Three deployment tiers from lightweight DNS to full carrier-grade intelligence sharing one underlying AI engine. Start where your infrastructure is. Scale when you're ready.
Every tier shares BlackDice IQ the same federated AI engine and upgrades without re-platforming.
Real-time behavioural intelligence, session risk scoring, scam detection and device integrity signals, delivered via API directly into your existing mobile app. No infrastructure ownership. No subscriber friction.
Network-level domain blocking across your full subscriber base including IoT devices powered by the same BlackDice IQ threat intelligence as the full CPE platform. Deployable in days.
A lightweight firmware agent embedded directly into your existing CPE via TR-069/369 or containerised deployment. Full DPI, all-device IoT protection, zero-day behavioural detection. Zero hardware changes.
| Capability | MOBILE SDK | DNS PROTECT | HALO CPE |
|---|---|---|---|
| Encrypted traffic visibility | App layer only | No | Full DPI |
| Unmanaged IoT protection | No | DNS blocking only | All devices, all traffic |
| Mobile fraud signals | Full session + device | No | Via mobile SDK layer |
| Zero-day behavioural detection | Session-level signals | IQ threat intelligence | Full behavioural AI |
| Hardware required | None | None | Existing CPE no changes |
| Deployment timeline | Days | Days to weeks | Weeks to months |
| Operator Retina console | No | Yes | Full carrier-grade analytics |
| Subscriber app (Angel) | Embedded in host app | White-label Angel | Full white-label Angel |
For banks, fintechs and mobile operators who need on-device intelligence without owning network infrastructure. Integrate in days. Reduce APP fraud liability now.
No hardware dependency. No CPE procurement cycle. Deploy across your full subscriber base in days and start delivering measurable security value immediately.
Full DPI, all-device IoT protection, zero-day behavioural detection. The complete platform embedded in your existing CPE estate with no hardware changes.
The BlackDice Mobile SDK brings behavioural intelligence directly into your app. Session risk scoring, device integrity signals and scam detection, delivered in real time, with no infrastructure investment and no subscriber friction.
The BlackDice SDK adds a behavioural intelligence layer that sees what authentication cannot what is happening on and around the device at the moment of risk.
When a fraudster persuades a customer to initiate a payment themselves, authentication passes without friction. BlackDice detects the behavioural signals that precede APP fraud a scam call in progress, a remote access app active, an unusual payment sequence and surfaces a risk score before the transaction is confirmed.
Account takeover often begins with a compromised device. BlackDice identifies device integrity anomalies before the login attempt reaches your authentication layer enabling step-up challenges or session termination before compromise occurs.
The SDK identifies known scam number patterns, real-time call activity, and suspicious SMS behaviour enabling banks and operators to alert customers or suppress fraudulent interactions before they escalate.
Each signal may appear benign in isolation. Together, they form the high-confidence risk picture that single-layer tools cannot produce.
A remote access application active during a banking session individually unremarkable. Combined with a scam call in progress and an unusual payment sequence, they indicate a probable social engineering attack. BlackDice surfaces this composite risk score in real time, enabling your app to challenge or block before funds move.
App usage patterns, session context and interaction behaviours. Detects anomalous co-occurrence remote access tools or screen recorders running simultaneously with banking sessions.
Real-time risk scoring for incoming communications. Identifies known scam call patterns, phishing SMS and social engineering signatures flagged before the subscriber acts.
Detection of jailbroken or rooted devices, anomalous system behaviour, unauthorised accessibility service usage and indicators of device compromise surfaced at session initiation.
Wi-Fi vs. cellular switching, rogue access point proximity, network-level threat exposure and connectivity anomalies that indicate risk without requiring network infrastructure access.
The UK Fraud Strategy 2026 2029 names telecoms operators and financial institutions as critical control points in the national fraud response for the first time. The BlackDice SDK provides the auditable, real-time fraud signal data to demonstrate compliance.
PSD2 SCA requirements demand risk-based authentication. The SDK provides a real-time behavioural risk signal that informs dynamic authentication decisions reducing friction for low-risk sessions while increasing scrutiny where signals indicate elevated risk.
Consumer Duty requires firms to demonstrate they are actively protecting vulnerable customers from foreseeable harm. The SDK provides the evidential layer: logged risk signals, intervention triggers and outcome data that supports FCA reporting.
The SDK integrates into your existing mobile application. It does not require network access agreements or operator partnerships to deliver value from day one.
Android and iOS packages delivered via standard package management. Integration into your existing application in days via documented APIs.
Configure which signal categories to activate fraud indicators, device integrity, session risk, network context based on your risk appetite and use case.
Real-time risk scores delivered via API. Integrate with your existing fraud decisioning engine, step-up authentication or transaction monitoring system.
No subscriber-facing changes required. Protection is active from the moment the updated app reaches your users.
Most fraud prevention tools authenticate the customer. The BlackDice SDK understands the context surrounding the customer and that is where fraud actually begins.
BlackDice Halo embeds directly into your existing CPE estate via firmware, TR-069/369 or containerised deployment. Full DPI, all-device IoT protection and zero-day behavioural detection at subscriber scale, with no latency impact and no user friction.
BlackDice Halo operates as a layered intelligence architecture. Each layer adds a dimension of visibility and control together they create a detection capability that no single-layer approach can replicate.
A lightweight software agent deployed directly into the router via TR-069/369, firmware SDK or containerised environment. Operates inline at the packet inspection layer, enforcing protection locally even when cloud connectivity is interrupted. Observes all traffic from all devices from the moment they connect.
