Threat Intelligence

MITRITY's threat intelligence system provides a shared, privacy-first feed of threat indicators specific to AI agent governance. Unlike traditional threat intel focused on network IOCs and malware signatures, MITRITY's feed tracks behavioral patterns, injection signatures, and tool abuse techniques observed across the platform.

Overview

The threat intelligence system operates on three principles:

1. Privacy-first: No tenant data, agent identifiers, or payloads are shared. Only anonymized, abstracted threat patterns are distributed.
2. Tenant-isolated: Each tenant's data is isolated. Threat indicators are generated from aggregate, anonymized observations.
3. Actionable: Every indicator includes severity, recommended action, and detection rules that can be automatically applied.

When MITRITY detects a novel attack pattern against one tenant, the pattern is abstracted into a threat indicator and distributed to all tenants via the threat feed. This creates a network effect: the more tenants use MITRITY, the stronger the threat detection for everyone.

Indicator Types

The threat feed includes five types of indicators:

Action Pattern

Specific agent action patterns associated with malicious behavior.

{
  "id": "ind_8k2m4n",
  "type": "action_pattern",
  "severity": "high",
  "title": "Recursive file enumeration before exfiltration",
  "description": "Agent systematically enumerates filesystem directories before attempting bulk data transfer. Observed in 3 independent incidents across the platform.",
  "indicator": {
    "pattern": "regex:^fs\\.(list_dir|enumerate|walk)$",
    "followed_by": "regex:^(http\\.post|s3\\.put_object|blob\\.upload)$",
    "window": "5m",
    "min_occurrences": 10
  },
  "source": "platform_generated",
  "first_seen": "2026-02-15T08:00:00Z",
  "last_seen": "2026-02-28T14:30:00Z",
  "match_count_global": 47
}

Behavioral Hash

A hash representing a specific sequence of agent behaviors that has been associated with malicious activity. Behavioral hashes are generated by the ML models and capture complex multi-step attack patterns.

{
  "id": "ind_9j3n5p",
  "type": "behavioral_hash",
  "severity": "critical",
  "title": "Credential harvesting behavioral signature",
  "description": "Multi-step behavioral pattern: agent reads configuration files, extracts credentials, then attempts outbound network connection to an unrecognized endpoint.",
  "indicator": {
    "hash": "bhash_a1b2c3d4e5f6",
    "model_version": "tcn-v2.4",
    "confidence": 0.94
  },
  "source": "platform_generated",
  "first_seen": "2026-02-20T12:00:00Z",
  "last_seen": "2026-03-01T09:15:00Z",
  "match_count_global": 12
}

Injection Signature

Specific prompt injection patterns, including novel techniques not yet covered by the standard detection rules.

{
  "id": "ind_7p4q2r",
  "type": "injection_signature",
  "severity": "high",
  "title": "Unicode homoglyph instruction override",
  "description": "Injection technique using Unicode homoglyph characters to visually mimic legitimate text while embedding hidden instructions. Detected in customer-facing chat agents.",
  "indicator": {
    "signature": "\\u0456\\u0261\\u0578\\u043e\\u0433\\u0435",
    "decoded": "ignore",
    "technique": "unicode_homoglyph",
    "detection_regex": "[\\u0400-\\u04FF\\u0500-\\u052F]{3,}.*(?:instruction|ignore|override|system)"
  },
  "source": "mitrity_curated",
  "first_seen": "2026-02-25T16:00:00Z",
  "last_seen": "2026-03-01T11:00:00Z",
  "match_count_global": 23
}

Tool Abuse Pattern

Patterns of tool misuse — using legitimate tools in ways that indicate malicious intent.

{
  "id": "ind_5r2s8t",
  "type": "tool_abuse_pattern",
  "severity": "medium",
  "title": "Database enumeration via information_schema",
  "description": "Agent querying information_schema tables to enumerate database structure before accessing sensitive tables. Common reconnaissance technique.",
  "indicator": {
    "tool_category": "database",
    "action_sequence": [
      "db.postgres.query:information_schema.tables",
      "db.postgres.query:information_schema.columns",
      "db.postgres.query:*"
    ],
    "window": "10m"
  },
  "source": "mitrity_curated",
  "first_seen": "2026-01-15T10:00:00Z",
  "last_seen": "2026-03-01T08:00:00Z",
  "match_count_global": 156
}

Delegation Pattern

Malicious delegation patterns — agent-to-agent delegation sequences associated with privilege escalation or circular attacks.

