Monitoring · 24/7 Breach Intelligence

No trigger needed. ID-Bot finds its own.

ID-Bot continuously monitors breach databases and dark web feeds. The moment your credentials surface anywhere on the internet, it acts — before you even know it happened.

Request Access → See it in action
What happens when a breach is detected
🔍
Breach detected
HIBP · DeHashed · dark web
🧠
Claude evaluates
credentials exposed?
🌐
Agent executes
real browser · real site
🔐
Credentials rotated
saved to vault
🔔
You're notified
Slack · email · webhook
ID-Bot — autonomous breach response · live session
// No trigger configured. ID-Bot found this on its own.
▶ intel:hibp polling breachedaccount/you@email.com · interval=1h
▶ intel:dehashed scanning credential databases · 3 sources active
▶ intel:web_feed monitoring darkweb-intel.example.com · headless browser
⚠ breach:detected source=hibp · name="LinkedIn 2024" · DataClasses=["Passwords","Emails"]
Account: you@email.com · Breach date: 2024-11-14 · confidence=0.97
▶ decision:match passwords exposed — rotating credentials · agent=Breach Guardian
▶ browser:navigate https://linkedin.com/login
▶ browser:click "Forgot password"
▶ browser:type email=you@email.com
▶ browser:click "Send reset link"
▶ email:search "LinkedIn password reset" · max_age=5min
Found → OTP: 847291
▶ browser:paste_code selector=#otpInput · code=847291
▶ browser:type new_password=[[NEW_PASSWORD]]
▶ vault:save site=linkedin.com · encrypted ✓
✓ agent:done outcome=success · elapsed=47s
✓ notify:slack "#security-alerts — LinkedIn password rotated. Breach response complete."
Breach Intelligence

It already knows where to look

ID-Bot monitors the sources that matter — breach databases, leaked credential indexes, and dark web feeds — continuously, without any configuration from you.

🔍

HaveIBeenPwned

Monitors your accounts against the HIBP v3 API. Checks both personal account breaches and the latest public breach disclosures.

Hourly poll
🕳️

DeHashed

Scans leaked credential databases for your email addresses, usernames, or domains. Catches breaches not yet in public indexes.

Hourly poll
🌐

Dark Web Feeds

Claude reads any dark web intelligence feed or breach disclosure page via headless browser. No scraping scripts needed.

Configurable
📡

Breach RSS / Blogs

Monitor security disclosure blogs, threat intel feeds, or vendor breach notification pages. Claude decides what's actionable.

Configurable
🪝

Webhook Push

Plug in any external breach notification service via HMAC-verified webhook. ID-Bot responds in seconds, not hours.

Push
📧

Breach Alert Emails

Still want to catch vendor emails? ID-Bot monitors your inbox too — Claude evaluates every message against your trigger rule.

IMAP poll
Use Cases

Acts before you even notice

ID-Bot's breach intelligence can drive any autonomous response workflow in a real browser.

Security teams

Credential rotation at scale

Monitor all company accounts across every breach database. Rotate en masse the moment exposure is detected.

Personal security

Always-on account guardian

Set it once. ID-Bot watches every breach database and rotates passwords on affected sites automatically.

Enterprise

Domain-wide breach monitoring

Watch for any new public breach that mentions your domain. Trigger response workflows before employees are notified.

Fintech / Healthcare

Compliance-driven response

Automate the breach response playbook: detect → rotate → log → notify compliance team — all within minutes.

MSPs

Client protection at scale

One ID-Bot deployment monitors dozens of client accounts and domains. Separate vaults and notifications per client.

Any workflow

Beyond credential rotation

ID-Bot's trigger layer is general. Add any browser-based response: file a report, provision a service, notify a team.

Deployment

Three ways to run it

Pick the model that fits your clients — same platform, different footprint.

Cloud SaaS
You host everything. Clients connect via OAuth in minutes.
  • Zero client infrastructure
  • Headless browser on your servers
  • Server-side encrypted vault
  • Multi-tenant, isolated per client
  • Dashboard + SSE live streaming
Hybrid
Cloud intelligence + local execution. Data never leaves the client's machine.
  • Your backend does the reasoning
  • Chrome extension runs on client's machine
  • Local encrypted vault (IndexedDB)
  • Visible browser — client watches it work
  • Best for security-conscious clients
Self-Hosted
Client runs the full stack on their own infrastructure.
  • Docker Compose — one command to start
  • Client brings their own Anthropic key
  • Full data isolation
  • Air-gap compatible
  • Bring your own breach intel API keys
Configuration

One config. ID-Bot handles the rest.

Point ID-Bot at your accounts and domains. It finds the breaches, evaluates the risk, and acts — no triggers to define. 

{
  "name": "Breach Guardian",

  // ID-Bot monitors breach databases autonomously — no trigger to define
  "triggers": [
    {
      "type": "breach_intel",
      "monitored_accounts": ["you@email.com", "work@company.com"],
      "monitored_domains": ["company.com"],
      "monitor_latest_breaches": true,
      "only_new_breaches": true,
      "match_rule": "rotate credentials if passwords or auth tokens were exposed",
      "poll_interval_seconds": 3600
    }
  ],

  // What to do when a breach is found
  "action": {
    "goal": "Rotate the password on the affected site and save to vault"
  },

  // How to run it
  "runtime_mode": "hybrid",
  "browser_mode": "visible",

  // Where to send the report
  "notifications": [
    { "channel": "slack", "destination": "#security-alerts" }
  ]
}
Early Access

Your credentials are being monitored.
Is ID-Bot watching?

ID-Bot is in early access. Request access to get set up with the right deployment tier for your use case.

Request Access →