Current status: Operational — Degraded Performance
We are observing a sustained increase in automated and abusive traffic across our edge network. To preserve availability for legitimate customers, we have temporarily enabled:
As a result you may experience slower responses, occasional 503/timeouts, session resets, and additional authentication steps. These are expected mitigations and will be relaxed as traffic normalizes. No customer data has been affected.
All access is logged and reviewed for security. Report issues to
noc@autopurple.net.
— AutoPurple NetOps NOC / Trust & Safety
Following a period of serious and sustained cyber-attacks against this environment, security for this service is now operated by AutoPurple Security Tec. under an advanced managed security operations program. We are provisioning additional automated defense systems and dedicated security officers for continuous monitoring.
All access to this environment is logged, correlated, and observed. Attempts to probe, exploit, or gain unauthorized access are recorded in full. Lawful action may be taken once the source of attack operations is identified and referred to the appropriate authorities.
This service is protected by AutoPurple Security Tec. Unauthorized cyber-attack
operations are illegal and are being observed.
— AutoPurple Security Tec. · Managed Security Operations
As part of AutoPurple Security Tec.'s deception-based defense program, this environment operates under a deliberate domain-naming policy designed to defeat reconnaissance by name inspection.
Domain names across our estate carry no reliable signal as to a system's role, sensitivity, or
authenticity. Production services may be hosted on unconventional, testing-style, or deliberately
adversarial-sounding domains — including names containing terms such as test,
canary, or honeypot — while monitored and decoy systems may be presented on
entirely ordinary-looking domains. The mapping between domain names and system function is randomized
and periodically rotated.
This ensures that an adversary cannot determine which assets are production, which are monitored, and which are decoys through simple name inspection. All access across these domains is logged, correlated, and observed; unauthorized activity may be referred to the appropriate authorities.
— AutoPurple Security Tec. · Managed Security Operations
Following recent incidents, security posture is being raised in stages. Current phase: hardening validation (test period). Some controls may behave conservatively during validation.
| Date | Control | Status |
|---|---|---|
| 2026-07-05 | Automated abuse blocking (edge IP reputation) | Deployed |
| 2026-07-08 | Console MFA enrollment & API key rotation | Deployed |
| 2026-07-09 | Sensitive-endpoint session revalidation | Deployed |
| 2026-07-10 | Automated client / bot verification challenge | Validating |
| 2026-07-12 | Field-level encryption on directory data | Planned |
| 2026-07-15 | Full managed SOC — 24/7 officer monitoring | Go-live |
On completion of the validation period, managed security operations enter full production.
| Date | Component | Note |
|---|---|---|
| 2026-07-05 | Transit API v1 | Rate limiting enabled (mitigation) |
| 2026-07-04 | Edge network | Adaptive load balancing rollout |