QA mode · Tier:PUBLIC(override via ?tier=paid | premium)
← All Vendors
tag_manager

PathFactory

PathFactory is a tag_manager vendor with a VRS of 80, flagged for 6 BTI codes including session recording (C07), consent bypass (C09), and tag injection (C15). The platform deploys aggressive visitor intelligence while delivering content experiences, creating moderate signal corruption (25) but severe cost attribution manipulation (90) and full legal tail risk (100).

120 IOCs observed16 detections88% pre-consent7 sites
80
Vendor Risk Score
Tier: HOSTILE
Observation Coverage

BLACKOUT observes runtime behavior in the browser. This dossier reflects browser-side execution, which is one of five vendor data-egress classes. Server-to-server transfers, backend integrations, and offline data flows are outside this observation boundary.

BLACKOUT observes runtime behavior and cites the regulations that address that behavior pattern. Legal determinations are the customer's counsel's call.

How This Briefing Works

This dossier opens with key findings, then maps the gap between what PathFactory discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.

Key Findings

At a Glance

Detections
16

across 7 sites

Pre-Consent Rate
88%

vendor fires before consent

Disclosure Gaps
1

Summary

Briefing

PathFactory operates as a content intelligence platform that tracks prospect engagement across multi-touch journeys. The vendor uses tag manager capabilities to instrument behavioral tracking throughout content consumption sessions, capturing granular interaction data that feeds predictive scoring models. Deployment patterns reveal session recording, device fingerprinting, and consent bypass mechanisms that operate independently of website consent frameworks.

Customer Impact

What This Means For You

Revenue teams face three core risks: (1) Marketing attribution becomes distorted by over-crediting content touches, making CAC calculations unreliable and potentially shifting budget toward ineffective content programs. (2) Detailed prospect research behavior becomes visible to PathFactory, revealing which competitors you evaluate and what objections concern you most—intelligence that feeds vendor competitive analysis. (3) Legal exposure from consent bypass and session recording creates GDPR/CCPA liability that DPOs cannot fully mitigate without removing the vendor.

Collapse Engine

Risk Channel Breakdown

Oracle
Truth Collapse
25

PathFactory tracks content engagement velocity and consumption patterns that feed into intent scoring models (25% signal corruption). These behavioral signals can distort attribution by over-crediting content touches while missing actual decision triggers.

Broker
Control Collapse
90

The platform captures detailed visitor journey data that reveals prospect research behavior and competitive evaluation patterns (90% CAC subsidization). This intelligence enables competitors and vendors to optimize targeting against your pipeline.

Reaper
Safety Collapse
0

Expands attack surface

Counselor
Legitimacy Collapse
100

Tag manager deployment with session recording and consent bypass creates full GDPR/CCPA exposure (100% legal tail risk). The vendor processes detailed behavioral data without transparent consent controls, leaving deploying organizations liable for regulatory violations.

BTI Codes

Threat Indicators

Runtime-observed (BTI-C)

BTI-C01
Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06
Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07
Session Recording

Full session replay

BTI-C09
Consent Bypass

Ignoring CMP signals

BTI-C10
Fingerprinting

Device identification

BTI-C15
Tag Manager

Container/loader (neutral)

6
BTI Consequences Identified

Per-code narrative explanations of what each detected behavior means for your organization

Available in VIDB Subscription

Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →

Disclosure Gaps

Claims vs. Reality

1
Gaps Observed

BLACKOUT analyzed PathFactory's public claims against observed runtime behavior and identified 1 contradiction.

Available in VIDB Subscription

Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →

Recommended Actions

What To Do

Recommended Actions
10

5 for current users · 5 for evaluators

Negotiation Leverage
5

contractual leverage points

Available in VIDB Subscription

Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →

Ecosystem

Supply Chain & Pairings

Commonly Paired With
10

oktopost, qualified, googletagmanager

Available in VIDB Subscription

Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →

Profile: pathfactoryFirst Seen: 2026-01-03Last Updated: 2026-03-29