How This Briefing Works
This dossier opens with key findings, then maps the gap between what Adiant discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
3 CRIT · 2 HIGH
Briefing
Adiant is a digital advertising network operating the Adblade, IndustryBrains, and Solve Media brands, claiming to reach 300 million monthly unique users. Runtime observation on their own website reveals 17 third-party tracking vendors including AdRoll, DoubleClick, LinkedIn, and Pubmatic—with 20% firing before any consent mechanism (there is no CMP). Their privacy policy, hosted only on the Adblade subdomain (adiant.com returns 404), was last updated February 6, 2020—six years ago—and contains zero GDPR or CCPA language despite claiming EU reach. The policy states they "do not store any personally identifiable information" while simultaneously admitting to collecting "clicks, mouse movements" and using cookies with 2-year retention. For any publisher or advertiser working with Adiant, you are partnering with a company that has no modern privacy compliance, no disclosed subprocessors, and actively contradicts its own privacy claims.
What This Means For You
If Adiant/Adblade ad units are deployed on your site, you inherit a vendor with no modern privacy compliance infrastructure. Their privacy policy has not been updated in 6 years and contains no GDPR or CCPA language despite claiming EU reach. Under GDPR Art 28, you must verify subprocessor chains — Adiant discloses zero while 17 vendors are detected at runtime including AdRoll, DoubleClick, LinkedIn, and Pubmatic. The complete absence of a consent mechanism on their own properties means their ad serving code likely does not respect your CMP signals. You face joint regulatory liability for a vendor that claims to not store PII while simultaneously collecting clicks and mouse movements.
Risk Channel Breakdown
Attribution accuracy is compromised by Adiant's use of multiple conflicting ad networks (AdRoll, DoubleClick, Pubmatic, Taboola) that each maintain separate attribution models, creating measurement fragmentation.
Your campaign data and audience signals flow to 17 undisclosed third parties including competitors' preferred ad networks. No subprocessor list means you cannot audit where your demand signals go.
Shadow data flows to ad exchanges and identity resolution vendors create undocumented attack surface. The 6-year-old privacy policy suggests abandoned security posture.
Zero GDPR/CCPA language in a 2020 privacy policy creates direct regulatory exposure. No consent mechanism despite 17 tracking vendors violates ePrivacy Directive and GDPR Article 7.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Full session replay
Ignoring CMP signals
Device identification
Long-lived identifiers
PII deanonymization
Claims-vs-Reality (BTI-X)
Not in privacy policy
Hidden data recipients
Behavior contradicts marketing
Collection exceeds disclosed scope
Security claims vs evidence
CMP vendor list vs runtime
Gated or missing due diligence docs
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Adiant's public claims against observed runtime behavior and identified 5 contradictions.
"No privacy policy exists on adiant.com main domain"
adiant.com/privacy-policy returns 404. Policy only exists on adblade.com subdomain.
4 more gaps — with regulatory citations and evidence pointers — available with subscription.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →