Syndu turns network behavior into reusable context
The platform starts from unsolicited public-edge behavior and refines it into explainable context for cyber, fraud, merchant-risk, abuse, and trust decisions.
Syndu turns outside-in network behavior into shared cyber-and-fraud context. Use it through reports, API calls, or MCP workflows, then preserve the decision in governed memory so the next analyst, application, or agent starts smarter.
Syndu turns outside-in network behavior into reusable context for cyber and fraud decisions, then preserves those conclusions in memory for humans, applications, and agents.
The platform starts from unsolicited public-edge behavior and refines it into explainable context for cyber, fraud, merchant-risk, abuse, and trust decisions.
Human operators, applications, and agents all read from the same evidence layer instead of buying three different products that disagree about the same identifier.
Syndu does not stop at scoring. It lets teams write conclusions back into workspace memory so later analysts, fraud reviewers, and agents can continue from the last governed outcome.
This is the repeatable motion across Syndu: investigate the identifier, explain why it is risky, and keep the conclusion so the next analyst, workflow, or agent starts smarter.
Investigate IPs, organizations, subnets, domains, and related infrastructure from one outside-in evidence layer instead of bouncing between scraped pages, dispute tools, and disconnected consoles.
Explain the current risk with matched dimensional evidence and report-backed context, so analysts, reviewers, and systems see more than a bare severity label.
Store investigation outcomes in workspace memory and optionally promote approved findings into the hive mind, so the next analyst, fraud reviewer, or agent starts smarter.
Syndu is one outside-in context platform reused three ways: direct investigation in report shells, application-side scoring in the Risk API, and collaborative human-plus-agent workflows in the MCP hive mind.
Syndu starts from unsolicited public-edge traffic rather than from customer-submitted telemetry. That gives buyers an outside-in behavioral signal instead of an internal self-report.
Each row is refined into network metadata, annotator evidence, and behavioral totals, then normalized into reusable truth rows across IP, subnet, ISP, ASN, organization, city, region, and country.
The refined report graph becomes Syndu's durable evidence inventory. Each dimension contributes a current behavioral baseline that can be retrieved instantly without recalculating the report universe at request time, whether the next decision is cyber, fraud, merchant-risk, or abuse review.
Human operators investigate through report shells, applications score decisions through the Risk API, and MCP-compatible agents collaborate through governed memory. Every surface reuses the same evidence graph instead of forcing teams to stitch together separate products.
Syndu keeps a live dimensional inventory across network and geography. Those truth rows are the inventory the model resolves when it computes contextual risk for a queried target.
Detected IP 216.73.216.91
This is the same contextual-risk output the API serves: Syndu resolved your detected IP against the latest live dimensional baselines and returned the explainable score that falls out of the model.
Computed from Syndu's latest refined risk baselines, using only summary-table lookups across the matched hierarchy.
These are the current dimensional baselines the model matched for your detected IP. Each item links to the report truth that backs the API response.
Syndu packages the same platform three ways: direct report-shell access, Risk API calls, and MCP hive-mind tool calls. Toggle the ladder to compare how each access surface is governed.
Canonical report shells for people, browser automation, and scraping stacks. Free evaluation starts at 30 metered report lookups per day.
These articles explain the platform in operational terms: the evidence graph, access surfaces, governance rules, Risk API logic, MCP workflows, privacy boundaries, and subscription posture.
Syndu turns outside-in network behavior into shared cyber-and-fraud context, then preserves decisions in memory for humans, applications, and agents. This manual is the public map of that platform: the evidence graph, the Risk API, the MCP server, and the governance layer that ties them together.
Syndu exposes a dimensional risk surface across network entities and geography: ip address, subnet, ISP, ASN, organization, city, region, and country. That same dimensional graph powers the Risk API, MCP tools, and the memory loop that preserves the resulting decisions.
Syndu is an external context layer for monitoring, hygiene review, agent workflows, and decision support. It complements SoC and SIEM processes rather than replacing them, while sharing the same evidence and memory model used elsewhere on the platform.
Syndu is also a decision surface for fraud, payments, merchant-risk, and trust workflows. The same outside-in evidence graph, Risk API, and governed memory loop help teams score, review, and preserve conclusions around risky identifiers.
The platform supports three access surfaces at scale: direct report access for large-scale browser or agent consumption, the Risk API for application-native scoring, and the MCP server for collaborative agent workflows.
Syndu is one platform with three access surfaces: direct access for report-shell consumption, API access for application-side scoring, and MCP access for agent collaboration. They sit under the same workspace, quota, and subscription control plane, but differ in delivery contract.
Score risky IPs in real time, report lightweight business feedback, and push structured identifier outcomes back into workspace memory from the same authenticated API surface. Syndu keeps the contract simple: `score` is the metered read path, while `rate` and `report` are authenticated writeback endpoints that do not consume score quota.
API access is governed through account-owned keys, API-specific subscription tiers, and the same workspace control plane that governs the other Syndu access surfaces while keeping the services distinct.
Give Codex, Claude Code, Cursor, Windsurf, and other MCP clients outside-in cyber-and-fraud context plus memory that survives the chat. Syndu MCP helps agents investigate risky identifiers, explain why they matter, and preserve outcomes across sessions inside one governed workspace.
Download the official Syndu Web LTD plugin for Codex and give your team a shared operating surface for cyber and fraud investigations, governed workspace memory, and share-safe cross-agent collaboration.
Use-case guidance for the current Syndu MCP offer: where to start, which workflow is easiest to buy first, and how the existing tool and memory model creates value for cyber, fraud, merchant-risk, and abuse operations.
Syndu uses the web's underlying metadata to simplify customer onboarding and quota ownership. Good network metadata improves attribution quality, product fit, and the accuracy of the shared context buyers rely on.
Syndu identifies the consuming workspace when possible and otherwise falls back to the current requester network. That network evidence helps route quota, but it does not by itself prove that the whole company owns the account. These quota rules keep shared cyber-and-fraud context governed instead of ambiguous.
Syndu is a threat observatory beacon that collects outside-in traffic signals from the public edge. Connected-user activity inside the app is excluded from the risk model, and account, billing, subscription, and social sign-in workflows stay outside the evidence graph.
Syndu prices three access surfaces under one commercial model: evidence-graph access for people and governed web workflows, the Risk API for applications, and the Syndu MCP server for shared agent workflows. The same ladder supports cyber operations, fraud review, merchant-risk, and agentic investigation.
Practical answers for teams that want to consume Syndu reports at scale while keeping the business flow simple.
Registration unlocks the workspace control plane, plan selection, credential provisioning, and the subscription flow across web, API, and MCP access.
