How This Briefing Works
This report opens with key findings, then maps the gaps between what Blueshift discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Awaiting scanner verification”
Observed Behavior
Runtime behavior not yet observed
Customer Impact
What This Means For You
Organizations deploying Blueshift should understand that the platform creates comprehensive customer profiles by merging anonymous and authenticated behavior across all channels and devices. The LiveRamp audience syndication means customer behavioral data may flow to 500+ advertising destinations — this is not incidental but a core platform feature. Predictive AI models that score customers for churn and purchase intent create dependency risk: the intelligence about your customers lives in Blueshift's models, not your own systems. The autonomous Customer AI Agents launched in 2025 further reduce human oversight of how customer data is used in campaign decisions, creating accountability gaps when marketing actions need to be explained or audited.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Blueshift
- →• Audit LiveRamp audience syndication configuration to understand exactly which of the 500+ downstream destinations receive your customer data and how audiences are matched • Review cross-device identity resolution to determine if anonymous pre-login behavior is being retroactively merged with known customer profiles without appropriate consent • Map all data shared with Blueshift's third-party service providers and assess whether data processing agreements cover each relationship • Evaluate Customer AI Agent autonomy settings to ensure automated experimentation and campaign optimization operate within acceptable governance boundaries • Establish data portability and deletion procedures — confirm what happens to unified customer profiles and predictive model data upon contract termination
Negotiation Leverage
- →Key leverage: Blueshift's predictive models improve with data volume, making customer retention valuable to them — use this during renewals. The LiveRamp syndication is the primary negotiation point: demand granular control over which downstream destinations receive your data, and contractual right to disable syndication entirely. Request disclosure of all third-party service providers receiving your data under Blueshift's privacy policy. Key questions: (1) Can LiveRamp audience syndication be disabled at the account level while retaining core CDP and marketing automation features? (2) What specific data does Blueshift retain after contract termination, and what is the deletion timeline? (3) Are anonymized or aggregated customer profiles used to train predictive models that benefit other Blueshift customers? (4) What governance controls exist over autonomous Customer AI Agent decisions? Protections to negotiate: opt-out from LiveRamp syndication, data deletion SLA with verification, restriction on cross-customer model training, human-in-the-loop requirement for AI Agent actions above defined thresholds.
IOC Manifest
IOC Manifest
71 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*blueshift.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*blueshift.com/wp-content/plugins/wmx-schema/public/js/wmx-schema-public.js*
Tracking script
TRACK
*blueshift.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*blueshift.com/wp-content/cache/wpfc-minified/6ymi23iw/48b34.js*
Tracking script
TRACK
*blueshift.com/wp-content/cache/wpfc-minified/kb6ktykp/48b34.js*
Tracking script
TRACK
*snippet.blueshift.com/us-*-b130-4eb3-*-*.js*
Tracking script
TRACK
*okto.blueshift.com/ping*
Tracking script
TRACK
blueshift.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
blueshift.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
blueshift.com/wp-content/plugins/wmx-schema/public/js/wmx-schema-public.js
Auto-extracted from scan
TRACK
blueshift.com/wp-content/cache/wpfc-minified/6ymi23iw/48b34.js
Auto-extracted from scan
TRACK
blueshift.com/wp-content/cache/wpfc-minified/kb6ktykp/48b34.js
Auto-extracted from scan
TRACK
snippet.blueshift.com/us-48d03789-b130-4eb3-8741-9615e25c4347.js
Auto-extracted from scan
EXFIL
videos.blueshift.com/resources/um/integrations/google-tag-manager/datalayer.js
Auto-extracted from scan
TRACK
okto.blueshift.com/ping
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Blueshift's ecosystem is anchored by the LiveRamp partnership, which connects CDP data to 500+ advertising destinations for audience syndication. The platform syncs audiences to major ad platforms including Twitter, LinkedIn, Pinterest, Microsoft Ads, Amazon Ads, and Verizon Media. Native integrations cover email, SMS, mobile push, in-app messaging, and web personalization. The mobile SDK (iOS via IDFV, Android) collects device-level behavioral data. Blueshift shares data with third-party service providers for customer support, marketing, operations, and general business purposes. The Customer AI Suite (predictive AI, recommendations, AI assistants, and AI agents) processes all collected data to drive autonomous campaign decisions across the full channel mix. GDPR, SOC2, HIPAA, and CCPA compliance certifications are claimed.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
71 detection signatures across scripts, domains, cookies, and network endpoints