Active Development · Proprietary

Annabeth AI-Powered Investigation Platform

Blue hat intelligence. Ethical by architecture.

Annabeth is a proprietary AI investigation platform that turns natural language commands into structured intelligence operations. Built for private investigators, red teams, and compliance professionals — it orchestrates automated reconnaissance, relationship mapping, evidence chain-of-custody, and adversarial campaign management through an agentic AI core with tiered operator controls.

Discuss the Platform Get in Touch
Operation Recon Graph SE Evidence
08:05:12 recon MX mx1.target.com (email gateway identified) CONFIRMED
08:05:13 recon SPF soft-fail policy detected HIGH
08:05:13 recon DMARC p=none — monitoring only, no enforcement CRITICAL
08:05:14 recon DKIM 2048-bit key present CONFIRMED
ANNABETH (Analyst):
BLUF: Email infrastructure vulnerable to domain spoofing.
DMARC monitoring mode — no enforcement active.
Soft-fail + no enforcement = spoofed emails deliver.
Evidence captured → EV-0047-004 (verified, timestamped)
08:12:34 breach EXPOSURE j.martinez@ — 2 prior breach events CRITICAL
08:12:41 breach EXPOSURE d.kim@ — plaintext credential exposure CRITICAL
08:12:47 breach EXPOSURE r.torres@ — recent credential event HIGH
YOU: Deploy SE-001 at 10:15. Set a timer.
ANNABETH: SE-001 staged. Awaiting approval gate. Deploying at 10:15 EDT.
10:23:14 ⚡ SE-001: r.torres@ OPENED email
10:23:25 ⚡ SE-001: r.torres@ CLICKED link
10:24:06 🔴 SE-001: r.torres@ SUBMITTED CREDENTIALS
Time-to-credential: 52 seconds from open
12cmds
Operator inputs per session
~140
Autonomous actions executed
4hrs
Replaces 3–4 days manual work
72
Findings per engagement
01

Capabilities

⦿
Agentic AI Core
Annabeth runs on a purpose-built agentic AI layer with three adaptive operating modes — Analyst, Red Team, and Report. It switches context based on what the engagement requires, executing routine intelligence tasks hands-free while surfacing sensitive actions to the operator for approval.
Relationship Intelligence Graph
Every entity discovered — people, domains, infrastructure, exposure events — is automatically mapped into a living relationship graph. Cluster analysis identifies organizational structures, executive groups, and vendor chains. Bridge nodes reveal the highest-leverage attack paths before a human analyst would spot them.
Automated Reconnaissance
Multi-source intelligence collection runs in parallel: infrastructure analysis, credential exposure correlation, executive and personnel profiling, vendor chain discovery, and open-source enumeration — all fed into the entity graph in real time and streamed live to the operator console.
Social Engineering Campaign Management
Design, stage, deploy, and monitor adversarial campaigns with per-recipient behavioral tracking — opens, clicks, credential submissions, and time-to-action metrics. Every event is automatically captured as evidence. Operator approval gates are enforced before any campaign deployment.
Legally Defensible Evidence
Every finding is automatically preserved with cryptographic integrity verification, sequential custody events, and immutable storage. Evidence artifacts are traceable back to the raw source, timestamped, and cross-referenced against the operation timeline — built to withstand scrutiny in legal and compliance contexts.
Living Case File
Every entity, finding, and analysis automatically populates a structured case file with full cross-linking. Click any person node and see their role, exposure history, graph connections, and every piece of collected evidence — organized and interlinked without manual documentation.
02

How It Works

01
Operator Issues a Command
Natural language. No syntax, no scripts. "Run recon on this domain." "Who are the financial approvers?" "Design a campaign targeting the AP team." Annabeth interprets intent and builds the execution plan.
02
Automated Intelligence Collection
Annabeth executes dozens of intelligence-gathering actions in parallel — infrastructure analysis, exposure correlation, personnel profiling, and more — streaming findings live as they surface. The operator watches it work.
03
Graph-Driven Analysis
Findings don't sit in a spreadsheet. They flow into a live relationship graph that connects people, systems, and vulnerabilities. AI analysis identifies the patterns and attack paths a human analyst would need hours to find manually.
04
Documented, Defensible Output
Every finding is preserved with cryptographic integrity, every action logged, and every conclusion traced to a source. The platform produces client-ready reports and a legally defensible evidence record — automatically.
03

Three Operating Modes

⦿ Analyst
Analyst
Structured intelligence analysis with BLUF-first reporting. Confidence-scored findings. Runs automated collection tasks autonomously and surfaces results with source reliability ratings — optimized for speed and thoroughness.
⦿ Red Team
Red Team
Adversarial thinking and attack path analysis ranked by feasibility, impact, and detection risk. Kill chain mapping and campaign design. Engages deeper reasoning for complex multi-step scenarios. Operator approval required before any deployment action.
⦿ Report
Report
Client-facing documentation. Formal, objective, legally precise. Executive summaries for leadership, technical detail for security teams. Every claim is automatically traced to a verified evidence ID.
04

A Real Work Session

Four hours. Twelve natural language commands. Here's what Annabeth produces in a single morning session on a red team engagement.

08:00 – 08:12
Infrastructure Analysis
Two words typed: "Go." Annabeth autonomously maps the target's email infrastructure and discovers the entire domain is spoofable — a policy misconfiguration that takes manual analysts hours to find. Finding captured, integrity-verified, and documented in 7 minutes.
→ 1 CRITICAL finding · Evidence auto-captured
08:12 – 08:22
Credential Exposure Correlation
23 personnel email addresses checked against historical breach data. Seven hits. The CFO has a plaintext password exposure that reveals a predictable credential pattern. Cross-referenced against the org chart to identify financial authority.
→ 3 CRITICAL personnel findings · Entity graph auto-populated
08:22 – 08:55
Graph Analysis & Attack Path Development
Full relationship graph built across the target organization: people, systems, vendors, and exposures linked and analyzed. AI switches to Red Team mode and delivers 3 ranked attack paths with kill chains, feasibility scores, and detection risk assessments.
→ CFO identified as highest-leverage target node
08:55 – 10:15
Campaign Design & Staging
Phishing campaign designed directly from intelligence collected in earlier phases — exploiting the infrastructure vulnerability and a specific personnel exposure. Per-recipient tracking configured. Approval gate enforced. Operator authorized deployment at 10:15.
→ SE-001 staged and approved for deployment
10:24
Credential Captured
52 seconds. From email open to credential submission. A target employee entered corporate credentials on the simulated attacker portal. Zero employees reported the phishing attempt to IT security — the most important finding in the engagement.
→ Attack Path 1 validated · 0% report rate
05

Built for SKPI

South Knox Private Investigators

Annabeth is the proprietary operating platform for SKPI — a Knoxville-based private investigation practice specializing in blue hat OSINT, corporate red team engagements, executive exposure assessments, and vendor chain analysis. The platform is built to make a solo operator as effective as a five-person team, with a defensible evidence record built at every step.

Entity South Knox Private Investigators
Location Knoxville, TN
Services OSINT · Red Team · Executive Exposure
Platform Annabeth (proprietary)
Methodology Blue hat · Ethical · Authorized only

Interested in Annabeth?

Whether you're in the investigation or security space, looking for red team capability, or want to discuss what AI-powered intelligence tooling can do for your organization — let's talk.

Request a Conversation Email LinkedIn