Carpe Cyber

Carpe Cyber

Technical Documentation

Product
Specifications

Everything you need to know about Carpe Cyber's cyber risk assessment platform — from data signals to scoring methodology to integration architecture.

Explore Signals Scoring Methodology
Platform Overview

Cyber Risk Intelligence, Instant

Carpe Cyber is a real-time cyber risk assessment platform built for insurance underwriters. Powered by Carpe Data's Minerva identity resolution engine, it scans any US business in under 30 seconds — analyzing SSL certificates, email authentication, breach history, technology stack, and more to produce an underwriter-ready risk score.

<30s
Scan Time

Full risk assessment in seconds, not days

27+
Risk Signals

Comprehensive signal coverage across 8 categories

Real-Time
Data Freshness

Live checks — DNS, SSL, HIBP queried on every scan

Data Signals & Sources

27+ Signals, 8 Categories

Every scan checks a comprehensive set of externally observable signals — no agents, no questionnaires, no access required.

SSL/TLS

Certificate Validity

What we check: Issuer, expiry, chain, grade
Source: Real-time TLS handshake
Underwriting Impact: Expired certs = poor security hygiene
SSL/TLS

Protocol Version

What we check: TLS 1.2/1.3 support
Source: Real-time TLS handshake
Underwriting Impact: Outdated protocols = vulnerability
SSL/TLS

HTTPS Enforcement

What we check: HTTP→HTTPS redirect
Source: Real-time HTTP check
Underwriting Impact: No enforcement = data interception risk
DNS

DNSSEC

What we check: Authenticated DNS resolution
Source: Google DNS API (AD flag)
Underwriting Impact: Prevents domain hijacking/phishing
DNS

MX Records

What we check: Mail server configuration
Source: Google DNS API
Underwriting Impact: Reveals email infrastructure quality
DNS

Open Resolvers

What we check: Exposed DNS services
Source: Google DNS API
Underwriting Impact: Attack amplification vector
Email

SPF

What we check: Sender Policy Framework
Source: TXT record lookup
Underwriting Impact: Prevents email spoofing
Email

DKIM

What we check: DomainKeys Identified Mail
Source: Selector-based lookup (6 selectors)
Underwriting Impact: Email authenticity verification
Email

DMARC

What we check: Domain-based Message Authentication
Source: _dmarc TXT record
Underwriting Impact: #1 defense against BEC — top cyber claims driver
Email

DMARC Policy

What we check: none/quarantine/reject enforcement
Source: _dmarc TXT record
Underwriting Impact: Policy strength indicates security maturity
Breach

Historical Breaches

What we check: Known data breaches
Source: Have I Been Pwned API v3
Underwriting Impact: Prior breaches = elevated future risk
Breach

Credential Exposure

What we check: Passwords in breach data
Source: HIBP breach analysis
Underwriting Impact: Active credential risk
Breach

Paste Exposure

What we check: Credentials in public pastes
Source: HIBP Paste API
Underwriting Impact: Ongoing exposure indicator
Breach

Dark Web Mentions

What we check: Sensitive breach involvement
Source: HIBP breach classification
Underwriting Impact: Targeted threat indicator
Breach

Breach Classification

What we check: Direct vs third-party vs compilation
Source: Carpe proprietary classification
Underwriting Impact: Accuracy of risk attribution
Tech Stack

CMS Detection

What we check: Content management system
Source: AI-powered analysis
Underwriting Impact: Known CMS vulnerabilities
Tech Stack

WAF Presence

What we check: Web Application Firewall
Source: DNS/header analysis
Underwriting Impact: Active attack mitigation
Tech Stack

CDN Usage

What we check: Content Delivery Network
Source: DNS A-record analysis
Underwriting Impact: DDoS protection indicator
Tech Stack

Outdated Software

What we check: Known vulnerable versions
Source: AI-powered analysis
Underwriting Impact: Exploitable vulnerabilities
Identity

Minerva Match

What we check: Business entity resolution
Source: Carpe Data Minerva API
Underwriting Impact: Carrier-grade identity verification
Identity

NAICS Classification

What we check: Industry categorization
Source: Minerva business data
Underwriting Impact: Industry-specific risk profiling
Identity

Employee Count

What we check: Organization size
Source: Minerva business data
Underwriting Impact: Attack surface sizing
Identity

Business Age

What we check: Years in operation
Source: Domain age + Minerva
Underwriting Impact: Stability/maturity indicator
Digital Hygiene

Web Presence Score

What we check: Overall digital footprint
Source: Composite analysis
Underwriting Impact: Digital maturity indicator
Digital Hygiene

Social Media Exposure

What we check: Public social presence
Source: AI analysis
Underwriting Impact: Social engineering attack surface
Digital Hygiene

Attack Surface Size

What we check: Total external exposure
Source: Employee count + tech stack
Underwriting Impact: Overall vulnerability scope
Compliance

Framework Detection

What we check: HIPAA, PCI DSS, SOC 2, etc.
Source: Industry + NAICS mapping
Underwriting Impact: Regulatory exposure assessment

Showing 27 of 27 signals

Risk Scoring

Scoring Methodology

Our composite risk score ranges from 0–100, calculated from weighted signal categories and calibrated against real-world underwriting outcomes.

