AVA  /  How we check

How we check an entity

Every AVA verdict is the output of a multi-stage pipeline. This page names the stages we run and the signal categories we consider. It does not name vendors, publish thresholds, or disclose weights, for reasons we spell out below.

The pipeline

Stage 1
Ingest
An entity arrives through one of our surfaces (web, Telegram, Discord, Slack, WhatsApp, API). We canonicalise it so the same entity checked through different surfaces produces the same record.
Stage 2
Enrich
Independent collectors gather data from several categories in parallel. If one collector fails the pipeline continues; absence of data is never treated as evidence of safety.
Stage 3
Analyse
The AVA Intelligence Engine reads the structured signals, writes a narrative explaining the verdict, and assigns a classification.
Stage 4
Score
A deterministic rules layer produces a trust score between 0 and 100 (higher is safer) and a band: trusted, caution, or untrusted. When layers disagree, the conservative view wins.
Stage 5
Publish
Score, band, narrative, contributing categories, and an audit record are persisted and returned. Every check is contestable.

The signal categories

These are the buckets we surface on the "Why this score" panel of every verdict page. We tell you which categories contributed and with what qualitative weight (major, moderate, minor). The specific collectors inside each category, and the signals they look at, stay internal.

Infrastructure
Threat intelligence
Social
Blockchain
Community reports
Relationship graph

What we deliberately don't publish

No weights. We don't tell you how many points a signal is worth. A public weight is a rubric for bad actors to optimise against.
No thresholds. We don't publish cut-offs. An adversary with our cut-off can delay a campaign by one day to evade detection.
No vendor names. Categories appear on verdict pages. The specific collectors inside them do not.
No confidence values. Per-signal confidence stays internal. The customer-visible confidence is the aggregated verdict-level value.
No category internals. We don't describe the specific signals inside a category, or how we combine entities that relate to each other. Publishing those details turns the verdict into a checklist an attacker can game.

The reasoning is the same in every case: what we publish is what a customer needs to decide whether to trust an entity. What we withhold is what an attacker would need to evade the system.

If you think we're wrong

Every verdict is contestable. The notice-and-takedown procedure describes how to submit, what we review, and the timelines we commit to. If we got it wrong, the verdict page is replaced. If we think we got it right, we tell you why at the category level.

Related reading

Back to AVA · Blog · Takedown