Delphi.ai | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Delphi.ai discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

4 detections across 3 sites

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

Pending Analysis

UNKNOWN

They Claim

“Claims extraction pending”

Observed Behavior

Claims extraction pending — CDT analysis required.

Customer Impact

What This Means For You

Sites deploying Delphi.ai unknowingly subsidize competitors' acquisition costs through session data leakage while accumulating consent liability. Session recordings create permanent evidence trails that convert GDPR complaints into enforceable violations.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Delphi.ai

→Demand vendor data flow map showing where session recordings are processed/stored/shared
→Request DPA amendment adding session recording data restrictions
→Implement consent layer requiring explicit session recording opt-in

If You're Evaluating Delphi.ai

→Session recording alternatives with on-premise processing
→Privacy-preserving analytics that don't require full session capture

Negotiation Leverage

→Session recording detected at runtime — demand data flow documentation and third-party sharing disclosures per GDPR Article 13(1)(e)
→CAC subsidization risk: require contractual prohibition on using customer session data for vendor-side analytics or data product development
→Consent gap: session recording requires explicit opt-in under ePrivacy Directive — current implementation may violate Article 5(3)

Runtime Detections

1 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C07Session Recording

Full session replay

Impact: Full session capture creates comprehensive behavioral profiles that feed demand-side platforms and competitive intelligence networks, amplifying CAC subsidization and creating discoverable evidence of consent violations.

IOC Manifest

5 INDICATORS

Indicators of compromise across 2 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Delphi.ai operates in the crowded GTM platform segment where session replay has become table stakes, normalizing invasive data practices that create systemic revenue risk.

Commonly Deployed With

Tolt Cookieyes Googletagmanager Metapixel Rb2b Poptin Googleanalytics4 Chilipiper Chilipiper B2b Email Intelligence Linkedinads

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

5 detection signatures across scripts, domains, cookies, and network endpoints