80–100
Low Risk

Strong security posture across all categories

60–79
Moderate Risk

Some gaps present, generally acceptable

40–59
Elevated Risk

Significant concerns requiring review

0–39
High Risk

Major vulnerabilities identified

Scoring Weight Distribution

25%
20%
15%
10%
10%
8%
Breach History 25%
Email Security 20%
SSL/TLS 15%
HTTPS Enforcement 10%
Infrastructure 10%
Domain Maturity 8%
Credential Hygiene 7%
Size Adjustment 5%

Score Calibration Examples

Large Tech Company
85–95

Modern stack, active security team, DMARC enforced

Mid-Size Retailer
60–80

Basic SSL, some email auth, possible legacy systems

Small Biz (No Website)
30–50

Minimal digital presence, limited observable signals

Recommendations

Underwriter Recommendations

Every scan produces an actionable recommendation aligned with standard underwriting workflows.

ACCEPT
High Confidence
Score 75+-5% premium adjustment
Triggers: Strong email auth, valid SSL, no breaches, modern infrastructure
Suggested Actions: Standard bind, no additional requirements
FLAG FOR REVIEW
Medium Confidence
Score 35–74+15–35% premium adjustment
Triggers: Missing DMARC, outdated TLS, minor breach history, weak infrastructure
Suggested Actions: Request supplemental application, verify security improvements, conditional bind
DECLINE
High Confidence
Score <35+60% premium adjustment
Triggers: Major breaches, expired SSL, no email auth, active credential exposure
Suggested Actions: Decline or refer to specialty market, require remediation plan
Output

Report Formats

Every assessment produces multiple output formats, designed for different stages of the underwriting workflow.

Live

Interactive Web Report

Full drill-down with tooltips, glossary, and signal-level detail. Responsive across all devices.

Live

PDF Export

Print-ready report with Carpe branding, optimized for attachment to policy files.

Live

Shareable Links

Permanent URLs for any report — share with colleagues or attach to submissions.

Coming Soon

API Response

Structured JSON output for direct integration into carrier rating and policy admin systems.

Coverage

Compliance & Industry Coverage

Automatic detection of applicable compliance frameworks based on industry classification and business profile.

Supported Compliance Frameworks

HIPAA
PCI DSS
SOC 2
SOX
GDPR
CCPA
NIST CSF
ISO 27001
FERPA
COPPA
GLBA
HITECH

Industry Verticals

Healthcare
Finance & Banking
Retail & E-commerce
Technology
Hospitality
Professional Services
Education
Manufacturing
Real Estate
Legal
Non-Profit
Government
Architecture

Integration Architecture

A streamlined pipeline from business search to underwriter-ready report — no carrier IT integration required.

Business Search
Google Places
Minerva Identity
Entity Resolution
Parallel Scans
DNS · SSL · HIBP · AI
Risk Engine
Weighted Scoring
Report
Web · PDF · Share

Standalone or Add-On

Deploy as a standalone product or as a Minerva add-on module — flexible for any carrier workflow.

API-First Architecture

Every capability accessible via API. Build custom integrations or use our web interface.

Zero IT Overhead

No carrier IT integration required for initial deployment. SaaS-delivered, instant access.

Technical Details

Technical Specifications

The nuts and bolts of the platform.

SpecificationDetail
Scan Time<30 seconds typical
Data FreshnessReal-time (DNS, SSL, HIBP checked live)
Identity ResolutionMinerva API with Google Places autocomplete
AI EngineGPT-powered threat assessment and tech detection
Breach DatabaseHIBP v3 (14B+ breached records)
DKIM Selectors6 common selectors checked in parallel
Supported EntitiesAny US business with a web presence
Score Range0–100 composite
Report PersistencePermanent shareable URLs (Supabase)
ExportPDF, Print, Share Link
StackNext.js 15, TypeScript, Tailwind CSS 4, Vercel
Uptime99.9% (Vercel edge network)

See It in Action

Run a real-time cyber risk assessment on any US business — in under 30 seconds.

Run a Scan
Carpe Cybercarpecyber.com