Agent Journeys

When the same agent visits multiple sites in our network, we can build a journey graph. Does an agent compromised on one site become more aggressive on the next? Does sector context affect compliance?

Questions We're Answering

Trust Escalation

Does an agent that exfiltrates on site A become more aggressive on site B?

Sector Sensitivity

Same agent, same framework — does it behave differently on a medical site vs a dev tool?

Learning Curve

After triggering a canary, does the agent become more cautious on subsequent sites?

Campaign Detection

Is the same agent systematically crawling professional resource sites?

Observed Journeys

Cross-site journey data is being collected.

Journeys require agents to be observed on 2+ honeypot sites. The network is actively collecting data — check back as the dataset grows.

Privacy

All journeys are anonymized. Fingerprint hashes are one-way derivatives of agent characteristics — they cannot be reversed to identify the agent operator. Steps show sector verticals (e.g., “healthcare”), never individual domain names.