Consume 16,024+ AI-tool domains as machine-readable threat intelligence via STIX/TAXII, REST API, or native TIP connectors. Every indicator ships with risk scores, category tags, and MITRE ATT&CK mappings — ready for automated SOC triage.
Traditional threat feeds track malware C2 servers, phishing domains, and botnets. They are blind to the thousands of legitimate AI SaaS apps employees use daily to generate text, write code, create images, and analyze data.
Your SIEM sees an HTTPS connection to an unknown domain. Your SOC analyst finds a clean reputation score and valid TLS certificate — and closes the ticket. The data is already gone.
We publish 16,024+ AI-tool domains as structured threat intelligence indicators. Each domain is enriched with the metadata your SOC needs for automated triage:
STIX and TAXII are the OASIS open standards for representing and transmitting cyber threat intelligence. Every major TIP, SIEM, and SOAR platform supports them natively.
Each AI-tool domain is represented as a STIX Indicator object with linked ATT&CK mappings:
Indicators are organized into one collection per AI-tool category (18 total) plus an "all" collection for complete coverage.
# STIX 2.1 Bundle — example AI-tool indicator # Each domain is published as an Indicator SDO with ATT&CK relationships { "type": "bundle", "id": "bundle--a3e2c8f1-9d4b-4e7a-b6c5-1f8d3e2a7b9c", "objects": [ { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c3a9f2e-1d5b-4e8c-a3f6-9b2d4e7c1a5f", "created": "2026-07-09T00:00:00.000Z", "modified": "2026-07-09T00:00:00.000Z", "name": "AI Text Generation Tool — example-ai-writer.com", "description": "Domain hosting an AI-powered text generation service. Category: text-language. Risk score: 78/100.", "pattern": "[domain-name:value = 'example-ai-writer.com']", "pattern_type": "stix", "valid_from": "2026-07-09T00:00:00Z", "confidence": 92, "labels": ["ai-tool", "text-language", "risk-high"], "external_references": [ { "source_name": "mitre-attack", "external_id": "T1567", "description": "Exfiltration Over Web Service" } ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b8e1c3a-7f2d-4a9e-b5c8-2d6f1a3e9b7c", "relationship_type": "indicates", "source_ref": "indicator--7c3a9f2e-1d5b-4e8c-a3f6-9b2d4e7c1a5f", "target_ref": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb" }, { "type": "attack-pattern", "spec_version": "2.1", "id": "attack-pattern--d4dc46e3-5ba5-45b9-8204-010867cacfcb", "name": "Exfiltration Over Web Service", "external_references": [ { "source_name": "mitre-attack", "external_id": "T1567", "url": "https://attack.mitre.org/techniques/T1567" } ] } ] }
Your TIP receives three core STIX objects for each AI-tool domain:
Fully OASIS-compliant endpoint. Supports API root discovery, collection enumeration, object pagination, and HTTP Basic auth with your API key.
Point your TIP at the discovery URL — it auto-configures.
Cherry-pick categories relevant to your risk profile, or subscribe to all 18.
added_after filtering ensures delta-only ingestion — no redundant transfers or duplicate processing.
Beyond STIX/TAXII, we publish pre-built connectors and guides for the most widely deployed TIPs. Zero-friction ingestion — configure once, and AI-tool indicators flow automatically.
| Platform | Integration Method | Key Capability | Setup Time |
|---|---|---|---|
| MISP | Native MISP feed URL | Auto-correlation with existing network observables | < 15 min |
| OpenCTI | Built-in TAXII 2.1 connector | Knowledge graph + ATT&CK matrix view | < 15 min |
| ThreatConnect | STIX source import | Label-to-tag mapping for playbook triggering | < 15 min |
| Anomali ThreatStream | TAXII feed source | Automated indicator enrichment | < 15 min |
| Recorded Future | REST API pull | Custom intelligence card configurations | < 15 min |
Indicators publish as MISP attributes of type "domain" within tagged events. ATT&CK mapping uses the misp-galaxy ATT&CK cluster.
MISP's pull mechanism fetches new events on schedule. Correlation rules surface cases where your traffic logs already show connections to newly classified AI domains.
Configure the built-in TAXII connector with our server URL, API root, and collection ID. OpenCTI imports STIX objects and resolves relationships automatically.
ATT&CK mappings link directly to OpenCTI's matrix view — visual map of which AI categories map to which adversary techniques.
Native feed format with galaxy cluster ATT&CK mapping. Threat levels sync from our risk scores. Correlation rules match against your existing network observables.
TAXII 2.1 connector drops indicators into the knowledge graph. ATT&CK relationships render on the matrix view. Confidence scores map to OpenCTI's native scoring.
Import as a STIX source with tag-mapping rules. Labels translate to ThreatConnect tags for automated playbook triggering. Risk scores map to threat ratings.
Many organizations run lean — a SIEM plus Python scripts that pull indicators and push them into lookup tables. Our REST API and TAXII endpoint are built for this workflow.
taxii2-client, authenticates with your API key, requests indicators added since last poll.
