This specification defines the threat intelligence subsystem: feed ingestion, signed update distribution, cloud enrichment statelessness guarantees, and attack surface analysis.
Audience: Backend/security engineers, threat intelligence analysts.
This page primarily describes the intended threat-intelligence architecture. The current workspace code does not yet confirm the full signed-update pipeline, enrichment response model, feed SLAs, or infrastructure guarantees documented below.
In-Scope Out-of-Scope Threat intelligence feed types and ingestion Specific feed vendor names or contracts Signed update distribution and rollback protection ML model training pipeline details Cloud enrichment request/response model Detection algorithm internals Poisoning and feed compromise mitigations Event persistence and delivery
Feed Content Update Frequency Delivery Phone number reputation Known fraud/scam numbers, campaign attribution Continuous Cloud Enrichment API lookup Domain/URL reputation Known phishing, malware, C2 domains Continuous Cloud Enrichment API lookup App signature database Known malware signatures, suspicious app hashes Continuous Cloud Enrichment API lookup Threat signature packages Heuristic rules, IOC patterns Periodic Signed OTA packages to device ML model updates Updated model weights Periodic Signed OTA packages to device
Documented product target: mixed internal/commercial/open-source feeds with frequent reputation refresh and signed package updates. Not confirmed by the current workspace code.
Property Value Status Signing algorithm Ed25519 Target only Signature verification On-device, before loading Target only Rollback protection Agent rejects packages with version ≤ current Target only Transport TLS 1.3 + certificate pinning Target only Package contents Model weights + heuristic rules (no user data) Target only Package size < 50 MB (model constraint) Documented Integrity check SHA-256 checksum embedded in signed manifest Target only
Scenario Behavior New model performs worse (detected by validation) Automatic rollback to previous version. Validation set regression detected within 24h triggers rollback pipeline. Signing key compromised Emergency key rotation. Dual-signing during transition period (old + new key). Agents accept packages signed by either key for 30-day grace period. Package corrupted during download Re-download from CDN. Agent continues with previous version. Model file corrupted on disk Agent falls back to rule-based detection only. Triggers re-download.
Property Value Status Input types SHA-256 hashes, anonymized feature vectors Target only No device ID Requests not linkable to device Target only No user ID Requests not linkable to user Target only No session Each request independent Target only No IP logging Load balancer retains client IP for 7 days (security monitoring). No long-term IP storage. Target only Response Risk assessment, campaign attribution, IOCs Target only
"hash" : " sha256:a1b2c3d4... " ,
"category" : " phone_scam " ,
"campaign_id" : " camp_eu_2026_03 " ,
"first_seen" : " 2026-03-01T00:00:00Z " ,
Documented product target: enrichment response schema as shown above. The current workspace does not yet expose this as a stable runtime contract.
Attack Description Impact Mitigation False positive injection Attacker reports legitimate numbers/domains as malicious Legitimate services blocked Multi-source validation. Minimum report threshold. Manual review for high-impact entries. False negative suppression Attacker floods reports for known-malicious entities as legitimate Malicious entities escape detection Reports weighted by source reputation. Verified feeds take precedence. Feed compromise External feed source compromised Corrupted threat intelligence Multiple independent feed sources. Cross-validation. Anomaly detection on feed updates.
Attack Description Impact Mitigation Training data manipulation Adversarial examples in training data Model learns incorrect classifications Input validation pipeline, adversarial training with known attack patterns, anomaly detection on training data distribution shifts. Model extraction Reverse-engineering model via API queries Model capabilities exposed Rate limiting on enrichment API. No model internals exposed. Model substitution Replace signed model package on device Arbitrary detection behavior Cryptographic signing + verification. Rollback protection.
Attack Description Impact Mitigation MITM on update Intercept and modify update package Malicious model deployed TLS 1.3 + certificate pinning. Package signature verification. Replay attack Re-deliver old (vulnerable) model Agent downgrades to weaker detection Rollback protection: agent rejects version ≤ current. CDN compromise Distribution infrastructure compromised Malicious packages served Package signing independent of CDN. Verification on device.
Metric Target Status Phone number reputation freshness < 1 hour Target only Domain reputation freshness < 1 hour Target only Model update latency < 24 hours (scheduled), < 4 hours (critical) Target only Threat signature update frequency Daily (scheduled), on-demand (critical) Target only Cloud enrichment availability 99.9% Target only Cloud enrichment latency (P95) < 200 ms Target only
Failure Impact Mitigation All feeds unavailable No new threat intelligence Device continues with cached data. Last-known-good signatures. Cloud Enrichment API down No reputation lookups Local detection continues. Ambiguous signals default to Warn. Signing key rotation Devices temporarily reject new packages Graceful key rotation: dual-sign during transition period. Feed data quality degradation Increased false positives/negatives Anomaly detection on feed updates. Automatic rollback on quality metrics.
