How This Briefing Works
This report opens with key findings, then maps the gaps between what Adhese discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Adhese was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
Claims vs. Observed Behavior
Pending Analysis
“Claims extraction pending”
CDT analysis needed — DSPs deploy cross-domain sync and cookie matching infrastructure
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Adhese
- →monitor for scanner detections
- →audit programmatic tag deployment
If You're Evaluating Adhese
- →recon investigation for cross-domain sync and cookie matching behavior
Negotiation Leverage
- →Baseline detection only — DSPs require behavioral analysis for accurate risk assessment
- →Demand-side platforms operate extensive cross-domain tracking by design
- →Review bid stream data sharing and audience segment retention policies
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Ignoring CMP signals
Device identification
IOC Manifest
Indicators of compromise across 2 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
No indicators in this category
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
4 detection signatures across scripts, domains, cookies, and network endpoints