← Back to Agent Chain
🕵️ AC-4 · Threat Intel
Crowdsourced AI threat database — VirusTotal for AI agents — STIX 2.1 format
Overview
Threat Intel is the VirusTotal for AI agents. It maintains a crowdsourced database of known malicious agents, attack patterns, and compromise indicators in STIX 2.1 format. Feeds are enriched automatically from AC-7 Shadow Network honeypot captures.
Threat Categories
| Category | Description | Indicators |
|---|---|---|
| Impersonation | Agents pretending to be something they're not | Spoofed DIDs, cloned behavior |
| Injection | Agents distributing prompt injection payloads | Known injection patterns |
| Supply Chain | Compromised agent packages or dependencies | Package hashes, version conflicts |
| Data Harvest | Agents designed to exfiltrate data | Exfil patterns, beacon domains |
API Endpoints
Free
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET | /v1/intel/summary | Threat intel summary | 🔓 Free |
| GET | /v1/intel/check/:did | Check DID against threats | 🔓 Free |
Billable
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| POST | /v1/intel/indicators | Submit a threat indicator | 🔑 |
| GET | /v1/intel/indicators | Search threat indicators | 🔑 |
| GET | /v1/intel/indicators/:id | Get indicator details | 🔑 |
| POST | /v1/intel/reports | Submit a threat report | 🔑 |
| GET | /v1/intel/reports | Search threat reports | 🔑 |
| GET | /v1/intel/reports/:id | Get report details | 🔑 |
Quick Start
// Check if a DID is flagged (free)
curl https://api.agent-chain.io/v1/intel/check/did:agent:ac:suspicious123
// Submit a threat indicator
curl -X POST https://api.agent-chain.io/v1/intel/indicators \
-H "Authorization: Bearer ac_live_xxx" \
-d '{
"type": "injection",
"target_did": "did:agent:ac:bad456",
"evidence": "Distributed prompt injection payload via A2A protocol",
"severity": "high"
}'