Pre-bind Assessment.
- 14–21 days of receiver-side observation
- Signed PDF · Ed25519 · chain of custody
- Mapped to NIST AI RMF, OWASP Top 10 Agentic, EU AI Act Art. 15
- One-page executive summary for broker & underwriter
Behavioral observation of automated activity directed at your public surface — signed, framework-mapped, admissible. Engineered for pre-bind, renewal, and post-incident requirements.
Cyber insurers no longer accept plain self-attestation. Pre-bind questionnaires are being supplemented — and in many cases replaced — by requirements for concrete, verifiable evidence of how a property handles automated traffic. The trend is consistent across underwriters in the EU, the United States, and the United Kingdom.
The automated surface — bots, declared crawlers, AI agents, scraping infrastructure, and credential-replay operators — is one of the fastest-changing risk vectors directed at the modern public web, and one of the least measured. Most stacks observe it only when it converts into a blocked request or a fraud event. The conduct in between is, for most cyber programs, simply not recorded.
The usual response — captures of Cloudflare dashboards, screenshots of bot-management UIs, or attestations of unspecified provenance — does not qualify as forensic evidence. It is not signed, not framework-referenced, not independent of the vendor whose product is being evaluated, and not admissible for a subrogation claim. The gap between what applicants supply and what underwriters increasingly expect is widening.
Each engagement produces evidence that can be presented to a broker, an underwriter, or counsel. Pricing is by quote; engagements are accepted by appointment.
Every engagement is delivered with explicit cross-references to the regulatory and industry frameworks that brokers and underwriting committees cite. The mapping is the work.
Independent instrumentation at the property boundary. Observation occurs where automated activity reaches the property. The Observatory does not displace existing security systems; it records what they do not.
Behavioral characterization, independent of declared identity. Operators are characterized by what they do, not solely by what they declare. Identity claims are recorded; they are not treated as conclusive.
Cryptographic signing — Ed25519 — immutable evidence chain. Each finding, each report, each cycle is signed and timestamped. The chain of custody is reproducible without recourse to the Observatory and is intended to survive transfer to a regulator, an auditor, or counsel.
Reports verifiable independently of WAF or CDN stack. The evidence does not depend on which perimeter products sit in front of the property. An underwriter or a broker can verify the chain of custody on their own infrastructure, without trusting either the Observatory or the vendor whose product is under evaluation.
BotConduct works directly with cyber insurance brokers to deliver a consistent evidence pack across pre-bind and renewal cycles. The same report format, the same framework references, the same chain of custody — across a broker's book.
Co-branded reports are available under NDA. Custom data-handling arrangements are available for each operating jurisdiction. The Desk works directly with named brokers; we do not operate a partner portal.
Address correspondence to the Observatory Desk. Indicate form of engagement, jurisdiction, and renewal timeline.
Address the Desk →