#!/usr/bin/env python3 # ai_feed_ingest.py — Poll TAXII feed and push AI-tool IoCs to Splunk import json, os, re from datetime import datetime, timezone from taxii2client.v21 import Server, Collection import requests TAXII_URL = "https://taxii.aitoolsblocklist.com/taxii2/" API_KEY = os.environ["AITBL_API_KEY"] COLLECTION = "ai-tools-all" STATE_FILE = "/var/lib/ai-feed/last_poll.txt" SPLUNK_URL = "https://splunk.corp.local:8089" SPLUNK_TOKEN = os.environ["SPLUNK_HEC_TOKEN"] def get_last_poll(): if os.path.exists(STATE_FILE): with open(STATE_FILE) as f: return f.read().strip() return "2020-01-01T00:00:00Z" def save_last_poll(ts): os.makedirs(os.path.dirname(STATE_FILE), exist_ok=True) with open(STATE_FILE, "w") as f: f.write(ts) def extract_domain(pattern): m = re.search(r"domain-name:value\s*=\s*'([^']+)'", pattern) return m.group(1) if m else None # Connect to TAXII server and poll for new indicators server = Server(TAXII_URL, user="apikey", password=API_KEY) api_root = server.api_roots[0] collection = Collection( f"{api_root.url}collections/{COLLECTION}/", user="apikey", password=API_KEY ) last_poll = get_last_poll() response = collection.get_objects(added_after=last_poll) bundle = json.loads(response.text) if hasattr(response, "text") else response indicators = [o for o in bundle.get("objects", []) if o["type"] == "indicator"] # Push each indicator to Splunk KV store for ind in indicators: domain = extract_domain(ind["pattern"]) if not domain: continue labels = ind.get("labels", []) category = next((l for l in labels if l != "ai-tool" and not l.startswith("risk-")), "unknown") risk = next((l for l in labels if l.startswith("risk-")), "risk-medium") entry = { "domain": domain, "category": category, "risk_level": risk.replace("risk-", ""), "confidence": ind.get("confidence", 50), "stix_id": ind["id"], "valid_from": ind.get("valid_from", "") } requests.post( f"{SPLUNK_URL}/servicesNS/nobody/search/storage/collections/data/ai_tool_iocs", headers={"Authorization": f"Bearer {SPLUNK_TOKEN}"}, json=entry, verify=False ) save_last_poll(datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")) print(f"Ingested {len(indicators)} new AI-tool indicators")
The core TAXII polling logic stays identical. Only the downstream push changes:
Our REST API returns AI-tool indicators as a flat JSON array — domain, category, risk score, and ATT&CK fields. Built for shell scripts, SOAR playbook HTTP actions, or SIEM modular inputs. Supports filtering by category, risk level, date range, and confidence threshold.
Every indicator is tagged with specific MITRE ATT&CK technique IDs — not generic, but tailored to the data-security risks of each AI-tool category.
These mappings let your SOC operationalize AI-tool intelligence within existing ATT&CK-based detection frameworks, threat-hunting hypotheses, and risk-assessment methodologies.
| AI Category | Primary Technique | Risk Rationale |
|---|---|---|
| Text generation & language tools | T1567 | Employees paste sensitive text into web-based AI interfaces — data exfiltrated via legitimate HTTPS |
| Code assistants | T1059 + T1195.002 | Generate/execute code in production environments; AI-generated code may introduce vulnerabilities |
| Data analysis tools | T1530 | Integrate with cloud storage APIs (S3, GCS, Azure Blob) to process uploaded files containing regulated data |
| Voice & audio tools | T1123 | Process recorded audio that may contain sensitive conversations |
Primary exfiltration vector for all AI-tool categories. Sensitive data leaves through legitimate HTTPS connections not flagged by traditional DLP rules.
Mapped to AI code assistants. These generate executable code employees may run in production without review — risking vulnerabilities or insecure configurations.
Mapped to AI data-analysis tools connecting to cloud storage buckets (S3, GCS, Azure Blob). Risk: employees granting AI tools API access to regulated data.
Mapped to AI tools using WebSocket, gRPC, or custom protocols. These may bypass traditional proxy inspection and require protocol-aware detection rules.
When a new AI-tool indicator arrives, your TIP checks whether your detection stack covers the associated ATT&CK techniques.
If coverage exists (e.g., a T1567 rule monitoring large outbound transfers), the indicator enriches that detection — the analyst now knows the flagged connection is an upload to a known AI text-generation service. If coverage is missing, the indicator becomes a gap analysis data point and a reason to build that detection rule.
Raw domain indicators are useful for blocking. Threat intelligence requires context. Every AI-tool indicator ships with rich metadata for automated triage.
We are not saying these domains are "malicious." The risk score reflects potential for data exposure based on the tool's functionality.
Separate from risk. Confidence reflects classifier certainty that a domain is genuinely an AI tool.
| Score | Meaning |
|---|---|
| 99 | Well-known AI tool — virtually certain |
| 75 | AI-related signals detected — not yet manually verified |
| < 70 | Excluded from feed until verification raises confidence |
| 70–84 | Published with "needs-verification" label |
Building a CASB, SWG, DLP, SIEM, or SOAR product? Our feed provides a turnkey AI-tool classification layer you can embed directly — no need to build your own scanning and classification engine.
Enterprise customers are asking every security vendor for AI-tool visibility. If your product can't identify AI domains, customers will supplement — or replace — it.
Licensing our feed adds AI-tool classification in weeks, not months. You leverage a database tracking 16,024+ domains from a 102M-domain scan corpus no individual vendor is likely to replicate.
OEM feeds published under your vendor identity. STIX producer fields, collection names, and indicator descriptions carry your branding. Our infrastructure is invisible to your customers.
HTTP POST notifications within minutes of classification. Full STIX indicator object in the payload — push alerts to customers without waiting for the next TAXII poll.
Ingesting indicators is step one. The real value comes from operationalizing them across the detection-response lifecycle.
What was a ten-minute investigation becomes a thirty-second triage decision.
Download a sample STIX bundle to test in your TIP today. Or tell us your platform and integration requirements — we will configure a custom feed within 24 hours.
Tell us your TIP platform, preferred feed format, and integration requirements. We will configure a custom STIX/TAXII feed within 24 hours.