The asset is already inside. Sentinel finds them first.
Counter-espionage detection powered by the FSI model, Threshold Theory, and Resonance analysis. Sentinel doesn't flag anomalous access — it builds a behavioural case across three detection layers, identifying the specific motivational and cognitive signature of a compromised individual weeks before any technical indicator appears.
3 active cases
Powered by FSI + Threshold + Resonance
Access Restricted
Sentinel · Live Operations
Active
—
Profiles
—
Open cases
—
Critical
Detection Architecture
Three layers. One case.
Traditional insider threat tools detect access anomalies after the fact. Sentinel operates upstream — modelling the human motivational architecture that precedes compromise. A case is only surfaced when all three detection layers converge, eliminating false positives and ensuring every alert is a substantiated behavioural finding.
Layer 01 —
Profile Compromise Indicators
The FSI solid profile is continuously monitored for the behavioural signature of an individual in a recruitment or coercion process. A spy doesn't simply decide to leak — they pass through identifiable phases: approach, cultivation, tasking, and extraction. Each phase produces a distinct FSI pattern.
Loyalty threshold in accelerated freefall
Security threshold artificially maintained
Chronic stress with suppressed recovery
Compartmentalisation behaviour spike
Financial anomaly + access correlation
Layer 02 —
Network Topology Analysis
Sentinel maps information flows through the organisation, constructing a knowledge accumulation graph for each individual. A compromised individual shows a specific topology: cross-silo access that connects knowledge domains with no legitimate operational reason, combined with an unusual brevity of each access session — consistent with data harvesting rather than work.
Cross-silo knowledge accumulation pattern
Access session brevity vs volume ratio
Lateral movement without workflow trigger
Exfiltration-adjacent endpoint contacts
External communication timing correlation
Layer 03 —
Behavioural Stress Fingerprint
Carrying a covert operational role inside an organisation produces a highly specific stress profile — one that is measurably different from standard occupational stress. Sentinel detects the fingerprint: chronic anxiety without the normal recovery curve, artificial role performance in monitored contexts, and the specific pattern of maintained outward competence over an eroding internal threshold structure.
Stress without proportional cause
Hyper-vigilance during access events
Performance consistency vs private signal divergence
Resonance field isolation behaviour
Impulsave: deliberate suppression pattern
Compromise phase model — Sentinel detects from Phase 1
Phase 01
Approach
Subject identified by external actor. Initial contact made. Stress spike with unusual recovery suppression.
Active data or intelligence exfiltration. All three detection layers converge. Alert escalated.
Critical alert
Phase 05
Exposure
Without Sentinel: discovered post-hoc. With Sentinel: interdicted at Phase 1–3. Case closed.
Traditional tools
Active case board.
Three active cases at different detection confidence levels. Click a case to open the full intelligence file.
Compromise Fingerprint
The shape of a compromised profile.
Every compromised individual produces a recognisable shape when their FSI profile is mapped across six key axes. Clean profiles are balanced. Compromised profiles are highly asymmetric — specifically elevated in stress markers and cross-silo access, while artificially maintained in visible performance metrics.
This is the Sentinel Compromise Fingerprint — the visual representation of a case at the point of critical confidence. It appears in every case file and is the primary tool for communicating risk to non-technical decision makers.
Clean profile
Compromised profile
Compromise fingerprint · Case INS-2026-0041
Sectors
State Security
Intelligence agencies, security services, and classified research environments. Sentinel operates at the clearance boundary — detecting compromise before access is misused, not after.
Double-agent identification
Source handling integrity
Foreign intelligence recruitment detection
Clearance reassessment triggers
Corporate Intelligence
IP theft, trade secret exfiltration, and competitor intelligence operations targeting R&D, M&A, and strategic planning functions. Sentinel identifies economic espionage before disclosure.
IP and trade secret protection
M&A intelligence leak detection
Competitor-placed asset identification
Supply chain integrity monitoring
Defence & Military
Operational security, technology transfer prevention, and unit integrity. Sentinel runs continuously on personnel with access to classified capabilities, force structures, and operational planning.
Technology transfer detection
Operational security monitoring
Foreign-influenced personnel identification
Contractor integrity screening
Financial Services
Front-running intelligence, regulatory intelligence leaks, and competitor-directed disclosure. Sentinel identifies individuals in covert relationships with competing institutions before material non-public information is transmitted.