Threat Intelligence Sharing (Beacon)
Beacon enables cross-organization real-time threat intelligence sharing via PQC-signed alerts. When one organization detects a compromised identity or malicious tool, all federation members are notified immediately.
Alert Types
| Type | Description |
|---|---|
| Compromised identity | A DID has been compromised or taken over |
| Malicious skill | A tool has been identified as malicious |
| Active threat | An ongoing attack is detected |
| Vulnerability disclosure | A vulnerability affecting the trust network |
| Policy violation | A cross-org policy has been violated |
| Federation breach | A federated trust relationship has been compromised |
PQC Signatures
Every beacon is signed with the publisher's ML-DSA key. Receiving organizations verify the signature against the publisher's DID document before acting on the alert.
Usage
from trusthub import BeaconPublisher, BeaconReceiver, BeaconStore
from trusthub.constants import ThreatSeverity
# Publish
publisher = BeaconPublisher(
org_id="acme", publisher_did=admin.did,
signer=signer, keypair=keypair,
store=BeaconStore(),
)
beacon = publisher.publish_compromised_identity(
subject_did="did:trusthub:acme:compromised123",
title="Compromised agent identity",
description="Agent DID key material leaked",
severity=ThreatSeverity.CRITICAL,
)
# Receive
receiver = BeaconReceiver(
org_id="globex", subscriber_did=agent.did,
resolver=resolver, store=BeaconStore(),
)
accepted = receiver.receive(beacon)
print(f"Beacon accepted: {accepted}")