Cyber Intelligence House
Platform

Simple enough for sales teams. Strong enough for analysts.

CIH hides the collection and analysis complexity behind an MSSP-friendly workflow: add the client, launch the scan, review verified findings, ask Concierge, and deliver the report.

First signalFast enough to create momentum
Operator burdenNo integration required to get started
OutputsFindings, reports, briefs, investigation
The workflow in plain English

Put in a client website. Click go. Wait around 15 minutes. Ask questions. Deliver the report.

That sentence should feel obvious to an MSSP buyer. It says you can start quickly, show value fast, and deliver something professional without turning this into a heavy implementation project.

1

Add the client

Domain first, then optional aliases and keywords. The workflow starts where MSSPs already think.

Add client: domain-first setup with optional aliases
2

See verified exposures

Findings should begin appearing quickly enough to create confidence and urgency.

Early findings usable in client conversation
3

Ask Concierge what matters

Turn findings into client language, priorities, and report-ready explanation.

Concierge: grounded explanation tied to findings
4

Generate the report

White-label delivery is built in. Present under your own brand, or name CIH as the intelligence layer behind the service when the credibility adds weight.

White-label report output for partner delivery
Cyber Exposure

Evidence-rich findings for both project work and recurring monitoring.

CIH surfaces client-specific exposures with enough context to support action: leaked credentials, infostealer traces, market visibility, ransomware-related observations, and actor chatter tied to real entities.

  • Assessment mode for one-off projects and sales acceleration
  • Continuous mode for ongoing managed services
  • Verified findings instead of abstract scores
  • Reports that support executives and technical teams alike
Concierge

CIH Concierge helps analysts sound sharper, faster.

Concierge exists to explain what was found, help shape reports, answer operator questions, and reduce the time between “finding detected” and “client-ready explanation delivered.” That means more of your team can deliver intelligence services without needing dedicated threat-intelligence training.

Explain the risk

Turn technical findings into language that executives can understand.

Guide remediation

Support MSSP teams that need to move from evidence to action fast.

Refine outputs

Regenerate or reshape reports and summaries without losing the underlying intelligence.

The Watch

Live intelligence feed, daily briefings, and full-screen office mode for client-facing sessions.

The Watch gives MSSPs a real-time dark web observation stream with daily intelligence briefings. Use it for operational awareness, client presentations, and publishing credible intelligence commentary across LinkedIn, X, newsletters, and customer updates.

  • Live feed across 10+ threat categories with real-time filtering and search
  • Daily briefings with structured analysis: situation overview, significant developments, threat actor activity
  • Full-screen office mode with 4 themes — readable from 3-5 meters for SOC wall displays and client sessions
  • Threat actor profiles with credibility scoring and historical activity tracking
  • Result: stronger thought leadership, better client trust, and more reasons for clients to stay with the MSSP
Watch Premium
Customer-specific daily briefings tailored by geography, industry, and custom instructions.

Turn the global feed into a personalized intelligence service per MSSP client. Geography filters, industry filters, and free-text instructions shape what each customer sees.

How it works
Ask in natural language. Get evidence-grounded results across criminal ecosystems.

Search across forums, markets, paste sites, breaches, and actor-linked context with clear provenance, timestamps, and Concierge explanation.

Investigation

Natural-language search across dark web sources — no rigid filter trees.

Ask for a specific threat actor, breach, person, discussion, marketplace, or campaign and get evidence-grounded results. Faster analyst flow, faster client answers, and less friction in high-pressure investigations.

  • "Show recent ransomware discussions mentioning Black Basta and Finnish logistics companies."
  • "Find breaches in the last 30 days linked to healthcare providers in Germany."
  • "What is the latest chatter about [threat actor] targeting SaaS vendors?"
  • "Show references to [person/alias] across forums, markets, and paste sources."
  • "List discussions where [company/domain] appears with credential-sale context."
Access

Three ways to use CIH.

Start in the browser with no setup. Pull intelligence into your own systems via API. Connect via MCP and any AI agent can operate the full platform — findings, Concierge, reports.

Browser

Web UI

Full platform in the browser. Built for sales, delivery, and leadership. No specialist training required to start delivering intelligence services to clients.

No setup · No integration · Start immediately
Programmatic

API

Generate an API key and consume CIH findings, reports, and intelligence signals programmatically inside your own systems and workflows.

REST · JSON · API key auth · Read or read/write
Agents

MCP

One click generates a key. Copy the MCP server prompt. Any agent — Claude, a custom automation, or your own stack — can query findings, run Concierge, and generate reports.

Works with Claude · Custom agents · Any MCP client
Ready to start

See the workflow in action with your own clients.

Buy directly or try it first. Partner verification is fast and access starts on your selected date.

Buy Try