AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention
Integrations
Palo Alto Networks FortiGate Cisco Umbrella pfSense REST API
Download Free Sample
Threat Intelligence

AI Tools Threat Intelligence Feed

Consume 16,024+ AI-tool domains as machine-readable threat intelligence via STIX/TAXII, REST API, or native TIP connectors. Every indicator ships with risk scores, category tags, and MITRE ATT&CK mappings — ready for automated SOC triage.

16,024+AI Domain IoCs
STIX 2.1Native Format
TAXII 2.1Server Endpoint
18Risk Categories
Download Sample Feed View Pricing
The Challenge

Why AI Tools Require Dedicated Threat Intelligence

Traditional threat feeds track malware C2 servers, phishing domains, and botnets. They are blind to the thousands of legitimate AI SaaS apps employees use daily to generate text, write code, create images, and analyze data.

The Classification Gap

Your SIEM sees an HTTPS connection to an unknown domain. Your SOC analyst finds a clean reputation score and valid TLS certificate — and closes the ticket. The data is already gone.

Invisible Exfiltration Surface AI tools are legitimate SaaS apps — not malicious. But pasting source code, contracts, or PII into them sends data through channels your threat stack doesn't track.
Detection Is Not the Problem — Classification Is Your TIP doesn't know a domain is an AI tool, what category it falls into, or what risk it poses to your data-protection requirements.

How Our Feed Solves This

We publish 16,024+ AI-tool domains as structured threat intelligence indicators. Each domain is enriched with the metadata your SOC needs for automated triage:

Classified into one of 18 categories (text generation, code assistants, image generation, voice synthesis, data analysis, and more)
Risk score from 1 to 100 based on data-exposure potential
Tagged with relevant MITRE ATT&CK technique mappings
Delivered as STIX 2.1 bundles, TAXII 2.1 collections, flat IoC lists, and REST API
Updated daily from our 102-million-domain scan — new AI tools classified within 24 hours of discovery

Feed Coverage at a Glance

16,024+
AI-tool domain indicators
102M
Domains scanned daily
24h
New tool classification SLA
1–100
Risk score per domain
Standards-Based Delivery

STIX 2.1 Bundles and TAXII 2.1 Server Integration

STIX and TAXII are the OASIS open standards for representing and transmitting cyber threat intelligence. Every major TIP, SIEM, and SOAR platform supports them natively.

What Each Indicator Contains

Each AI-tool domain is represented as a STIX Indicator object with linked ATT&CK mappings:

Domain Name as STIX Pattern Validity period, confidence score from our classification pipeline, and labels encoding AI-tool category and risk level.
ATT&CK Relationships Linked via STIX Relationships to Attack Pattern objects — e.g., a text-generation tool maps to T1567 (Exfiltration Over Web Service) and T1048 (Exfiltration Over Alternative Protocol).
Automatic TIP Correlation Your TIP correlates AI-tool indicators with ATT&CK-based detection rules, playbooks, and response workflows automatically.

TAXII 2.1 Collection Structure

Indicators are organized into one collection per AI-tool category (18 total) plus an "all" collection for complete coverage.

Subscribe to individual collections or the "all" collection
Pagination, date-range filtering, and differential polling supported
Request only indicators added or modified since your last poll — no duplicates
# STIX 2.1 Bundle — example AI-tool indicator
# Each domain is published as an Indicator SDO with ATT&CK relationships

{
  "type": "bundle",
  "id": "bundle--a3e2c8f1-9d4b-4e7a-b6c5-1f8d3e2a7b9c",
  "objects": [
    {
      "type": "indicator",
      "spec_version": "2.1",
      "id": "indicator--7c3a9f2e-1d5b-4e8c-a3f6-9b2d4e7c1a5f",
      "created": "2026-07-09T00:00:00.000Z",
      "modified": "2026-07-09T00:00:00.000Z",
      "name": "AI Text Generation Tool — example-ai-writer.com",
      "description": "Domain hosting an AI-powered text generation service. Category: text-language. Risk score: 78/100.",
      "pattern": "[domain-name:value = 'example-ai-writer.com']",
      "pattern_type": "stix",
      "valid_from": "2026-07-09T00:00:00Z",
      "confidence": 92,
      "labels": ["ai-tool", "text-language", "risk-high"],
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1567",
          "description": "Exfiltration Over Web Service"
        }
      ]
    },
    {
      "type": "relationship",
      "spec_version": "2.1",
      "id": "relationship--4b8e1c3a-7f2d-4a9e-b5c8-2d6f1a3e9b7c",
      "relationship_type": "indicates",
      "source_ref": "indicator--7c3a9f2e-1d5b-4e8c-a3f6-9b2d4e7c1a5f",
      "target_ref": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb"
    },
    {
      "type": "attack-pattern",
      "spec_version": "2.1",
      "id": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb",
      "name": "Exfiltration Over Web Service",
      "external_references": [
        {
          "source_name": "mitre-attack",
          "external_id": "T1567",
          "url": "https://attack.mitre.org/techniques/T1567"
        }
      ]
    }
  ]
}

