Next-Generation Threat Intelligence

Welcome to the Future of Fraud Detection

Introducing UrbanFox Sentinel — an autonomous fraud simulation engine that doesn't just detect vulnerabilities. It discovers attack paths, proves they're exploitable, recommends precise fixes, and verifies the defense works.

SCROLL

Capabilities

Autonomous Attack Simulation

⚙

DEEP SITE CRAWL

Sentinel autonomously explores every page, form, button, and API endpoint on the target. It maps the entire ecommerce surface — product flows, carts, promo codes, checkouts, and account pages.

⚡

AI-POWERED ANALYSIS

Claude Opus analyses the crawl data to identify fraud vectors that deterministic rules can't catch. From credential stuffing surfaces to loyalty point manipulation — no abuse path goes unnoticed.

⚖

PROOF ENGINE

Every hypothesis is validated with real browser automation. Playwright executes the attack scenario, captures screenshots, and produces irrefutable evidence that the vulnerability exists.

☂

FIX & VERIFY

Sentinel generates targeted remediation for both merchant-side code fixes and UrbanFox detection rules. After the fix is applied, it re-executes the original attack to prove the defense holds.

⚠

DUAL OWNERSHIP

Every finding clearly separates what the merchant must fix from what UrbanFox can detect. Promo abuse needs server-side limits; velocity gaps need detection rules. Both get actionable recommendations.

∞

CONTINUOUS LOOP

Scan, discover, prove, fix, retest. Sentinel creates a closed-loop fraud defense cycle. New attack vectors are automatically re-evaluated as the site evolves.

How It Works

The Attack-Defend Pipeline

PHASE 01

Target Acquisition

Submit a merchant URL. Sentinel creates a scan job and begins deep same-site crawling to map the attack surface.

PHASE 02

Surface Mapping

Every page, form, API endpoint, button, and commerce capability is catalogued. Payment gateways, security controls, and authentication flows are identified.

PHASE 03

Hypothesis Generation

AI analyses the mapped surface to generate exploitation hypotheses — promo reuse, cart manipulation, rapid checkout, credential stuffing, and more.

PHASE 04

Proof of Exploit

Playwright browser automation executes each attack scenario against the live target. Screenshots and evidence are captured at every step.

PHASE 05

Remediation & Retest

Confirmed findings receive dual fix recommendations. After fixes are applied, Sentinel re-runs the original attack to verify the vulnerability is eliminated.

Engine Metrics

Built for Scale

15+

Attack Categories

5

Pipeline Phases

2x

Fix Ownership

100%

Evidence-Backed

Ready to Hunt?

Sentinel doesn't just detect flaws. It proves them, recommends precise fixes, and proves the fix worked.

ENGAGE TARGET

Submit a merchant URL to begin autonomous threat analysis

TARGET >

Initializing... BOOT

-

Pages

-

Flows

-

Hypotheses

-

Confirmed

Security Posture

Awaiting crawl data...

Threat Hypotheses

Generating...

Confirmed Findings

Awaiting test execution...

Intelligence Feed

How Sentinel Works

An autonomous fraud simulation engine that discovers, proves, and verifies ecommerce vulnerabilities end-to-end.

01

Target Submission

User submits a merchant website URL. Sentinel creates a scan job and begins autonomous analysis. Supports any HTTP/HTTPS ecommerce site.

02

Deep Same-Site Crawl

A deep HTTP crawler explores the target site — extracting pages, forms, buttons, links, and API endpoints. It detects ecommerce capabilities: cart, checkout, promo codes, login, signup, refund flows, payment forms, loyalty systems, and more. Respects depth limits, rate limiting, and same-site boundaries.

SECURITY SIGNALS DETECTED: CAPTCHA, bot detection, rate limiting, 3DS, device fingerprinting, fraud services, payment gateways

03

Flow Discovery

From crawl data, Sentinel identifies attack-relevant ecommerce flows: rapid checkout paths, cart manipulation routes, refund request chains, account creation funnels, referral loops, and card testing surfaces.

04

LLM-Powered Hypothesis Generation

Claude (via AWS Bedrock) analyzes the crawl data like an attacker — generating detailed vulnerability hypotheses. It identifies promo abuse, credential stuffing, cart manipulation, payment fraud, race conditions, missing friction, and dozens of other attack vectors specific to the target.

FALLBACK MODE: Deterministic hypothesis engine runs when LLM is unavailable — covers promo reuse, rapid checkout, cart limits, refund abuse, and card testing surfaces.

05

Confirmation Test Generation

For each hypothesis, the LLM generates a precise Playwright browser automation test — with navigation steps, form interactions, assertions, and safety constraints. Each test is designed to prove whether the vulnerability is actually exploitable.

06

Playwright Execution & Evidence Capture

A headless Chromium browser executes each confirmation test against the live target. It navigates pages, fills forms, clicks buttons, and captures screenshots as evidence. Tests that fail are marked not reproduced; tests that succeed confirm the vulnerability exists.

SAFETY: No real payments, no destructive operations, bounded attempts, timeout-protected. Inconclusive tests are retried with simplified approaches.

07

Findings & Fix Recommendations

Confirmed vulnerabilities become findings with severity ratings, evidence chains, and dual fix recommendations:

MERCHANT FIX

What the merchant should change in their system — rate limits, server validation, promo binding, CAPTCHA, etc.

URBANFOX FIX

What UrbanFox should detect — velocity rules, risk scoring, anomaly signals, friction recommendations.

08

Retest & Verification

After the merchant applies a fix, Sentinel reruns the original confirmation test. If the attack now fails, the finding is marked VERIFIED FIXED. If it still succeeds, it remains STILL VULNERABLE. This closes the loop — proving the defense works.

Architecture

URL Submitted
    ↓
Create Scan Job
    ↓
Deep Same-Site Crawl (HTTP, max depth/pages)
    ↓
Discover Pages, Forms, APIs, Commerce Capabilities
    ↓
Discover Ecommerce Flows
    ↓
Generate Vulnerability Hypotheses (LLM or Deterministic)
    ↓
Generate Confirmation Tests (Playwright steps)
    ↓
Execute Tests with Headless Chromium
    ↓
Confirm or Reject Vulnerabilities (with evidence)
    ↓
Create Findings + Fix Recommendations
    ↓
Human Marks Fix Applied → Retest → Verified Fixed

Tech Stack

Backend: Python, FastAPI, Pydantic

Browser: Playwright + Chromium

LLM: Claude via AWS Bedrock

Storage: SQLite + EFS

Infra: AWS ECS Fargate, ALB, CloudFormation

CI/CD: GitHub Actions + OIDC

Quality: 100% coverage, ruff, mypy, SonarQube

Realtime: WebSocket progress streaming

Module Boundaries

DeepCrawler

FlowDiscoveryEngine

HypothesisEngine

LLMPlanner (Bedrock)

ConfirmationTestGenerator

PlaywrightExecutionEngine

FindingEngine

FixRecommendationEngine

RetestEngine

ScanOrchestrator

SqliteRepository

JsonLogger

COMMAND CENTER

Aggregate intelligence across all missions

-

Total Scans

-

Completed

-

Confirmed Findings

-

Verified Fixed

Vulnerability Breakdown

Loading...

Security Posture Summary

Loading...

Severity Distribution

Loading...

Top Attack Vectors

Loading...

Recent Missions

Initializing archive...