Protected by AutoPurple Security Tec. · Access is verified, logged and observed. If you require access, please declare your identity & purpose for security verification.

Service Status & Security Advisory

Current status: Operational — Degraded Performance

Advisory · Elevated automated traffic

We are observing a sustained increase in automated and abusive traffic across our edge network. To preserve availability for legitimate customers, we have temporarily enabled:

As a result you may experience slower responses, occasional 503/timeouts, session resets, and additional authentication steps. These are expected mitigations and will be relaxed as traffic normalizes. No customer data has been affected.

All access is logged and reviewed for security. Report issues to noc@autopurple.net.
— AutoPurple NetOps NOC / Trust & Safety

Security Operations Notice

Following a period of serious and sustained cyber-attacks against this environment, security for this service is now operated by AutoPurple Security Tec. under an advanced managed security operations program. We are provisioning additional automated defense systems and dedicated security officers for continuous monitoring.

All access to this environment is logged, correlated, and observed. Attempts to probe, exploit, or gain unauthorized access are recorded in full. Lawful action may be taken once the source of attack operations is identified and referred to the appropriate authorities.

This service is protected by AutoPurple Security Tec. Unauthorized cyber-attack operations are illegal and are being observed.
— AutoPurple Security Tec. · Managed Security Operations

Domain & Infrastructure Naming Policy

As part of AutoPurple Security Tec.'s deception-based defense program, this environment operates under a deliberate domain-naming policy designed to defeat reconnaissance by name inspection.

Domain names across our estate carry no reliable signal as to a system's role, sensitivity, or authenticity. Production services may be hosted on unconventional, testing-style, or deliberately adversarial-sounding domains — including names containing terms such as test, canary, or honeypot — while monitored and decoy systems may be presented on entirely ordinary-looking domains. The mapping between domain names and system function is randomized and periodically rotated.

This ensures that an adversary cannot determine which assets are production, which are monitored, and which are decoys through simple name inspection. All access across these domains is logged, correlated, and observed; unauthorized activity may be referred to the appropriate authorities.

— AutoPurple Security Tec. · Managed Security Operations

Security Hardening Roadmap

Following recent incidents, security posture is being raised in stages. Current phase: hardening validation (test period). Some controls may behave conservatively during validation.

DateControlStatus
2026-07-05Automated abuse blocking (edge IP reputation)Deployed
2026-07-08Console MFA enrollment & API key rotationDeployed
2026-07-09Sensitive-endpoint session revalidationDeployed
2026-07-10Automated client / bot verification challengeValidating
2026-07-12Field-level encryption on directory dataPlanned
2026-07-15Full managed SOC — 24/7 officer monitoringGo-live

On completion of the validation period, managed security operations enter full production.

Recent incidents

DateComponentNote
2026-07-05Transit API v1Rate limiting enabled (mitigation)
2026-07-04Edge networkAdaptive load balancing rollout