Three Objects per Indicator

Your TIP receives three core STIX objects for each AI-tool domain:

1
Indicator SDO Contains the domain pattern, risk metadata, and confidence score.
2
Relationship Object Links the indicator to a MITRE ATT&CK technique.
3
Attack Pattern SDO The ATT&CK technique itself — giving analysts the specific threat behavior and detection coverage context.

TAXII 2.1 Server

Fully OASIS-compliant endpoint. Supports API root discovery, collection enumeration, object pagination, and HTTP Basic auth with your API key.

Point your TIP at the discovery URL — it auto-configures.

Collection Filtering

Cherry-pick categories relevant to your risk profile, or subscribe to all 18.

added_after filtering ensures delta-only ingestion — no redundant transfers or duplicate processing.

Platform Connectors

Native Integration with Threat Intelligence Platforms

Beyond STIX/TAXII, we publish pre-built connectors and guides for the most widely deployed TIPs. Zero-friction ingestion — configure once, and AI-tool indicators flow automatically.

PlatformIntegration MethodKey CapabilitySetup Time
MISPNative MISP feed URLAuto-correlation with existing network observables< 15 min
OpenCTIBuilt-in TAXII 2.1 connectorKnowledge graph + ATT&CK matrix view< 15 min
ThreatConnectSTIX source importLabel-to-tag mapping for playbook triggering< 15 min
Anomali ThreatStreamTAXII feed sourceAutomated indicator enrichment< 15 min
Recorded FutureREST API pullCustom intelligence card configurations< 15 min

MISP Details

Indicators publish as MISP attributes of type "domain" within tagged events. ATT&CK mapping uses the misp-galaxy ATT&CK cluster.

MISP's pull mechanism fetches new events on schedule. Correlation rules surface cases where your traffic logs already show connections to newly classified AI domains.

OpenCTI Details

Configure the built-in TAXII connector with our server URL, API root, and collection ID. OpenCTI imports STIX objects and resolves relationships automatically.

ATT&CK mappings link directly to OpenCTI's matrix view — visual map of which AI categories map to which adversary techniques.

MISP

Native feed format with galaxy cluster ATT&CK mapping. Threat levels sync from our risk scores. Correlation rules match against your existing network observables.

OpenCTI

TAXII 2.1 connector drops indicators into the knowledge graph. ATT&CK relationships render on the matrix view. Confidence scores map to OpenCTI's native scoring.

ThreatConnect

Import as a STIX source with tag-mapping rules. Labels translate to ThreatConnect tags for automated playbook triggering. Risk scores map to threat ratings.

Automation

Automated Feed Ingestion and SIEM Enrichment

Many organizations run lean — a SIEM plus Python scripts that pull indicators and push them into lookup tables. Our REST API and TAXII endpoint are built for this workflow.

What the Script Below Does

1
Poll TAXII Server Connects via taxii2-client, authenticates with your API key, requests indicators added since last poll.
2
Parse STIX Indicators Extracts domain name, risk score, AI-tool category, and ATT&CK technique IDs from each STIX object.
3
Push to Splunk KV Store Pushes enriched fields via Splunk REST API. Available as a lookup table in SPL queries. A cron job runs daily.
#!/usr/bin/env python3
# ai_feed_ingest.py — Poll TAXII feed and push AI-tool IoCs to Splunk

import json, os, re
from datetime import datetime, timezone
from taxii2client.v21 import Server, Collection
import requests

TAXII_URL    = "https://taxii.aitoolsblocklist.com/taxii2/"
API_KEY      = os.environ["AITBL_API_KEY"]
COLLECTION   = "ai-tools-all"
STATE_FILE   = "/var/lib/ai-feed/last_poll.txt"
SPLUNK_URL   = "https://splunk.corp.local:8089"
SPLUNK_TOKEN = os.environ["SPLUNK_HEC_TOKEN"]

def get_last_poll():
    if os.path.exists(STATE_FILE):
        with open(STATE_FILE) as f:
            return f.read().strip()
    return "2020-01-01T00:00:00Z"

def save_last_poll(ts):
    os.makedirs(os.path.dirname(STATE_FILE), exist_ok=True)
    with open(STATE_FILE, "w") as f:
        f.write(ts)

def extract_domain(pattern):
    m = re.search(r"domain-name:value\s*=\s*'([^']+)'", pattern)
    return m.group(1) if m else None