{
  "id": "ind_3u6v9w",
  "type": "delegation_pattern",
  "severity": "critical",
  "title": "Privilege escalation via intermediary delegation",
  "description": "Agent with low privileges delegates to an intermediary, which delegates to a high-privilege agent. The intermediary has no legitimate business purpose in the chain.",
  "indicator": {
    "chain_pattern": [
      { "role": "low_privilege", "action": "delegate.*" },
      { "role": "intermediary", "action": "delegate.*" },
      { "role": "high_privilege", "action": "*" }
    ],
    "depth": 3,
    "privilege_escalation": true
  },
  "source": "platform_generated",
  "first_seen": "2026-02-10T14:00:00Z",
  "last_seen": "2026-02-28T16:45:00Z",
  "match_count_global": 8
}

Severity Levels

Each indicator is assigned a severity level:

Level	Description	Recommended Response
critical	Active exploit technique with confirmed impact	Block immediately, investigate all matches
high	Known attack pattern with high confidence	Block or hold for review
medium	Suspicious pattern that may indicate malicious activity	Alert and monitor
low	Informational pattern that warrants awareness	Log for analysis
info	Context and background information	No action required

Feed Sources

Indicators come from three sources:

MITRITY Curated

Hand-crafted indicators maintained by the MITRITY security research team. These are high-confidence, well-documented patterns based on active research and incident analysis.

• Update frequency: Weekly or as needed for critical threats
• Confidence: Very high
• Documentation: Detailed analysis and remediation guidance included

Platform Generated

Automatically generated by MITRITY's ML models based on patterns observed across the platform. These indicators represent anomalies detected at scale.

• Update frequency: Continuous
• Confidence: High (validated by ML models with >90% precision)
• Documentation: Automated description with statistical context

Community

Indicators submitted by MITRITY customers via the threat submission API. Community indicators are reviewed and validated by the MITRITY security team before distribution.

• Update frequency: Varies
• Confidence: Moderate (requires validation)
• Documentation: Submitter-provided description, validated by MITRITY

Tenant Matching

MITRITY automatically matches threat indicators against your agent activity. When a match is found, a tenant match event is created.

How Matching Works

1. New indicators are pushed via the heartbeat channel.
2. The gateway evaluates each agent action against the active indicator set.
3. When a match is found, the match event is reported to the control plane.
4. The control plane enriches the event and applies the configured response action.

Match Event Structure

{
  "id": "match_8k2m",
  "indicator_id": "ind_5r2s8t",
  "indicator_title": "Database enumeration via information_schema",
  "indicator_type": "tool_abuse_pattern",
  "indicator_severity": "medium",
  "agent_id": "agt_data-bot",
  "agent_name": "data-bot",
  "action_type": "db.postgres.query",
  "match_confidence": 0.92,
  "action_taken": "alert",
  "timestamp": "2026-03-01T14:30:00Z"
}

Viewing Matches

Navigate to Security > Threat Intelligence > Matches in the dashboard to view all indicator matches for your tenant.

Settings

Default Action

Configure the default action taken when a threat indicator matches:

{
  "threat_intelligence": {
    "enabled": true,
    "default_action": "alert",
    "critical_action": "deny",
    "high_action": "hold",
    "medium_action": "alert",
    "low_action": "log"
  }
}

Setting	Default	Description
enabled	true	Enable or disable threat intelligence matching
default_action	alert	Default action for unspecified severity levels
critical_action	deny	Action for critical severity indicators
high_action	hold	Action for high severity indicators
medium_action	alert	Action for medium severity indicators
low_action	log	Action for low severity indicators

Per-Indicator Overrides

Override the default action for specific indicators:

curl -X PUT https://api.mitrity.com/api/v1/threat-intel/ind_5r2s8t/override \
  -H "Authorization: Bearer mk_live_your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "log",
    "reason": "This pattern is expected in our data pipeline agent"
  }'

Overrides take precedence over the severity-based default action.

Suppressions

Suppress an indicator entirely (no matching, no logging) for your tenant:

curl -X PUT https://api.mitrity.com/api/v1/threat-intel/ind_5r2s8t/suppress \
  -H "Authorization: Bearer mk_live_your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "Not applicable to our environment",
    "expires_at": "2026-06-01T00:00:00Z"
  }'

Suppressions can be permanent or time-limited. Review suppressions quarterly.

API Reference

List Indicators

curl "https://api.mitrity.com/api/v1/threat-intel?type=injection_signature&severity=critical,high&limit=25" \
  -H "Authorization: Bearer mk_live_your-api-key"

Query parameters:

Parameter	Type	Description
type	enum	Filter by indicator type
severity	enum	Filter by severity (comma-separated for multiple)
source	enum	Filter by source: mitrity_curated, platform_generated, community
created_after	datetime	Indicators created after this timestamp
limit	integer	Results per page (default: 25, max: 100)
cursor	string	Pagination cursor

Response:

{
  "data": [
    {
      "id": "ind_7p4q2r",
      "type": "injection_signature",
      "severity": "high",
      "title": "Unicode homoglyph instruction override",
      "source": "mitrity_curated",
      "first_seen": "2026-02-25T16:00:00Z",
      "last_seen": "2026-03-01T11:00:00Z",
      "match_count_global": 23,
      "match_count_tenant": 0,
      "action_override": null,
      "suppressed": false
    }
  ],
  "meta": {
    "request_id": "req_ti001",
    "timestamp": "2026-03-01T15:00:00Z",
    "next_cursor": null,
    "total": 1
  }
}

Get Indicator Details

curl https://api.mitrity.com/api/v1/threat-intel/ind_7p4q2r \
  -H "Authorization: Bearer mk_live_your-api-key"

Returns the full indicator with detection rules, description, and tenant-specific match count.

