Darkbit uses machine learning to detect software supply chain compromise, malicious application behavior and unintended configuration drift.

What is Darkbit?Actively monitor your web application risk profiles with our intelligent inspector.

Software Supply Chain

Third party risk presents monitoring challenges once your applications have been deployed to production. Darkbit goes beyond traditional uptime monitoring and inspects the actual behavior of your apps and sites.

Configuration Drift

Unintentional changes can be just as dangerous as attacker-driven activity, leaving your infrastructure more vulnerable to future attacks and compromise. Detect deviations from organizational policy in your deployed applications.

Malicious Ads

How do you know when your ad networks start misbehaving? Whether by getting comprised by attackers or simply serving ads that aggressively profile your users, now you can detect when things go sideways.

Continuous Diagnostics & Mitigation

You have a plenty of choice in tooling to monitor your own infrastructure and systems, but how do you monitor you applications behavior "out in the wild?" The Darkbit Inspector closely simulates user activity and uses a fully functional web browser.


Darkbit uses a combination of historical and behavioral analysis to detect changes to things that matter. Detect malicious scripts, unauthorized data exfiltration, form jacking, crypto mining and other threats to your users.

Enterprise Integration

You may already have consolidated all of your logging and monitoring onto a centralized platform. The last thing you need is yet another tool, with yet another dashboard to keep track of. Darkbit integrates seamlessly with enterprise monitoring tools like Splunk, Datadog and Honeycomb.

How Darkbit works...

Add Site

Add Site

Adding your app or site only takes a few seconds. We perform an initial profile of your site's characteristics and behaviors.

Learn Profile

Learn Profile

Most modern apps are dynamic and fluid. During Learning Mode, we continue to gather behavioral traits about your site simulating real user activity.

Monitor Behavior

Monitor Behavior

Once we've established a baseline for what your site's normal behavior profile looks like, we start to monitor for changes to that profile.

Generate Events

Generate Events

When your site's behavior profile changes, we can notify you through multiple channels, from simple email or Slack messages, to integration with your existing tools.

Example Detection Cases

Malicious JavaScript
Signature based detection of malicious JavaScript is error prone and easily circumvented. By simulating real users, Darkbit can help detect malicious JavaScript with few false positives.
Misconfigured Security Policies
A properly implemented Content Security Policy can help prevent many web-based attacks. Developers often relax or remove certain restrictions during development. If a relaxed policy gets pushed to production, you can unintentionally be increasing your risk posture.
Untrusted Asset Sources
If your site unexpectedly starts serving assets to users from untrusted or unknown sources, it could be a sign of a software supply chain or third party compromise.
Untrusted Countries of Origin
Most legitimate third party software serves its assets from consistent locations. If your site starts unexpectedly serving assets to users from unexpected countries, it could be a sign of a software supply chain or third party compromise.
Excessive Frames
Attackers often inject malicious code into hidden frames. An unexpected number of frames can indicate that an ad network or a malicious actor is targeting your users.
Suspicious Function Calls
Darkbit monitors not only the sources, but also the behavior of all of your site's scripts. Excessive use of certain JavaScript function calls can be an indication that an attacker or malicious actor has compromised one or more packages in your supply chain.
Domain & IP Reputation
Are your apps loading content from suspicious domains or IP addresses? Darkbit premium subscribers can leverage leading threat intelligence APIs to add domain and IP reputation scoring to the site profile analysis.
Certificate Expiration
Expired TLS certificates can frustrate your users with confusing messaging and reduce the overall security of your apps. Don't let this simple mistake take down your site.
New Domains
Malware often uses newly registered domains to facilitate communication, but detecting newly registered domains is typically difficult to do accurately. Darkbit monitors just new domains, but certificate generation traffic as well. Get notified if your site unexpectedly communicates with a system using a newly generated certificate.
Unexpected Errors & Logs
If your apps start throwing errors or unexpected logs in production, it could be a sign of a simple misconfiguration or accidental deployment of malfunctioning code to production.

Simple setup, get started in minutes

* two months free with annual subscription

Starter Plan
per month
  • App URLs: 1
  • Checks: 75 per month
  • Notifications: Email & Slack
  • Data Retention: 30 days
  • Custom Headers: supported
  • IP & Domain Reputation: n/a
  • User Flows: n/a
  • Integrations: n/a
  • Custom Webhooks: n/a
  • API: n/a
Team Plan
per month
  • App URLs: 5
  • Checks: 750 per month
  • Notifications: Email & Slack
  • Data Retention: 90 days
  • Custom Headers: supported
  • IP & Domain Reputation: included
  • User Flows: supported
  • Integrations: Splunk, Datadog, Honeycomb
  • Custom Webhooks: included
  • API: n/a
Premium Plan
per month
  • App URLs: 25
  • Checks: 7,500 per month
  • Notifications: Email & Slack
  • Data Retention: 180 days
  • Custom Headers: supported
  • User Flows: supported
  • IP & Domain Reputation: included
  • Integrations: Splunk, Datadog, Honeycomb
  • Custom Webhooks: included
  • API: included