One verdict, four layers
Recruiter context, static patterns, live sandbox detonation, and attack-chain correlation converge on a single risk band — every claim cited to a file, a line, or a trace event.
Fake recruiters target your developers with coding-test repositories that quietly steal SSH keys, wallets, and tokens the moment they run. RTIdx screens the offer — and the repo it arrived with — on our infrastructure, then returns a clear, evidence-backed verdict. Nothing ever runs on your machines.
Security researchers call it contagious interview. An unsolicited DM, a dream role, an “AI + Web3” repo you’re asked to run before the call — and a postinstall hook that exfiltrates SSH keys, wallets, and cookies before anyone suspects a thing.
One developer runs it once and the damage is done. At team scale — every offer your people field, every take-home repo — checking by eye doesn’t hold up.
Paste the recruiter thread or drop a repository URL. Nothing runs on your machine — we take it from there.
One engine, several ways in — from a single suspicious repo to every offer your team screens.
Recruiter context, static patterns, live sandbox detonation, and attack-chain correlation converge on a single risk band — every claim cited to a file, a line, or a trace event.
Private cases kept off the public ledger, higher quotas, and priority human review for the moments automation needs a second look.
CLI, API, and MCP hooks drop verdicts straight into your CI, ATS, or agent tooling — the same engine, wherever your team already works.
Independent research, public evidence, and a hard line on where code is allowed to run.
Our rule set and false-positive baselines come out of joint work with Stony Brook University’s Ethos Security & Privacy Lab. RTIdx is a defdone venture, built and run in-house.
Meet the research →Every verdict is public and points back to the evidence — no black box. Browse real assessments before you send us anything.
Browse the public ledger →Repos are inspected and detonated on our infrastructure — never on your developers’ devices or in your CI.
Tell us how many offers your people field and how you hire — we’ll map RTIdx to your workflow and set up a pilot on your own cases.