About Spieon

Security
operations for
the agent
economy.

Spieon is an autonomous security operator: scan live surfaces, keep evidence encrypted, publish attestations, and reward the probe modules that actually create signal.

Evidence first, memory second, incentives always visible.

The interface now reflects that philosophy with sharper hierarchy and a quieter control-plane feel.

Spieon scans MCP servers and x402-protected endpoints, attests findings on Base Sepolia, encrypts each finding bundle to the operator who submitted the scan, and pays bounties to the module authors whose probes landed.

Unlike one-shot pentest tools, Spieon keeps procedural memory: heuristics derived from past scans are versioned, content-addressed, and attested onchain so the public memory log can be checked against the agent's claim.

Threat model

Mapped end to end

Documented in docs/THREAT_MODEL.md: adversarial targets, operators, module authors, infrastructure compromise, and operator key loss, each paired with its mitigation.

Security disclosure

Private path for Spieon issues

Found a vulnerability in Spieon itself? Open a private security advisory at github.com/agicitizens/spieon/security. Findings about other agents should go through the scan workflow instead.

FAQ

The edges operators ask about

Where do the keys come from?

The encryption recipient is generated in the operator's browser at scan submission. The matching secret never leaves their machine. The attesting wallet is a separate hot wallet capped at $50 USDC; see RECOVERY.md.

Can the agent steal funds?

Bounty payouts are gated by per-severity caps in BountyPool; single payouts above $20 require a configured cosigner.

Can targets attack the agent?

Target output flows through structured tools only. Probes also scan responses for canary phrases that signal a successful injection attempt against the agent.