppression early.
These actions require the Pro plan; tenants on Starter see a Pro → upgrade link in place of the row actions.
Matches
The Matches tab shows every threat match recorded for your tenant — when it happened, which agent triggered it, which indicator matched, the action taken (blocked, alerted, logged, or suppressed), and the severity at the time of match. Log-only suppressions appear here too, marked with action_taken: suppressed.
Landscape
The Landscape tab ranks indicators by how often they fired in a rolling window (7 / 30 / 90 days, switchable inline). Each row shows the indicator name, type, severity, match count, the number of distinct agents that triggered it, and how recently it last fired. Useful for spotting noisy indicators that are candidates for a tenant override, or genuine attack-pattern spikes that warrant investigation.
Settings
The Settings tab covers the three tenant-wide controls:
- Contribute anonymized data to the community feed (toggle).
- Subscribed feeds — which of
mitrity_curated,platform_generated, andcommunityyour tenant ingests. - Default action — what happens on every match unless a per-indicator override says otherwise.
Best Practices
Stay Subscribed to the Curated Feed
The mitrity_curated feed is the highest-confidence source — keep it in subscribed_feeds. Adding platform_generated and community brings broader coverage at the cost of more noise.
Pick a Sensible Default Action
default_action: alert is the safe choice for most tenants: matches are logged and surfaced in the dashboard without blocking legitimate agent activity. Move to block only once you've reviewed at least a week of alerted matches and know what you'd be blocking.
Override Before You Suppress
If a single indicator is misfiring on legitimate agent activity, try a severity / action override first — severity_override: low plus action_override: log keeps the indicator active but quiet. Suppression should be reserved for indicators you've decided don't apply to your environment at all.
Prefer log_only Suppression
Log-only suppression keeps the audit trail. Use silent only when the noise is genuinely overwhelming (e.g. an indicator firing thousands of times against an internal red-team exercise). Without the audit trail you lose the ability to retroactively spot real incidents that the suppression was hiding.
Set an Expiry on Suppressions
Suppressions without until are permanent and easy to forget. Default to a 30- or 90-day expiry and let the next firing remind you to revisit. Expired suppressions stop applying immediately — there's no cron lag.
Review Matches Regularly
Schedule weekly reviews of threat intelligence matches. Even matches that were logged (not blocked) may indicate probing or reconnaissance activity.
Correlate with Other Security Signals
Threat intelligence matches are most valuable when correlated with other security signals: injection events, DLP events, and delegation anomalies. The dashboard provides cross-referencing capabilities.
Related Documentation
- Injection Detection — Prompt injection detection and response
- Delegation Chains — Agent-to-agent delegation governance
- Credential Broker — Secure credential management
- Destination Allowlists — DLP destination controls
- ML Insights — ML-driven behavioral analytics