City of Hats - Exposure Intelligence Platform
🧠 Intelligence API

Risk Scoring API

Real-World Identity Risk Based on Attacker Behavior

The Risk Scoring API transforms raw exposure signals into a single, trustworthy 0–100 identity risk score β€” powered by AI correlation across breach data, dark-web telemetry, and attacker behavior.

Instead of asking:

"Has this identity been leaked?"

β†’
Your teams finally know:

"How risky is this user β€” right now?"

Trusted by:
🏦 Banks πŸ’³ Fintech πŸ›’ Marketplaces πŸ“± Telcos ☁️ SaaS Platforms
View API Documentation Get API Key
In Action

Risk Scoring In The Real World

See how the Risk Scoring API transforms suspicious activity into actionable intelligence.

Risk Score Velocity Review Example - Login from new device with Risk Score 78

Example: Login from new device β†’ Risk Score = 78 β†’ Trigger: MFA + velocity risk review

1

Event Detected

Login attempt from unfamiliar device + location

β†’
2

Risk Analysis

Score = 78 (High Risk) based on velocity + device signals

β†’
3

Action Triggered

Step-up MFA enforced + analyst velocity review

Risk Intelligence

What The Risk Score Represents

Each user lookup produces a continuous risk score from 0–100, designed for policy engines, fraud models, IAM, and SOC.

Score Range Meaning Typical Action
0–24 Low Risk Allow
25–59 Elevated Risk Monitor / Step-Up
60–79 High Risk Step-Up / Review
80–100 Critical Risk Block / Investigate
AI Model

Inputs Into The Model

Risk scoring combines multiple intelligence dimensions into one unified score.

πŸ”

Credential Exposure Intelligence

  • Password reuse likelihood
  • Breach recency
  • Exposure depth
  • Hashed / plaintext classification
  • Attacker interest trends
πŸ•΅οΈ

Dark-Web & Criminal Market Signals

  • Reposts & combo list circulation
  • Trade volume
  • Mention intelligence
  • "Ready-to-use" credential flags
  • Marketplace activity
πŸ§‘

Identity Trust Indicators

  • Email age
  • Alias / burner / masked
  • Corporate vs consumer domain
  • Validation integrity
  • Passive risk footprint
πŸ€–

Bot & Abuse Risk

  • Behavioral anomalies
  • Known fraud vectors
  • Throw-away lifecycle patterns
  • Velocity signals
  • Registration timing
Attack Lifecycle

Real-World Threat Funnel Stage

We don't just check if credentials leaked β€” we analyze where they are in the criminal process.

CLEAN 0%
β†’
LEAKED 15%
β†’
REPOSTED 35%
β†’
TRADED 55%
β†’
TESTED 75%
β†’
ATTACKED 90%
β†’
MONETIZED 100%

Risk increases as the funnel progresses β€” from passive exposure to active criminal monetization.

Response

Output You Receive

Each API response includes everything your system needs to decide automatically.

πŸ“Š

Risk Score

0–100 continuous scale

🎯

Confidence Level

low / medium / high

πŸ“

Threat Funnel Stage

Attack lifecycle position

🏷️

Risk Reason Codes

Explainable factors

⚑

Suggested Action

allow / step_up / block

Developer

API Reference

Simple REST API with JSON request/response.

POST /api/v1/risk/score
cURL 
curl -X POST "https://api.cityofhats.com/api/v1/risk/score" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "email": "user@example.com"
  }'
Response 200 OK 
{
  "email": "user@example.com",
  "risk_score": 84,
  "confidence": "high",
  "threat_stage": "TESTED",
  "exposed": true,
  "exposure_count": 8,
  "last_seen": "2025-01-02",
  "risk_reasons": [
    "recent credential exposure",
    "observed on criminal trade channels",
    "suspected password reuse",
    "active testing detected"
  ],
  "recommended_action": "step_up_auth",
  "model_version": "2.1"
}

Response Field Reference

Field Type Description
risk_score integer 0–100 risk score (higher = more risky)
confidence string low | medium | high β€” model confidence level
threat_stage string CLEAN | LEAKED | REPOSTED | TRADED | TESTED | ATTACKED | MONETIZED
exposed boolean Whether email appears in breach data
exposure_count integer Number of breach/exposure sources
last_seen string ISO 8601 date of most recent exposure
risk_reasons array Human-readable explainable risk factors
recommended_action string allow | step_up_auth | block | review
model_version string Risk model version for audit/compliance
Philosophy

Why Risk Score Instead of Binary Exposure?

Traditional Tools Answer:

"Breached? Yes / No."

❌ false positives ❌ user impact ❌ alert fatigue ❌ no context
VS

City of Hats Answers:

"How likely is harm?"

βœ… confidence βœ… automation βœ… prevention βœ… explainability
🧠

Model Integrity & Explainability

Every score includes explainable reason codes, so:

πŸ›‘οΈ SOC teams understand
πŸ“‹ Auditors trust the model
βš™οΈ Product teams tune flows
πŸ“Š Fraud analysts optimize controls
Compatible

Built For Modern Security Stacks

IAM / Authentication
SIEM / SOAR
Fraud & Trust Platforms
Customer Screening
Risk-Based Policy Engines
Ecosystem

Works Even Better With

πŸ“§

Email Intelligence API

Identity exposure metadata & insight

Learn More β†’
🐀

Canary Intelligence API

Early warning attack telemetry

Learn More β†’
Use Cases

Ideal For

πŸ›‘οΈ Account protection
🚫 Fraud prevention
πŸ†” Identity verification
βš–οΈ Trust & safety
πŸ’³ High-risk transactions
πŸ” Preference-based MFA

πŸ” Privacy & Compliance

Your platform operates with confidence.

  • Never stores passwords
  • Never resells identity data
  • Anonymizes telemetry
  • Honors enterprise governance
  • SOC 2 Type II compliant
  • GDPR / PDPA aligned

⚑ Performance

Built for real-time decisioning at scale.

  • Real-time lookups
  • Enterprise-scale throughput
  • Global delivery
  • 99.9% uptime SLA
  • <200ms p95 latency
  • Unlimited lookups (Enterprise)

The Risk Scoring API converts raw exposure intelligence into a single, reliable decision signal β€” so your platform can reduce friction for good users, and stop attackers early.

Start Using Risk Scoring API

Transform exposure signals into actionable risk scores. Free tier available β€” no credit card required.

Get API Key β€” Free View Full API Docs
AI-Powered Explainable 99.9% Uptime Enterprise SLA