Moyo
If you want to know what conclusions an adversary could assemble from your public information before they do, choose Moyo. With moyo we measure information reachability: how far can an analyst or model reliably infer toward something sensitive, starting from nothing but public crumbs?
What Is Information Reachability?
Moyo treats inference as a kind of exfiltration channel (no database breach required) because the leak can be in the combinability of facts rather than in any single document. Web pages, PDFs, job posts, photos, procurement notices, org charts, social posts, maps: each might be harmless alone, but together they can point to a facility layout, a capability, a schedule, or a supplier relationship.
In plain terms: Moyo asks, "If I give an attacker these inputs, what conclusions can they assemble, how confident can they be, and how repeatable is it?"
The Three Dimensions
- Distance: How many steps of reasoning from input to conclusion?
- Cost: Time, effort, and compute required to traverse that path
- Reliability: Error rate, confidence, and reproducibility of the inference
Why This Matters Now
Before LLMs, inference attacks existed but were constrained by human time, patience, and the friction of stitching together messy sources. A skilled OSINT analyst could correlate scattered details, but doing it at scale required expertise and many hours.
LLMs change the slope of the problem. They're unusually good at aggregating dispersed, unstructured information and generating candidate hypotheses quickly. A satellite image, a LinkedIn post, and a tweet might each be innocuous, but an LLM can synthesize them in seconds.
Many "secrets" are not a single file. They're emergent facts you can reconstruct from many innocuous pieces. Moyo formalizes that reality into something measurable and actionable.
How Moyo Works
In Go, moyo refers to a framework of potential territory: influence projected across the board that shapes the opponent's options. Our Moyo service operates similarly: we map the inference landscape to understand what's reachable before adversaries discover it themselves.
Moyo acts as a red-teaming agent for inference-based threats:
- Probes what a model (and tool-using workflows) can infer from allowed sources
- Maps the paths that lead to sensitive conclusions
- Identifies which source combinations are dangerous
- Finds the shortest "reachability paths" to protected information
- Produces actionable mitigations: redaction, policy, workflow guardrails, decoys, or classification boundaries
Testing Modes
Black-Box Mode
Test a deployed model from the outside. We interact only through the same interfaces an adversary would use: APIs, chat interfaces, or document uploads. No access to internals required.
White-Box Mode
Instrument internal pipelines to see why certain inferences become possible and how to stop them. Trace reasoning chains, identify contributing documents, and test counterfactuals.
Deliverables
- • Reachability map: visual graph of inference paths
- • Sensitivity ranking: which conclusions are most exposed
- • Source attribution: which inputs enable which inferences
- • Mitigation playbook: specific recommendations per finding
- • Re-test validation: confirm mitigations reduce reachability
What We Probe
| Source Category | Examples | Inference Targets |
|---|---|---|
| Public Web | Corporate sites, press releases, regulatory filings | Org structure, strategy, financials |
| Social Media | LinkedIn, Twitter/X, employee posts, photos | Personnel, locations, projects, schedules |
| Procurement & Legal | Contract notices, job postings, court records | Suppliers, capabilities, budgets, partnerships |
| Geospatial | Satellite imagery, maps, geotagged content | Facility layouts, expansion plans, logistics |
| Technical Artifacts | GitHub repos, documentation, API specs | Architecture, vulnerabilities, roadmap |
| Internal (White-Box) | RAG corpus, knowledge bases, chat logs | Cross-document inference, policy gaps |
Who It's For
- • Intelligence and defense organizations assessing OPSEC posture
- • Enterprises with sensitive IP, M&A activity, or competitive exposure
- • Organizations deploying RAG systems with mixed-sensitivity corpora
- • Security teams evaluating AI tool adoption risks
- • Compliance teams mapping data exposure for regulatory requirements
Frequently Asked Questions
How is this different from traditional red teaming?
Traditional red teaming tests whether attackers can breach your systems. Moyo tests whether attackers can infer sensitive information without any breach, just by combining public sources. The threat model is different: no exploit required, just synthesis.
What if we don't use LLMs internally?
Your adversaries do. Even if your organization hasn't adopted AI tools, attackers can use LLMs to accelerate OSINT against you. Moyo helps you understand your exposure from their perspective: what can they learn about you with these new capabilities?
Can you test our internal RAG system?
Yes. White-box mode is designed exactly for this. We instrument your pipeline to trace which documents contribute to which inferences, identify dangerous combinations, and recommend access controls or redaction strategies.
What mitigations do you typically recommend?
Depends on the finding. Options include: targeted redaction, publication timing changes, access segmentation, decoy information, workflow guardrails (blocking certain query patterns), and classification boundary enforcement. We prioritize by impact and implementation cost.
How do you measure "reliability" of an inference?
We run multiple trials with varied prompting strategies and measure: consistency (same conclusion across runs), confidence calibration (does the model know when it's guessing?), and reproducibility (can different models reach the same conclusion?). High reliability = high risk.
Is this just OSINT with extra steps?
Moyo formalizes OSINT into a measurable framework. Instead of "here's what we found," we deliver "here's the reachability graph, here's the cost function, here's how mitigations change the math." That structure enables systematic defense rather than whack-a-mole.
Related Articles
Deep-dives on information security and inference threats:
Map Your Information Exposure
Don't wait for adversaries to discover what's reachable. Contact us to scope an assessment and understand your inference attack surface.