Threatlib
160
Platform-agnostic account risk scoring engine and SDK.
About ThreatLib
ThreatLib is a platform-agnostic account risk scoring engine and SDK designed for backend services that require consistent, auditable, and privacy-preserving abuse detection across products. It accepts heterogeneous account, device, network, behavior, graph, payment, and content metadata. The engine normalizes events through platform adapters, runs detector evidence through a dependency-aware orchestration graph, and returns a risk score, confidence band, action recommendation, and feature-level restriction map. ThreatLib is built to handle environments where missing data is common, ensuring that the absence of evidence does not equate to evidence of legitimacy, which is central to its safety model.
Key Features:
Platform Agnostic: Works across various platforms by using adapters for normalization.
Privacy-First Risk Assessments: Computes risk scores while adhering to strict PII isolation.
Dempster-Shafer Theory: Fuses independent behavioral, device, and network signals for robust scoring.
Cold Start Mitigation: Provides effective scoring even with limited historical data.
Configurable Action Tiers: Allows for flexible response strategies based on risk levels.
Shadow Mode: Enables risk assessment computation and review without immediate enforcement.
Extensible Architecture: Supports integration of developer-supplied ML model plugins.
Comprehensive API and SDK: Offers interfaces for scoring, event ingestion, reporting, and more.
Advanced Analytics: Provides detailed metrics for model performance, detector health, and replay simulations.
Domain-Specific Modes: Includes tailored configurations for social media, chat apps, and gaming.
ThreatLib is built with a layered system architecture, including contracts, platform adapters, independent and interdependent detectors, risk synthesis, an action engine, and various interfaces. It prioritizes core invariants such as returning uncertainty for missing input, logging all scoring events, and ensuring data privacy by not persisting plaintext PII.
Built with
