Meet JINX & BUGSY:
Your Autonomous SOC Team.
Two AI agents working in tandem. JINX handles autonomous triage and cross-source correlation around the clock. BUGSY lets you investigate in plain English and get instant incident context. Together, they cut 90% of alert noise so your team focuses on what matters.
Two Agents. One Mission.
JINX and BUGSY don't replace your team - they amplify it. JINX handles the volume. BUGSY handles the depth. Your analysts handle the decisions.
JINX
Autonomous SOC AnalystRuns every 15 minutes. Ingests, classifies, and either resolves or escalates. Your team wakes up to a clean queue with only incidents that need human judgment.
See How JINX Works ↓BUGSY
Interactive Threat AnalystAsk anything in plain English. BUGSY queries across all platform data in a single request and returns structured, actionable answers with MITRE ATT&CK mapping.
See How BUGSY Works ↓JINX: Your Autonomous Tier 1 Analyst
JINX runs around the clock to cut alert fatigue. It scans, deduplicates, correlates, and prioritizes threats across every intelligence source - delivering only incidents that need your attention.
Ingest
Every 15 minutes, data arrives from dark web forums, ransomware leak sites, stealer log dumps, Telegram channels, CVE databases, and vendor risk signals.
AI Dedup
Semantic duplicate detection eliminates redundant alerts across sources. One event, one incident - not 15 duplicates from different feeds.
Correlate
Cross-source grouping links related signals. A ransomware posting + credential leak + dark web mention about the same vendor = one correlated incident, not three separate alerts.
Enrich
Each incident is enriched with attack surface data, CVE context, supply chain records, and threat actor history. Full context is attached before it reaches you.
Classify
0-100 risk scoring that goes beyond CVSS. Factors in exploitability, active threat actor interest, and relevance to your organization. Thresholds are configurable per account.
Verdict
AI verdict with three sections: What happened. Why it matters. What to do. Incidents are auto-resolved, escalated, or flagged for review based on your configured autonomy level.
LockBit 4.0 posted [COMPANY] on their Tor leak site with a 72 h countdown.
Active countdown. Credential correlation suggests the breach is real.
Immediate IR activation. Revoke all VPN credentials. Notify legal.
JINX Learns From Your Team
When your analyst overrides a classification, JINX creates a learned rule. Over time, these rules build a custom model specific to your organization. Rules expire automatically when they stop being relevant, keeping the system lean.
BUGSY: Investigate at the
Speed of Thought
Once JINX flags a threat, BUGSY becomes your investigation partner. Ask questions in plain English across 10+ data sources and get structured answers in seconds.
- ✓ Natural language queries across 10+ data sources simultaneously
- ✓ AI-generated CTI reports with MITRE ATT&CK mapping
- ✓ Multi-conversation memory with PDF export
- ✓ Specialized cyber threat analysis capabilities
- ✓ Continuous learning from team feedback
- ✓ Cross-reference stealer logs, CVEs, supply chain, and dark web in a single query
What a Critical Alert Looks Like in PurpleOps
Ransomware listing + correlated credential exposure
LockBit 4.0 posted [YOUR VENDOR] on their Tor leak site with a 72-hour countdown. Correlated evidence: an initial access broker sold VPN credentials for this company on a dark web forum two weeks earlier.
Active countdown timer. The credential sale from two weeks ago suggests the breach was planned. This vendor processes your financial transactions.
Activate incident response immediately. Revoke all VPN credentials shared with this vendor. Contact legal. Request vendor's IR status report.
This is cross-source correlation in action. JINX connected five data points into one incident - no manual analysis, no spreadsheet pivoting. The alert hit Slack shortly after the leak site posting.
Configurable Autonomy Levels
JINX adapts to your team's comfort level. Start with full human oversight and gradually increase automation as trust builds.
Manual Mode
JINX analyzes and scores everything, but all actions require human approval. Best for onboarding and building trust.
Assisted Mode
JINX auto-resolves low-risk incidents and escalates medium/high. Your team reviews escalations and overrides when needed.
Autonomous Mode
JINX handles the full pipeline autonomously. Only critical incidents that require human judgment reach your team. Maximum noise reduction.
Frequently Asked Questions
Do JINX and BUGSY replace my SOC team?
No. They augment your team, not replace it. JINX handles Tier 1 triage - the repetitive, high-volume work that causes alert fatigue. BUGSY gives your analysts instant access to correlated intelligence for faster investigations. Your team stays in control of all critical decisions.
How does JINX prioritize threats?
A 0-100 risk score that goes beyond CVSS. It factors in exploitability, active threat actor interest, relevance to your vendors and industry, credential exposure, and dark web activity. The result is a severity score that reflects actual risk to your organization.
What can I ask BUGSY?
Anything about your threat landscape. BUGSY queries 10+ data sources at once. Try: "Which ransomware groups targeted financial companies this month?", "Are any vendor credentials in recent stealer dumps?", or "Generate a CTI report on LockBit with MITRE ATT&CK mapping." Answers come back structured with source attribution.
How quickly does JINX process new intelligence?
JINX runs every 15 minutes, processing new signals across all sources: dark web posts, ransomware victim listings, credential dumps, CVE publications, and vendor risk changes. Critical alerts reach your notification channel as threats are detected.
Can I control how autonomous JINX is?
Yes. JINX offers three autonomy levels: Manual (all actions require approval), Assisted (auto-resolve low-risk, escalate medium/high), and Autonomous (full AI-driven pipeline with human oversight on critical incidents only). You can adjust the level at any time as your team builds trust with the system.
Does JINX learn from my team?
Yes. When an analyst overrides a JINX classification, JINX creates a learned rule. Over time, these rules build a custom intelligence model specific to your organization. Rules expire automatically when they stop being relevant, keeping the system lean and accurate.
Can BUGSY generate reports?
Yes. BUGSY generates CTI reports with MITRE ATT&CK mapping, threat actor profiles, IOC lists, and evidence from leak sites. Export as PDF, and BUGSY keeps context across your investigation session.
How do JINX and BUGSY integrate with my existing tools?
Alerts and investigation results arrive via Slack, Microsoft Teams, Discord, email, Telegram, or custom webhooks. The REST API supports bearer token and API key auth, so it plugs into any SIEM, SOAR, or ticketing system.
Put AI Agents on Your SOC
See JINX and BUGSY in action with your actual domains, vendors, and keywords. 5-minute onboarding, no sales call required.
Other Solutions
Ransomware Tracking
Real-time monitoring of ransomware groups, leak sites, and victim postings.
Learn more →Supply Chain Risk
Continuous vendor risk scoring across 5 pillars with NIST C-SCRM alignment.
Learn more →Credential Intelligence
Stealer log monitoring, breach detection, and credential exposure alerts.
Learn more →Attack Surface Management
Subdomain discovery, DNS enumeration, and vulnerability scanning.
Learn more →Dark Web Monitoring
Dark web forums, Telegram channels, and IOC feed intelligence.
Learn more →MSSPs & MDR
Multi-tenant architecture purpose-built for managed security providers.
Learn more →