Cloak HarborExposure Defense

Personal Exposure Defense

A repeatable, governed loop that turns raw exposure into a defensible, audit-ready posture.

What it is

Personal Exposure Defense (PED) is the discipline of finding where a protected principal is exposed in public and public-record surfaces, verifying that exposure with evidence, scoring its real-world risk, and reducing it through governed remediation. Cloak Harbor operationalizes PED as a control plane rather than a one-off scan.

The operating loop

Every engagement follows the same ten stages. The demo walks one synthetic executive principal through all of them.

1 — Intake

Create a consent-scoped principal profile: aliases, family links, locations, business entities, identifiers, devices, communication preferences, risk tolerance and approval rules. Intake records whether the case uses synthetic or authorized data.

2 — Exposure discovery

Curated findings are surfaced across people-search-style records, property clues, public-record-style records, corporate filings, social references, credential exposure, utility clues and identity linkage. The demo never runs an unbounded live crawl of real people.

3 — Evidence validation

  • Source URL and source class
  • Capture timestamp and screenshot / evidence target
  • Confidence and exploit path
  • False-positive status and why it matters

4 — Risk scoring & StealthScore

The SigReduce rubric scores severity, confidence, exploitability, family exposure, physical proximity, fraud utility, social-engineering leverage and recurrence likelihood. These roll up into a StealthScore and a projected remediation delta, labeled as demo calibration.

5–6 — Operations & cadence

Findings move through a Kanban board — New exposure, Validated, Action ready, Waiting partner, Closed / monitor — while a calendar schedules opt-out deadlines, partner review, client approval, re-scan and report-out.

7–8 — Agent-assisted action & human approval

AI drafts takedown notices, privacy requests, mitigation recommendations and analyst notes in dry-run mode. Nothing is submitted externally until a human approves. AI output is always labeled and never treated as final truth.

9–10 — Trace, report & recurrence

A one-page executive report captures before/after status, open risks, completed and pending actions, recurrence watch and the next 30 days — backed by a trace evidence timeline and ongoing monitoring.