# Connect to TAXII server and poll for new indicators
server = Server(TAXII_URL, user="apikey", password=API_KEY)
api_root = server.api_roots[0]
collection = Collection(
    f"{api_root.url}collections/{COLLECTION}/",
    user="apikey", password=API_KEY
)

last_poll = get_last_poll()
response = collection.get_objects(added_after=last_poll)
bundle = json.loads(response.text) if hasattr(response, "text") else response

indicators = [o for o in bundle.get("objects", [])
              if o["type"] == "indicator"]

# Push each indicator to Splunk KV store
for ind in indicators:
    domain = extract_domain(ind["pattern"])
    if not domain:
        continue
    labels = ind.get("labels", [])
    category = next((l for l in labels if l != "ai-tool"
                      and not l.startswith("risk-")), "unknown")
    risk = next((l for l in labels if l.startswith("risk-")), "risk-medium")

    entry = {
        "domain": domain,
        "category": category,
        "risk_level": risk.replace("risk-", ""),
        "confidence": ind.get("confidence", 50),
        "stix_id": ind["id"],
        "valid_from": ind.get("valid_from", "")
    }
    requests.post(
        f"{SPLUNK_URL}/servicesNS/nobody/search/storage/collections/data/ai_tool_iocs",
        headers={"Authorization": f"Bearer {SPLUNK_TOKEN}"},
        json=entry, verify=False
    )

save_last_poll(datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"))
print(f"Ingested {len(indicators)} new AI-tool indicators")

Adapt for Other Platforms

The core TAXII polling logic stays identical. Only the downstream push changes:

Elastic Security Replace the Splunk KV push with an Elasticsearch bulk index operation targeting your threat-intel index.
Microsoft Sentinel Use the Microsoft Graph Security tiIndicators API to push into Sentinel's TI data connector.
Chronicle (Google SecOps) Use the Chronicle Ingestion API's UDM event format with indicator entity types.

Prefer No Code?

Our REST API returns AI-tool indicators as a flat JSON array — domain, category, risk score, and ATT&CK fields. Built for shell scripts, SOAR playbook HTTP actions, or SIEM modular inputs. Supports filtering by category, risk level, date range, and confidence threshold.

ATT&CK Framework

MITRE ATT&CK Mapping for AI-Tool Indicators

Every indicator is tagged with specific MITRE ATT&CK technique IDs — not generic, but tailored to the data-security risks of each AI-tool category.

These mappings let your SOC operationalize AI-tool intelligence within existing ATT&CK-based detection frameworks, threat-hunting hypotheses, and risk-assessment methodologies.

Category-to-Technique Mapping Logic

AI CategoryPrimary TechniqueRisk Rationale
Text generation & language toolsT1567Employees paste sensitive text into web-based AI interfaces — data exfiltrated via legitimate HTTPS
Code assistantsT1059 + T1195.002Generate/execute code in production environments; AI-generated code may introduce vulnerabilities
Data analysis toolsT1530Integrate with cloud storage APIs (S3, GCS, Azure Blob) to process uploaded files containing regulated data
Voice & audio toolsT1123Process recorded audio that may contain sensitive conversations
T1567

Exfiltration Over Web Service

Primary exfiltration vector for all AI-tool categories. Sensitive data leaves through legitimate HTTPS connections not flagged by traditional DLP rules.

T1059

Command and Scripting Interpreter

Mapped to AI code assistants. These generate executable code employees may run in production without review — risking vulnerabilities or insecure configurations.

T1530

Data from Cloud Storage

Mapped to AI data-analysis tools connecting to cloud storage buckets (S3, GCS, Azure Blob). Risk: employees granting AI tools API access to regulated data.

T1048

Exfiltration Over Alternative Protocol

Mapped to AI tools using WebSocket, gRPC, or custom protocols. These may bypass traditional proxy inspection and require protocol-aware detection rules.

Closing the Detection Loop

When a new AI-tool indicator arrives, your TIP checks whether your detection stack covers the associated ATT&CK techniques.

If coverage exists (e.g., a T1567 rule monitoring large outbound transfers), the indicator enriches that detection — the analyst now knows the flagged connection is an upload to a known AI text-generation service. If coverage is missing, the indicator becomes a gap analysis data point and a reason to build that detection rule.

Enrichment

Risk Scoring and Indicator Enrichment

Raw domain indicators are useful for blocking. Threat intelligence requires context. Every AI-tool indicator ships with rich metadata for automated triage.

