COBALT.

Coverage

Categorical only. Specific sources, suppliers, and collection methods are confidential — what we share with engaging parties is the analytical chain of reasoning, not the supplier chain. Specific coverage scope is detailed under NDA at the start of an engagement.

• Primary-source dark-web collection — continuous indexing across the surfaces that matter for executive and enterprise exposure. 1M+ primary sources across the standing corpus.
• Credential exposure — direct evidence of identifiers tied to a protected subject across breach corpora and credential markets.
• Threat-actor identification — actor-attribution work on the parties who could plausibly target a subject, drawn from open and primary-source intelligence.
• Broker registries and public records — identity-resolved across surface internet sources, property and court records, and adjacent data exhaust.
• The 24 Priority Intel Requirements — our standing framework for the questions a determined adversary would ask about a subject. Every COBALT engagement answers all 24 against the subject's footprint.

Three workstreams, one collection backbone

Digital footprinting

What's actually findable about a defined subject — a person, an organization, an asset, an account — using only open and gray-market sources. Identity-resolved across the full breadth of the COBALT collection. The deliverable is a written report describing what a determined adversary would learn about the subject and how. Not a data dump — a narrative analysis with the connections drawn.

Risk analysis

The same collection, scored. Exposures classified by the harm they enable (impersonation, social engineering, physical risk, financial fraud, reputational damage, regulatory exposure), prioritized by severity and likelihood, and traced to the source channel that surfaced them. The deliverable is a written risk register a defender can act against — not a raw list, but a ranked file of what to fix first.

Protective intelligence

Ongoing, time-anchored intelligence on a protected subject — principal, family, organization, asset, campaign — that warns of emerging threats, identifies surveillance behavior, and triages risk signals as they appear. Continuous monitoring with periodic analyst briefs at a cadence agreed in the engagement. Where the footprinting report tells you what's findable today, protective intelligence tells you what changed this week and what to do about it.

What COBALT is not

COBALT is exclusively defensive. We accept engagements only where the subject is the engaging party, an authorized agent of the engaging party, or a target of authorized due diligence (M&A, executive protection, organizational risk, legal/compliance investigation). We do not surveil third parties, run hostile reconnaissance for sale, or assist stalking, harassment, or unauthorized access. The collection is exhaustive; the use is constrained by the engagement letter.

Step down to Gingerbread Privacy

Many COBALT engagements begin with a Gingerbread Privacy Free Snapshot ($0) or Snapshot ($295) to surface the obvious. Individuals who only need the retail-tier coverage stay at Gingerbread. Engagements requiring continuous enterprise-grade depth step up to COBALT. The progression is by design — same intelligence discipline, two tiers of depth.