Active Defense · Doctrine
Adversary engagement for the agentic era.
Most platforms try to block every bot. STEADYWRK is built to be called by agents — so our threat model is different: welcome the verified, good-faith ones; engage the bad-faith automation. The doctrine is public. The mechanisms are not. The line between them is the point.
Why an agent-callable platform thinks differently.
A conventional site can treat all automated traffic as suspect and simply block it. STEADYWRK cannot — and would not want to. It publishes a machine-readable interface (a developer API and MCP endpoint) precisely so that AI agents and answer engines can read it, quote it, and call it. Good-faith automation is part of the audience, not the threat.
That makes the security question sharper, not softer. The job is no longer human vs. bot. It is good faith vs. bad faith — separating the verified crawler and the honest agent from the unverified automation that ignores the rules, spoofs its identity, and probes for a way in. For the first group, the answer is hospitality. For the second, denial is the floor — and, where it earns its place, engagement.
Aligned to MITRE Engage
Five goals. Doctrine only.
We map our posture to MITRE Engage, the open adversary-engagement framework — Prepare, Expose, Affect, Elicit, Understand. What follows is what each goal means for STEADYWRK. The activities and mechanisms that implement them are deliberately undisclosed.
- 01
Prepare
Engagement is a deliberate, narrow posture — not a default. The overwhelming majority of the platform is plain, honest, blocking-only defense. We decide in advance, and revisit often, where active defense earns its place and where it does not belong at all.
- 02
Expose
The first aim of engagement is simply to see — to gain visibility into bad-faith automation that standard controls would miss or wave through. You cannot reason about an adversary you never observe.
- 03
Affect
Where engagement is warranted, the goal is friction: waste a bad-faith actor’s time and budget, and steer them away from anything real. Defense by attrition, not only by denial.
- 04
Elicit
Engagement turns an attack into intelligence — which techniques, which targets, which patterns — that feeds directly back into monitoring and hardening. An attempted abuse becomes a free lesson.
- 05
Understand
Every output of an engagement returns to the threat model and to the posture you are reading now. The loop closes in public: doctrine in, doctrine out — mechanisms stay private.
The limits we hold ourselves to
The ethics fence.
Active defense without limits is just hostility. These four rules bound everything above — they are the reason a verified agent or an honest researcher has nothing to fear from this posture, and they do not move.
Verified good-faith actors always get the truth
Verified search crawlers, identified answer-engine bots, good-faith agents, and every human visitor receive identical, truthful content. Engagement is never aimed at them — by policy, not by courtesy.
Engagement is reserved for bad-faith automation
Only unverified automation acting in bad faith — ignoring our published access rules, spoofing identity, or probing for weaknesses — ever meets an engagement posture. Honest, identifiable traffic never does.
No fabricated facts — to anyone
Our public claims are backed by canonical, audited metrics. We do not invent reviews, numbers, or credentials, and nothing we serve presents false data as truth to a good-faith reader. Active defense is friction, never fiction-as-fact.
We do not poison the ecosystem we belong to
STEADYWRK is itself agent-callable — a public MCP endpoint and an A2A agent card. We will not feed misleading data into the open agent ecosystem or target third-party agents. Active defense stops at our own perimeter.
What we keep dark, and why.
The signals that distinguish good faith from bad, the thresholds that govern a response, and everything that happens after — these are deliberately undisclosed. That opacity is not evasion; it is the doctrine. A defense you can enumerate is a defense you can evade. So we publish the philosophy and the ethics, and we keep the implementation private — the same stance you will find stated plainly on the Security page. You can verify the posture from the outside; you cannot map the machinery. Both of those are on purpose.
Questions, answered straight.
Does STEADYWRK block AI agents and crawlers?
No. The platform is built to be called by agents — a live MCP endpoint and a published A2A agent card. Verified, good-faith agents and crawlers are welcomed and receive truthful content. Blocking is reserved for abuse, not automation as such.
Will your site ever serve false or misleading data to my agent?
Never to a verified, good-faith agent or to a human. That is a published rule — the first line of the ethics fence on this page — not a best-effort promise. If your agent identifies honestly and respects our access rules, it sees exactly what a human sees.
Do you use deception or active defense?
We align our posture to MITRE Engage, the public adversary-engagement framework. We publish the doctrine and the ethics that bound it. The specific signals and mechanisms stay private by policy — a defense you can enumerate is a defense you can evade.
How do I make sure my crawler is treated as good-faith?
Identify honestly, respect the published robots rules and rate limits, and do not probe for weaknesses. Good-faith automation is never the target of engagement. Our researcher contact and policy are in security.txt.
Is this just marketing?
No. The doctrine reflects how defense-in-depth actually runs for an AI ops platform handling real field operations. The controls behind it are summarized on the Security page; the mechanisms are deliberately undisclosed. What is published here is the philosophy and the limits we hold ourselves to.