Active attack intelligence
BlackDome operates a global honeypot sensor network, capturing real-time attack intelligence across 13 exposed protocols - SSH, HTTP, DNS, and more. We analyse threats using local LLMs, automatically report malicious infrastructure to hosting providers, and package the intelligence for security teams worldwide.
Global sensor mesh
BlackDome runs honeypot sensors across a global edge network, capturing real-time attack intelligence across 13 exposed protocols - SSH, HTTP, DNS, and more.
Local-LLM analysis
Captured sessions, payloads, and suspicious emails are analyzed with local LLMs, detonation workflows, and extraction pipelines built to turn attacker behavior into usable security signal.
Provider escalation
BlackDome automatically reports malicious infrastructure to hosting providers and abuse desks, packaging the evidence security teams need for takedown and escalation.
Mission
Built for security teams that need current, defensible signal
BlackDome is focused on the gap between raw attack traffic and usable operational intelligence. We capture real attacker behavior, enrich it quickly, and deliver it in formats security teams can action.
Founded in Australia, BlackDome keeps a strong APAC lens on the threat landscape while operating a wider global collection footprint. That gives customers better visibility into campaigns that often appear in the region before they are broadly documented elsewhere.
The result is a tighter loop from attacker contact to IOC extraction, provider reporting, and customer delivery through feeds, datasets, and API-driven workflows.