BotConduct provides an OEM behavioral classification layer for MDR/XDR vendors, CDN providers, RMM platforms, and security ecosystems serving managed service providers. Native multi-tenant. Native white-label. Wholesale pricing. Full margin retained by the partner.
Existing security stacks were built around two questions: who is the user, and what is the request payload? Identity, IP reputation, signature-based detection, and payload inspection answer those questions well for known categories.
A third question is increasingly unanswered: what is the actor behaving like? AI agents, autonomous tooling, and modern automated traffic operate within the bounds that signature-based and IP-reputation defenses were built to allow. They look human-grade. They rotate identity. They adapt. The categories of evasion are not visible in payload inspection.
BotConduct is the layer that answers that third question. Behavioral classification of every visitor, designed to be embedded inside an existing security platform, not sold as a standalone product to the platform's customers.
Pick the one that matches your platform's architecture.
A sensor (deployable as a single client-side reference, an npm package, or an edge worker) captures behavioral signals from your tenants' web properties and streams them to BotConduct's ingestion endpoint. Your platform queries our API for classifications and surfaces them in your dashboard, alerts, or SIEM pipeline.
Classification runs as an Edge Worker inside your CDN's infrastructure, capturing signals at the request layer before they reach origin. No client-side JavaScript required. Signal aggregation happens at the edge; classification is queried server-side.
For partners that already collect rich request telemetry from a WAF or bot management product, a server-side ingestion endpoint accepts pre-aggregated session data. We classify; you decorate your existing alert pipeline with behavioral context.
Detailed architecture and API specification available under NDA.
BotConduct sits as a passive behavioral telemetry layer alongside your existing stack. No replacement of your existing infrastructure. No traffic interception. No latency added to your customer's site (sub-1ms client-side overhead, sub-50ms server-side classification at p95).
The platform is multi-tenant native. Each partner has many tenants, and each tenant has many monitored sites. All data flows are tenant-scoped to ensure isolation across your customer base. Partner-controlled metadata (your customer IDs, names, segmentation tags) flows in via the API and is never shared across partners.
Tenants, sites,
managed endpoints
Ingestion, classification,
observatory
Your dashboard,
your SOC, your SIEM
Tenant data flows into your tenancy boundary. BotConduct never sees your end-customer's identifying data.
End customers see your brand, not ours. We are infrastructure.
| Capability | Available |
|---|---|
| Custom domain for tenant-facing dashboards | Yes |
| Partner-branded reports (PDF, JSON, custom templates) | Yes |
| Removal of all BotConduct branding from tenant-facing surfaces | Yes |
| Custom color scheme and logo across tenant-facing UI | Yes |
| Custom email-from address for webhook notifications | Yes |
| Partner controls all customer-facing communication | Yes |
Tier A partners receive comprehensive white-label. Lower tiers receive partial white-label, scoped at contract signature.
Tenant identifying data, end-user data, and per-tenant behavioral signals are owned by the partner. BotConduct never sees the partner's end-customer PII; the platform is architecturally designed to make that impossible. Aggregated, anonymized behavioral patterns and observatory data are owned by BotConduct and licensed back to partners for use within their products.
Full data ownership terms (definitions, processing rights, retention, deletion, GDPR/CCPA framework, sub-processor list, audit rights) are documented in our Data Ownership Terms, available under NDA alongside the OEM Master Agreement.
Wholesale per-unit pricing. Volume discounts at 100K, 500K, 1M+ units. Tier-based feature scope.
Three structural elements: a one-time setup fee covering integration support and partner key issuance; a monthly per-unit usage fee calculated on endpoints, domains, or managed devices under active monitoring (the unit varies by partner type); and an optional revenue-share alternative for Tier A and Tier B partners who prefer lower per-unit rates in exchange for sharing upsell revenue.
Tiers are assigned at contract signature based on expected scale, integration depth, and strategic alignment. Specific rates, volume discount schedules, and tier-specific feature scope are shared under NDA. Setup is intentionally modest to reduce friction; the bulk of the relationship is variable and grows with partner success.
Endpoint, identity, network, and SIEM coverage are mature. Behavioral classification of web visitors and AI agents reaching your tenants' properties is the layer most stacks do not yet cover. BotConduct adds that layer as a white-labeled module surfaced inside your existing dashboards and alert pipelines.
Bot management and WAF cover known categories well. Autonomous AI agents and behaviorally adaptive automated traffic increasingly operate within the bounds those systems were built to allow. BotConduct sits as a behavioral signal layer underneath, feeding your existing rules and customer-facing security dashboards.
Your MSP customers manage hundreds of end-clients. Each end-client has web properties exposed to automated traffic neither the MSP nor the end-client has visibility into. BotConduct provides per-tenant behavioral classification across the MSP's full client base, with a single integration into your platform.
Sandbox in 48 hours. Production pilot in 6 weeks. GA in 12.
30-min technical call — your engineering lead and our OEM team scope the integration pattern.
NDA and sandbox access — within 48 hours of NDA signature. Includes architecture detail, API specification, and provisioned partner key.
Hands-on validation — your team integrates against the sandbox API and validates classifications against your known traffic.
Commercial discussion — pricing tier alignment, contract structure, OEM Master Agreement.
Production rollout — sandbox to pilot to GA per the integration timeline in the OEM Architecture document.
If this fits your platform, the next step is a 30-minute technical call. We do not run a public partner self-service flow. OEM partnerships are negotiated one at a time.
hello@botconduct.org
Subject line: OEM Partnership Inquiry