Submit Suspicious Activity

Submit a suspicious pattern to the community feed for review:

curl -X POST https://api.mitrity.com/api/v1/threat-intel/submit \
  -H "Authorization: Bearer mk_live_your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Novel base64-encoded injection in CSV data",
    "description": "Agent processing CSV uploads encountered base64-encoded instructions in cell values. The decoded content attempted to override agent instructions.",
    "type": "injection_signature",
    "severity_suggestion": "high",
    "indicator": {
      "technique": "base64_in_csv",
      "sample_pattern": "=base64decode(\"SWdub3JlIHByZXZpb3Vz...\")"
    },
    "related_event_ids": ["evt_abc123", "evt_def456"]
  }'

Response:

{
  "data": {
    "id": "sub_4k2m",
    "status": "under_review",
    "title": "Novel base64-encoded injection in CSV data",
    "submitted_at": "2026-03-01T16:00:00Z",
    "estimated_review_time": "48h"
  },
  "meta": {
    "request_id": "req_ti002",
    "timestamp": "2026-03-01T16:00:00Z"
  }
}

Submitted indicators are reviewed by the MITRITY security team. If validated, they are published to the community feed within 48 hours.

Get Threat Intelligence Summary

curl "https://api.mitrity.com/api/v1/threat-intel/summary?days=30" \
  -H "Authorization: Bearer mk_live_your-api-key"

Response:

{
  "data": {
    "total_indicators": 342,
    "new_indicators_period": 28,
    "by_type": {
      "action_pattern": 89,
      "behavioral_hash": 67,
      "injection_signature": 104,
      "tool_abuse_pattern": 58,
      "delegation_pattern": 24
    },
    "by_severity": {
      "critical": 15,
      "high": 78,
      "medium": 134,
      "low": 89,
      "info": 26
    },
    "by_source": {
      "mitrity_curated": 112,
      "platform_generated": 198,
      "community": 32
    },
    "tenant_matches": {
      "total": 14,
      "by_severity": {
        "critical": 0,
        "high": 3,
        "medium": 8,
        "low": 3
      }
    },
    "overrides_active": 2,
    "suppressions_active": 1
  },
  "meta": {
    "request_id": "req_ti003",
    "timestamp": "2026-03-01T17:00:00Z"
  }
}

Dashboard Features

Threat Feed

The threat feed at Security > Threat Intelligence shows:

• All active indicators with severity, type, and match status
• New indicators added since your last visit (highlighted)
• Indicators that have matched against your agent activity (flagged)
• Global match counts and trend data

Match Timeline

A timeline view of all indicator matches for your tenant, showing:

• When matches occurred
• Which agents were involved
• What action was taken (block, alert, log)
• Match confidence scores

Threat Landscape

An aggregate view of the current threat landscape:

• Most active indicator types
• Trending attack techniques
• Geographic distribution of threats (anonymized)
• Industry-specific threat patterns

Best Practices

Keep Threat Intelligence Enabled

Disable threat intelligence only if you have a specific reason. The feed provides significant security value with minimal operational overhead.

Use Severity-Based Actions

Configure actions by severity level. Block critical threats immediately, hold high-severity threats for review, and alert on medium-severity patterns.

Review Matches Regularly

Schedule weekly reviews of threat intelligence matches. Even matches that were logged (not blocked) may indicate probing or reconnaissance activity.

Contribute to the Community Feed

Submit novel attack patterns you discover. The community feed benefits all MITRITY customers and strengthens collective defense.

Avoid Over-Suppressing

Suppressing too many indicators reduces the effectiveness of threat intelligence. If you find yourself suppressing more than 5% of indicators, review your agent configurations — the matches may be highlighting legitimate issues.

Correlate with Other Security Signals

Threat intelligence matches are most valuable when correlated with other security signals: injection events, DLP events, and delegation anomalies. The dashboard provides cross-referencing capabilities.

Related Documentation

• Injection Detection — Prompt injection detection and response
• Delegation Chains — Agent-to-agent delegation governance
• Credential Broker — Secure credential management
• Destination Allowlists — DLP destination controls
• ML Insights — ML-driven behavioral analytics