Stay safe in your job search

RTIdx is community-powered threat intelligence for the recruiter inbox. Paste a suspicious offer or coding-test repository — we return an evidence-backed risk verdict before you ever run the code.

Report Suspicious Job Offer →Browse cases

No account needed to browse public cases

In partnership with

Ethos Security & Privacy Lab

Software & Venture Builder

A sample assessment

What the engine returns.

Every submission produces a transparent log: which rules fired, what the AI matcher caught, and how the score was built — line by line, file by file.

This output is the same evidence we ship to the public case page. No black box, no “trust us” — if we can’t cite the rule, we don’t claim the signal.

From case 4d3c78ff · 15/05/2026

RTIdx scan · case 4d3c78ff

13:28:46submitLinkedIn DM · 1 repo · 4 contacts

13:29:06extractpersona, company, channel — anonymized

13:29:14clonegithub.com/[redacted] · repo 4 days old

13:29:22+rulerunnable_repo · +25

13:29:22+rulefresh_repo · +15

13:29:23+rulerun_code_pressure · +20

13:29:48+matchpostinstall → curl|sh · scripts/install.sh:4

13:29:49+matchchild_process import · setup.js:8

13:29:51+match~/.ssh + wallet read · setup.js:22

13:29:52…13 more critical matches

Verdict

Critical risk signals

120

60% confidence

The threat

The attack is a job offer. The payload runs on your laptop.

Security researchers call it contagious interview. It targets software developers and has stolen browser cookies, SSH keys, crypto wallets, and environment variables from thousands of victims who never knew they had been hit.

Redacted LinkedIn recruiter message offering a senior blockchain role

Redacted LinkedIn recruiter message about a Web3 project manager role

Redacted LinkedIn recruiter conversation about a DeFi real-estate platform

Redacted LinkedIn recruiter conversation about a Web3 fantasy platform

How RTIdx works

Three steps from a suspicious message to a shareable verdict.

Automation handles intake, cloning, and rule-based scoring. Analysts step in for edge cases and appeals. Every claim cites evidence.

Paste the conversation

Extract the actors, not the inbox.

Drop the recruiter thread into the form. We auto-extract names, companies, repo URLs, contact channels, and the soft red flags buried in the language — in 8 languages, including PL, DE, ES, and PT.

extractspersona, company, repo_url, platform

languagesen · pl · de · fr · es · nl · pt · it

privacyanonymized before storage

Automated analysis

60+ rules. The repo never touches your machine.

A sandboxed worker clones the repository and runs static checks for install hooks, obfuscated code, exfiltration patterns, C2 beacons, and anti-sandbox evasion. Rule scores combine with interaction signals into one transparent risk number.

detections60+ static rules · 8 categories

scoringtransparent · rule-attributed

runtimeisolated worker · no execution

Drop the recruiter thread into the form. We auto-extract names, companies, repo URLs, contact channels, and the soft red flags buried in the language — in 8 languages, including PL, DE, ES, and PT.

extractspersona, company, repo_url, platform

languagesen · pl · de · fr · es · nl · pt · it

privacyanonymized before storage

detections60+ static rules · 8 categories

scoringtransparent · rule-attributed

runtimeisolated worker · no execution

The result is a public case page: risk band, score breakdown, plain-language AI summary grounded in the cited rules, and a clear appeal path. Pseudonymous aliases protect everyone — named entities can dispute through analyst review.

outputpublic, evidence-backed case URL

summaryAI · cites the rules it used

appealanalyst review · 7-day SLA

Methodology

Every signal traces back to a named rule with a fixed weight, grouped by the attacker behaviour it detects. Scoring is deterministic and reproducible, and the complete rule set ships openly with the research - so any verdict can be audited line by line.

Static rules

Rule families

Languages supported

04m 12s

Median turnaround

Public ledger

Recent assessments.

02/06/2026

Elevated

Research partner

Built with the team measuring this at scale.

RTIdx is a product, not a paper. But its rule set, language classifiers, and persona-clustering methodology come out of joint work with Stony Brook University’s Ethos Security & Privacy Lab. That collaboration has a paper of its own, currently under review.

The engine also inherits the lab’s earlier, independent work — Anansi, which defines the indicator taxonomy and false-positive baselines we build on. We share back what we learn: the rule set, false-positive analyses, and an anonymized research-grade dataset for academic peers. The platform stays defdone’s; the research stays open.

Ethos Lab publication · Feb 2026

Anansi: scalable characterization of message-based job scams.

