These charts reflect raw collection volume — how many reports came in, from where — not deduplicated incident statistics. For incident-level numbers, see the Landscape tab.
Collection volume (last 48h)
Priority breakdown
Items by source
Most active ransomware actors
No items match your filters.
—
Total cases
—
Critical
—
In CISA KEV
Select a case to see the full case file.
Counts are deduplicated incidents (cases) derived from automated extraction of public OSINT — not verified ground-truth statistics.
—
Cases in window
—
In CISA KEV
—
Sectors hit
—
Active actors
Incident volume
Crime type
Victims by country
Sectors under attack
Most active actors (click to open profile)
Everything the AI subsystems have done, automatically, with no approval gate — source
discovery/healing/pruning, OSINT research, classification, and case correlation. This log
is the transparency record for that autonomy, not a control panel.
No activity recorded yet.
Targeted Investigation
Describe a case — victim, modus operandi, anything you know — and an agent researches it across existing source feeds and the open web. If it finds a genuine match, the findings are integrated as feed items, a new case, and any valuable new sources discovered along the way.
Admin token required — enter it in the header toolbar. Each submission spends a Hermes run and may take several minutes; runs async, track progress in the Activity tab.