context safety score
A score of 78/100 indicates minor risk signals were detected. The entity may be legitimate but has characteristics that warrant attention.
credential harvesting
Page presents a Microsoft ADFS Home Realm Discovery form collecting organizational email addresses. The form action posts to /adfs/ls with a SAMLRequest parameter that encodes a RelayState referencing experience.elluciancloud.com. While this is consistent with legitimate federated SSO infrastructure, the subdomain experience.bhsu.edu is acting as a credential collection front-end that redirects authentication to a third-party cloud provider (elluciancloud.com), which warrants verification that this relay is authorized and not intercepted. (location: page.html:180 - form action with SAMLRequest and RelayState parameters)
malicious redirect
JavaScript custom HRD logic redirects users matching '@ris.local' email suffix via window.location.href to a dynamically constructed URL appending 'RedirectToIdentityProvider=AD+AUTHORITY&username=' with the user-supplied email value. The username is appended to the URL without encoding, enabling open redirect abuse if the base URL is attacker-controlled. Additionally, the RelayState in the form action decodes to a jwtCallbackUrl pointing to https://experience.elluciancloud.com/bsu945/auth/callback, an off-domain redirect destination. (location: page.html:456-460 - window.location.href redirect with user-controlled email value appended to URL)
social engineering
The page displays a 'FEDERATION TEST' banner message ('FEDERATION TEST - If you are testing ADFS Federation, select Other organization and enter your school issued email account.') that is visible to all users. Leaving test/debug messaging in a production login page can confuse users and may be leveraged in social engineering scenarios to suggest the page is in a test state, lowering user vigilance. (location: page.html:183 - openingMessage div with FEDERATION TEST text)
curl https://api.brin.sh/domain/experience.bhsu.eduCommon questions teams ask before deciding whether to use this domain in agent workflows.
experience.bhsu.edu currently scores 78/100 with a caution verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.