Abisheka Pitumpe, Amir Rahmati · Stony Brook University

A scalable pipeline for characterizing recruitment-based fraud campaigns at the message level. Defines the indicator taxonomy and false-positive baselines RTIdx’s rule engine inherits.

PDF →arXiv →ResearchGate →

The researchers

Amir Rahmati

Assistant Professor · Director, Ethos Lab

Amir Rahmati is an Assistant Professor of Computer Science at Stony Brook University and a CISSP-certified security researcher. He earned his Ph.D. from the University of Michigan in 2017 and studies emerging security and privacy threats in computer systems, with an emphasis on practical, deployable defenses. His work has been cited thousands of times — supported by the Air Force Office of Scientific Research, the Office of Naval Research, Samsung, Meta, NVIDIA, and IBM, and featured in MIT Technology Review, the Washington Post, and Bloomberg. He is a Senior Member of IEEE and the National Academy of Inventors.

Abisheka Pitumpe

Ph.D. Candidate · Ethos Lab

“I’m a Ph.D. candidate in Computer Science at Stony Brook University, working in the Ethos Lab under Prof. Amir Rahmati. My research develops methodologies to detect and protect against internet scams, such as pig-butchering schemes. I design automated pipelines that leverage large language models — Mistral, Llama 3, and GPT-4o — to improve scam-classification accuracy, alongside Selenium crawlers that automate scam detection at scale.”

The studio behind RTIdx

The team behind the platform.

defdone is a venture studio — we back promising teams with our own capital and build alongside them. RTIdx is one of ours: incubated in-house and run end-to-end, from engineering and intake to analyst review. The research it stands on comes from our partners at Stony Brook’s Ethos Lab.

A defdone venture

The most interesting companies of tomorrow won’t follow familiar playbooks.

They’ll be built by outsiders, generalists, and operators solving real-world problems in new ways. We invest at the very beginning— before the market fully exists, before the traction, when the only thing that’s obvious is the ambition of the team.

We’re especially drawn to ideas that challenge the status quo in overlooked industries:

LogisticsHealthEnergyPublic infrastructureServices

Portfolio№ 001

One of those ideas — spotted early,
funded by defdone, and incubated in-house. From first rule to public launch, built by the team below.

StageIncubation → launch

Backingdefdone capital

SectorTrust & Safety

defdoneProduct & engineering

Piotr Dziubecki

Head of Product

Read bio

Leads product strategy for RTIdx — technology that helps prevent fraud in the interview process. Deep experience across product leadership, enterprise platforms, AI-native systems, blockchain infrastructure, and distributed technology, focused on turning complex trust problems into practical products people can actually use.

Jan Podleski

Product Engineer

Read bio

Product engineer who owns RTIdx end-to-end — from case intake through automated analysis to verdict delivery. Full-stack development spanning Web3 integrations, decentralized storage, agentic layers, and AI-powered tools; CS graduate, Poznan University of Technology.

Devendran Muthukumaramani

Blockchain Technical Product Manager

Read bio

Blockchain technical product manager with 20+ years across enterprise technology and financial services (IBM, Cognizant, Standard Chartered), including 3+ years at Casper Association leading DeFi, NFT, and developer tooling. Contributes across RTIdx product direction, testing, and release — firsthand experience as a target of the recruitment scams RTIdx detects shapes platform design and threat intelligence.

If something feels off, check it
before you run it.

Paste the conversation, the profile, and the repo link. You’ll get a verdict within minutes for clear-cut cases, or a queued analyst review for the edge cases. Free, public, no account required.

Open the report form →

Security researchers & analysts

Open for collaboration.

Building this in public. If you study supply-chain attacks, recruitment fraud, or LLM-assisted detection — or you want access to the dataset export — we’d like to talk.

Get in touch

Stay safe in your job search

What the engine returns.

The attack is a job offer. The payload runs on your laptop.

Three steps from a suspicious message to a shareable verdict.

Extract the actors, not the inbox.

Recent assessments.

Suspicious recruiter contact via LinkedIn.

PancakeSwap opportunity offered via LinkedIn recruiter.

AI + Web3 product repo with known malicious patterns.

Built with the team measuring this at scale.

Anansi: scalable characterization of message-based job scams.

Amir Rahmati

Abisheka Pitumpe

The team behind the platform.

The most interesting companies of tomorrow won’t follow familiar playbooks.

Piotr Dziubecki

Jan Podleski

Devendran Muthukumaramani

If something feels off, check itbefore you run it.

Open for collaboration.

If something feels off, check it
before you run it.