A leaked session and a guessable VIN shouldn't be able to drive your whole fleet.
The abuser logs in as one of your real customers — so they pass every auth check — then rotate across Amazon, Google and Azure until all your SOC has logged is a meaningless last IP. It works for one reason: your cars have no identity they can prove.
whisper verify --trustless — anchored at the IANA DNS root. Our own API is not in the trust path.
This is how your fleet API gets driven by someone who was never your customer.
No zero-day. No malware. Just authorization logic used exactly as built — at fleet scale.
The VIN is a public index
A VIN is a structured, guessable string stamped on the windshield. An email address is enough to begin.
Steal a valid session
Phish the companion app, or lift a hardcoded key from the dealer portal's JavaScript. Now they hold a real, valid session.
The backend says yes
The telematics backend authorizes it — nothing is broken, the token is genuine. One BOLA/IDOR flaw turns one account into any account.
One IP, thousands of cars
Enumerate VINs; locate, unlock, remote-start, disable the starter — low-and-slow, under every rate limit.
Every last IP is disposable
Egress hops Amazon → Google → Azure, or a residential-proxy swarm, every few requests. Your VSOC sees a fresh last IP and correlates nothing.
Whole-fleet resale
Telematics scraped and resold with no contract. A GDPR and EU-Data-Act incident, not only a security one.
Invisible at the network layer by design: a real driver is one IP to one car; the abuser is one operator to thousands — and every IP they ever show you is disposable. Fleet-data resale is not hypothetical: two data brokers reached billions of harvested vehicle-data points before both collapsed in 2024, class-action litigation behind them.
Strip the incident down and it isn't a hundred bugs. It's two.
Every step in that chain leans on exactly two structural gaps that every connected-vehicle program shares. Close both and the attack has nowhere left to stand.
Rate-limit an IP and they spin up a fresh one. The egress is disposable; the last IP was never the attacker. So you block noise while the operator keeps working.
The answer — the graph. A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — fingerprints the operator, not the IP. Two levers, kept honestly separate: for cloud rotation the graph clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy; for a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a JA4/JA3 client fingerprint travels with the tooling regardless of the exit and collapses the swarm to one operator. Every answer returns a reproducible evidence chain your VSOC, your auditors and a regulator can replay.
The verbs your analysts run — or your agent runs for them: identify(ip) (who really operates a host, even behind a CDN) · origins(prefix) + walk(node,depth) (cluster rotating IPs into one genealogy) · history / watch (a timeline and a standing sentinel) · arbitrary read-only Cypher (express "one source touching N distinct vehicle-identities in a window" as a query, not a ticket).
"When they rotate residential proxies and fresh cloud IPs, can you actually attribute them — or just rate-limit an IP and move on?"
Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on.
A stolen session or a leaked dealer-portal key is a valid credential. Behaviorally it's a customer. Nothing at the perimeter separates it, because the credential is a bearer secret — whoever holds it can present it.
The answer — identity. Bind the session to the car's own forge-proof /128 — an address derived from the key already sitting in the vehicle's secure element, one the car can prove and no aggregator can. A stolen token without the car's leaf key simply fails.
"A leaked API key or a valid dealer-portal session looks legitimate — how do you catch abuse that passes auth?"
You bind authority to the car, not the bearer. State-changing fleet commands terminate mutually-authenticated to the target car's /128 — the car co-signs — so a dealer or owner session can't reach a VIN it can't cryptographically address. A request that passes auth but can't prove the identity never had authority in the first place.
Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.
Give every car an identity it can prove — and no one can forge.
Stop treating fleet abuse as a detection problem and make it an identity problem — strictly stronger. Whisper has one primitive: the address is the identity.
A routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with dig. whisper verify --trustless checks it against the IANA root; our own API is not in the trust path.
Point it at devices. Derive each vehicle's — or each ECU's — /128 from the hardware key it already holds: the secure element, the TPM, the IEEE 802.1AR IDevID, with the VIN or ECU serial as the domain separator. The private key never leaves the secure element; the address is a one-way function of its public half and the VIN. The backend then authorizes on the car's pinned identity, not a stealable token.
"1 IP → thousands of cars" becomes physically impossible
You cannot present thousands of car-identities whose keys you don't hold. Every forgery is a DNSSEC/DANE inconsistency any verifier catches.
IP rotation becomes irrelevant
Identity is not the source IP. The "last IP" was never the credential — so rotating it, across clouds or residential proxies, changes nothing.
Stolen sessions fail
The aggregator's server doesn't hold the car's per-/128 leaf key. A valid-looking token with no key behind it authenticates to nothing.
One revoke kills a compromised car worldwide
At DNS-TTL speed: dig -x returns nothing; verify returns false. No fleet-wide password reset, no CRL you hope every car fetched.
revoke. An ECU swap or dealer module replacement re-keys to a new /128 and revokes the old one; a legitimate resale or decommission is one revoke and a re-register to the new owner. Compromise one ECU and you've compromised that ECU, not the fleet — the DigiNotar failure mode is structurally removed.Maps to UN R155 (CSMS), R156 (SUMS), ISO/SAE 21434, the EU Data Act (in force since 12 Sep 2025 — verifiable per-party identity is how you draw the authorized-user-vs-unauthorized-aggregator line) and GDPR. Know, attribute and revoke every component — delivered as a network primitive, not a compliance binder.
The same primitive governs the AI agents your fleet is about to run.
