All Vendors
revenue_intelligence

Clari

Clari operates as a revenue intelligence platform that ingests email, calendar, CRM, and engagement data across an organization's entire sales stack to power AI-driven forecasting and pipeline analysis. While positioned as a forecasting tool, its data ingestion scope creates a significant internal surveillance surface -- capturing every rep interaction, email thread, and meeting cadence across Salesforce, Google Workspace, Microsoft Exchange, Marketo, Slack, and LinkedIn. The Oracle subsystem is the primary concern: organizations cede measurement sovereignty to Clari's proprietary models, which become the de facto source of truth for pipeline health and revenue projections.

84 IOCs
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Clari discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Clari's primary data collection occurs server-side through API integrations rather than client-side JavaScript, limiting observable runtime behavior

Customer Impact

What This Means For You

Organizations deploying Clari grant the platform access to their most sensitive revenue data: deal terms, pipeline forecasts, customer communications, and sales team performance metrics. The primary risk to end customers is indirect -- Clari's aggregation of sales interaction data means that a customer's buying signals, negotiation patterns, and vendor evaluation processes may be captured and modeled without the customer's knowledge. For the deploying organization, the risk is measurement dependency: once Clari becomes the forecasting backbone, removing it requires rebuilding pipeline visibility from scratch.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Clari

  • - Audit Clari's data ingestion scope: review exactly which email, calendar, and CRM data flows are active and whether they match documented permissions. - Review Clari's data retention and deletion policies to understand how long captured sales activity data persists after contract termination. - Assess forecasting dependency: determine whether the organization retains independent pipeline analysis capability outside of Clari. - Evaluate employee notification: confirm that sales reps understand the extent of email and calendar data being captured and analyzed. - Request Clari's SOC 2 report and review access controls governing who within Clari can view customer pipeline and communication data.

Negotiation Leverage

  • Clari's leverage comes from forecasting dependency -- once an organization's pipeline management runs through Clari, switching costs are substantial. Negotiate data portability clauses upfront: ensure contractual rights to export all captured activity data in standard formats upon termination. Require explicit data deletion timelines post-contract. Push for transparency on which Clari employees or AI systems can access your organization's email and calendar data. If Clari claims anonymization or aggregation of customer data for model training, demand contractual exclusion of your data from cross-customer model development. The 87% miss rate on revenue targets reported by Clari Labs (2025) is worth raising -- if the platform's own research shows most customers miss targets, the ROI conversation should focus on measurable lift with clear benchmarks.
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Clari replaces internal forecasting with proprietary AI models, creating organizational dependency on a single vendor for pipeline truth. Removing Clari requires rebuilding revenue visibility from scratch.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Clari captures demand signals across the entire revenue stack -- engagement patterns, deal velocity, buying signals -- creating a comprehensive map of customer behavior and sales team performance.

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C10Fingerprinting

Device identification

BTI-C13Persistence Mechanisms

Long-lived identifiers

IOC Manifest

IOC Manifest

84 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*pages.clari.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*www.clari.com/Static/js/clari.ui.bundle.js*
Tracking script
TRACK
*www.clari.com/Util/Find/epi-util/find.js*
Tracking script
TRACK
*www.clari.com/Static/js/vendor.ui.bundle.js*
Tracking script
TRACK
*www.clari.com/Static/js/clari.app.bundle.js*
Tracking script
TRACK
*www.clari.com/Static/js/modules/standalone/testimonialSlider.ui.bundle.js*
Tracking script
TRACK
*www.clari.com/Static/js/modules/standalone/tabset.ui.bundle.js*
Tracking script
TRACK
*www.clari.com/Static/js/modules/standalone/ctaViolator.ui.bundle.js*
Tracking script
TRACK
pages.clari.com/js/forms2/js/forms2.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/vendor.ui.bundle.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/clari.ui.bundle.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/clari.app.bundle.js
Auto-extracted from scan
TRACK
www.clari.com/Util/Find/epi-util/find.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/modules/standalone/tabset.ui.bundle.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/modules/standalone/testimonialSlider.ui.bundle.js
Auto-extracted from scan
TRACK
www.clari.com/Static/js/modules/standalone/ctaViolator.ui.bundle.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Clari integrates with the core revenue technology stack: Salesforce (primary CRM), Google Workspace and Microsoft Exchange (email/calendar), Marketo (marketing automation), Slack (collaboration), LinkedIn (social selling), and various data warehouse platforms. Clari is commonly deployed alongside Gong (conversation intelligence), Outreach or Salesloft (sales engagement), and Salesforce as the system of record. The platform positions itself as the orchestration layer that sits above these tools, aggregating their data into a unified revenue model.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

84 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details