Enrichment Fields per Indicator

Risk score (1–100) based on data-exposure potential
Confidence score (classifier certainty)
Category classification (18 categories)
First-seen and last-seen dates
Hosting metadata (ASN, provider, TLS cert details)
MITRE ATT&CK technique mappings
12+ metadata fields per IoC total

Risk Score ≠ Reputation Score

We are not saying these domains are "malicious." The risk score reflects potential for data exposure based on the tool's functionality.

Higher Risk Processes uploaded files, stores conversation history, trains on user inputs, no published privacy policy.
Lower Risk Runs locally in browser, enterprise plan with SOC 2 compliance, data retention controls, no training on user data.

Confidence Score

Separate from risk. Confidence reflects classifier certainty that a domain is genuinely an AI tool.

ScoreMeaning
99Well-known AI tool — virtually certain
75AI-related signals detected — not yet manually verified
< 70Excluded from feed until verification raises confidence
70–84Published with "needs-verification" label

Risk Score Factors

Data Ingestion Method Text input, file upload, API integration, or screen capture.
Data Retention Policy Published policy reviewed and scored (if available).
Security Certifications SOC 2, enterprise plans, compliance posture.
Jurisdiction Data residency implications assessed.
Training on User Data Whether the tool explicitly states it trains on inputs.

Enrichment Fields per Indicator

12+
Metadata fields per IoC
1–100
Granular risk score
70+
Min confidence threshold
ASN
Hosting infrastructure data
Vendor Partnerships

Embedding AI-Tool Intelligence in Your Security Product

Building a CASB, SWG, DLP, SIEM, or SOAR product? Our feed provides a turnkey AI-tool classification layer you can embed directly — no need to build your own scanning and classification engine.

OEM Licensing Includes

Dedicated TAXII Endpoint Higher rate limits and SLA guarantees for vendor-scale ingestion.
White-Label STIX Bundles Your vendor identity as the producer. Customers see your product as the intelligence source.
Custom Category Taxonomies Map our 18 categories to your product's URL category schema.
Real-Time Webhooks HTTP POST notifications within minutes of a new high-risk AI tool being classified. Alert customers in near-real-time.
Dedicated Integration Engineering Our team works with your developers to optimize the data pipeline.

The Business Case

Enterprise customers are asking every security vendor for AI-tool visibility. If your product can't identify AI domains, customers will supplement — or replace — it.

Licensing our feed adds AI-tool classification in weeks, not months. You leverage a database tracking 16,024+ domains from a 102M-domain scan corpus no individual vendor is likely to replicate.

White-Label Feeds

OEM feeds published under your vendor identity. STIX producer fields, collection names, and indicator descriptions carry your branding. Our infrastructure is invisible to your customers.

Real-Time Webhooks

HTTP POST notifications within minutes of classification. Full STIX indicator object in the payload — push alerts to customers without waiting for the next TAXII poll.

SOC Operations

SOC Workflow: From Indicator Ingestion to Incident Response

Ingesting indicators is step one. The real value comes from operationalizing them across the detection-response lifecycle.

1
Detection Create SIEM correlation searches matching network traffic (proxy, DNS, firewall logs) against the AI-tool indicator lookup table.
Alerts enriched with category, risk score, and ATT&CK mapping before reaching the analyst
Risk score above 80 → high-severity alert; medium-risk → informational for trend analysis
2
Triage The analyst receives a context-rich alert — not a raw domain requiring manual research:
"User jsmith connected to example-ai-writer.com — AI text generation tool — risk score 78 — T1567 (Exfiltration Over Web Service)"

What was a ten-minute investigation becomes a thirty-second triage decision.

3
Response Based on alert context, the analyst can take graduated action:
Escalate to the user's manager
Create a DLP ticket to investigate what data was uploaded
Trigger a SOAR playbook: auto-block the domain, send Slack notification, open Jira ticket
For repeat offenders: auto-apply stricter web-filtering policies to that user's traffic
4
Reporting Aggregate AI-tool alert data into weekly and monthly reports for CISO-level visibility. Our category taxonomy enables granular questions:
How many employees use AI code assistants vs. AI image generators?
Which departments generate the most AI-tool alerts?
Are AI-tool usage attempts trending up or down after policy changes?
Should specific tools be approved for specific teams, or should you invest in an enterprise AI platform?

Ready to Add AI-Tool Intelligence to Your Security Stack?

Download a sample STIX bundle to test in your TIP today. Or tell us your platform and integration requirements — we will configure a custom feed within 24 hours.

Download Sample Feed View Plans

Request Your Threat Intelligence Feed

Tell us your TIP platform, preferred feed format, and integration requirements. We will configure a custom STIX/TAXII feed within 24 hours.