Security leaders tell us that knowing where their AI agents go, who talks to what, and which external agents talk to theirs is "extremely hard." Today the answer is to close every door, open three, contract with the giants, and trust them. Whisper does it with identity instead of trust.
Which agent did this is the source address
Every agent egresses from its own routable /128 — attribution, not a guess.
Every query and connection is logged per-agent
Queryable live via op:logs — a per-agent record, not a shared firehose.
Policy on every query
A graph-first resolver and bound egress enforce category, geography, ownership and routing — default deny, allow or block by name or subdomain. The three doors, except the doors are policy-defined and revocable, not hard-wired trust in a giant.
Inbound agents are verifiable
FCrDNS, RDAP, whisper verify — "trust the bearer token / the description field" becomes a checkable fact. Per-agent budgets, a kill-switch, one revoke.
The SDV, connected-vehicle-API, MCP and LLM surface the incumbents are only now reaching for — governed by the same address-is-identity primitive, from day one.
Don't take our word for it — our API isn't in the trust path.
Two tiers, by design. No key: anyone can verify a car's identity, resolve it, and back-trace a suspicious host — trustless, anchored at the IANA root. Your key: register a vehicle, govern its agents, revoke it worldwide.
# keyless — re-derive and verify any car's identity, trustless
$ whisper verify --trustless 2a04:2a01:1c0::c0de
✓ DNSSEC chain valid to the IANA root
✓ DANE-EE (TLSA) leaf matches the identity's key
✓ RDAP: registered under AS219419 · 2a04:2a01::/32
identity: VERIFIED — and our own API was never trusted
# the address is the car — reverse DNS names it
$ dig -x 2a04:2a01:1c0::c0de +short
vin-wvwzzz1kz.fleet.example-oem.whisper.online.
# who really operates a suspicious host — the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
-H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
operator: <fingerprinted> · seen across AWS / GCP / Azure
residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
# give a car a name it can prove, and govern its agents
$ export WHISPER_API_KEY=whisper_live_xxx
$ whisper register --vin WVW… --from-idevid
→ identity 2a04:2a01:1c0::c0de DNSSEC + DANE live
$ whisper policy set --default deny --allow api.oem.com,ota.oem.com
$ whisper revoke 2a04:2a01:1c0::c0de # worldwide, at DNS-TTL
Your VSOC sees that an API is abused. Whisper tells you who — and follows them when the IP rotates.
The best behavioral VSOC on the market — Upstream — detects abuse at the app layer, inside your own cloud, and its digital twin is good at it. That's necessary, and it's where the picture stops. Whisper adds the two layers no one else owns: an internet-infrastructure attribution graph that fingerprints the adversary across rotating clouds and residential proxies, and a device/agent identity plane that tells a legitimate car from an impostor after auth. Exactly the two gaps the fleet-API attacks exploit.
| Upstream | Whisper | |
|---|---|---|
| Detect API abuse in your cloud (BOLA, business-logic) | ✓ | additive feed |
| Attribute the operator across rotating clouds / residential proxies | — | ✓ |
| Forge-proof per-car / per-agent identity after auth | — | ✓ |
It's depth on top of the stack you already run — it rides on the same X.509 device-cert mTLS your connected-vehicle cloud already speaks and maps straight to your UN R155 and ISO/SAE 21434 evidence, landing as a machine-readable feed into your SIEM — the Splunk and Microsoft Sentinel connectors ship today — enrichment that makes Recorded Future, Mandiant and Sentinel sharper. It doesn't replace them, and it doesn't add a console your analysts babysit.
Additive to your stack. Mapped to your standards. Priced so you can say yes.
Feeds your SIEM, not another console
The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields, with STIX 2.1 over TAXII export on the roadmap; a sample Sentinel analytics rule and a Splunk CIM mapping ship in the docs. The evidence chain is signed, replayable JSON you can hand a regulator.
Speaks your compliance language
Maps to UN R155 / R156 and ISO/SAE 21434 evidence, and to the Auto-ISAC Automotive Threat Matrix — findings tagged to ATM tactics and techniques, with the ATM's machine-readable JSON export on the roadmap for sharing straight to Auto-ISAC and your peers. Usable in TARA and type approval, not just a dashboard.
In your auth path — and safe there
It rides on top of the X.509 device-cert mTLS your connected-vehicle cloud already runs — AWS IoT Core, Azure Event-Grid MQTT, Google Cloud — anchoring that same identity in public DNSSEC/DANE rather than replacing your vendor's mTLS. If your backend authorizes against the DANE/verify path, that plane is built to fail open: a Whisper outage never bricks a car — checks degrade to your existing anchors and connectivity is preserved. Anycast on AS219419, no single node in the path, published availability posture.
Flat, predictable pricing
Per-VIN/year and flat — not per-transaction, not usage-metered. Against 40-billion-API-call-a-month economics that's a line item you can forecast, not a metered cloud bill you can't. Clear ROI: analyst-hours saved correlating disposable IPs, warranty and recall exposure reduced, one revoke instead of a fleet-wide reset. See pricing →
On-prem or your own tenant
Data residency and GDPR by construction — the graph and the per-agent logs stay where your regulator needs them.
A vendor that will still be here
Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Auto-security startups fail — one raised ~$60M and folded; we built infrastructure to outlast that question. POC → pilot → enterprise, keyless to start.
Give every car an identity it can prove.
The address is the car — routable, DNSSEC-anchored, revocable worldwide in one call. Keyless to try, one call to provision, one more to revoke.
Or run whisper verify --trustless right now.