Aggregates anonymised telemetry from across all deployments, applies behavioural analysis via federated machine learning, and generates risk assessments and policy decisions. Continuously learns without centralising raw subscriber data. Detects zero-day threats by identifying deviation from established behavioural baselines not by waiting for signature database updates.
Translates raw network telemetry into actionable business intelligence. Real-time threat visibility across routers and devices, network and security telemetry linked to QoE and churn indicators, actionable insights for segmentation, monetisation and policy control. Built at operator scale not adapted from enterprise tools.
A white-labelled consumer application giving families and businesses intuitive control over their digital security. Clear security scores, plain-language explanations of threats blocked, one-tap remediation and family controls. Turns security from an invisible service into something subscribers can see, value and stay for.
This is not an architectural aspiration it is the production reality of every CPE deployment.
Every domain resolution request from every device including IoT devices, smart TVs and gaming consoles with no user-facing interface. Intent signals at source.
Visible to DNS-only solutions, but this is where their visibility ends.
Protocol-level traffic classification including encrypted service identification, without decrypting payload content. Identifies application behaviour patterns completely invisible to DNS-only solutions.
Not visible to DNS-only competitors. This is the first differentiating layer.
Identification and classification of every connected device using behavioural signatures rather than MAC addresses. Type, manufacturer, firmware version and anomalous behaviour without any client-side software.
Covers unmanaged IoT the fastest growing threat surface with zero existing visibility.
Volumetric and temporal patterns across the entire home network. Detects data exfiltration, command-and-control communication and lateral movement between devices.
Enables detection of botnet activity, C2 callbacks and slow-burn exfiltration.
The multi-layer intelligence that transforms raw data into actionable insight. A DNS query alone is benign. Combined with unusual traffic volume at 3am from a new device, it becomes a high-confidence threat signal.
This is the layer that detects zero-day and polymorphic threats other platforms miss.
The agent operates inside operator-managed infrastructure at firmware level. This requires a direct commercial relationship with the telecom operator and cannot be replicated by over-the-top applications. There is no self-serve path to this data position.
Protected by granted patents: EP3231153B1 · GB2533101 · AU2015359182
DNS-based solutions block known threats. BlackDice Halo detects unknown ones. That distinction defines the difference between reactive and proactive security at operator scale.
Encrypted traffic seen, not blockedDPI metadata classification identifies application behaviour in encrypted streams without decrypting content.
Unmanaged IoT fully coveredEvery device joining the network is visible from the moment of connection. No client software required on any device.
Zero-day threats detected behaviourallyBlackDice IQ predicts malicious behaviour by detecting deviations from established baselines not by checking a signature database.
Local enforcement no cloud dependencyProtection remains active even when cloud connectivity is interrupted. Security does not degrade during outages.
Encrypted traffic visible via DPI metadata, behavioural patterns identified without payload decryption
Encrypted traffic not visible DNS sees only the domain query, not what the session contains or does
Zero-day detection via behavioural anomaly threats identified before signatures exist
Known domain blocking only reacts after a threat has been catalogued and added to the blocklist
All unmanaged IoT devices covered no client software required on any device
IoT covered via DNS only device-level behaviour, compromise and lateral movement not visible
Local enforcement protection active independent of cloud connectivity
Cloud-dependent resolution latency and uptime affect enforcement capability
Integration into BSNL 5G Fixed Wireless Access rollout. Multi-year agreement covering a potential population exceeding 500 million. Acceptance certificate signed February 2026.
ACCEPTED SCALINGDirect integration into ZTE routers. Year 1 positioned as value-added security service. Full tariff rollout in Year 2. 90%+ pipeline probability.
CONTRACTING Q2 2026Deployment across Turkcell's fixed broadband estate via TP-Link routers. Pilot commencing May 2026, linked to 5G network rollout progression.
PILOT MAY 2026Every router in your estate has the potential to be an intelligent security edge generating new revenue, reducing support costs and protecting your subscriber base from threats that DNS-only tools cannot see.
Speed and price are table stakes. The operators who lead commercially over the next five years will be those who can deliver something more valuable: a trusted digital environment for every subscriber. BlackDice makes that possible embedded in your existing infrastructure, at network scale, with no hardware changes.
"The UK Fraud Strategy 2026 2029, the EU's NIS2 Directive, and Singapore's expanded Cybersecurity Act obligations all point in the same direction: operators are now accountable for the quality of the digital environment they create not just the speed of the connection they provide."
BLACKDICE MAY 2026 →These are not features. They are the three things that determine whether a telecoms operator is genuinely trusted by its subscribers, or merely tolerated until a better offer comes along.
Confidence is not the absence of threats threats are constant and growing. It is the knowledge that your network is detecting and managing them continuously, without requiring anything from the subscriber. No app to install. No settings to configure. No decision to make.
When confidence exists, subscribers stay, upgrade, and recommend. Safe banking. Protected families. SME continuity.
The digital experience your subscribers rely on banking, healthcare, remote work, communication must remain uninterrupted regardless of the threats targeting it at any moment. A single security incident that disrupts a subscriber's digital experience costs more in churn and support than the entire annual security budget for most operators.
The broadband router is already deployed capital. The question is whether it remains a pass-through device, or becomes an intelligent edge control layer that protects margin. Every avoided compromise is one less call, one less complaint, one less churn event. That is measurable OPEX reduction.
Speed and price have become table stakes. Coverage is assumed. The competitive battle has shifted to a different question: how safe is the digital environment you deliver to your subscribers?
"The operators who lead commercially over the next five years will be those who can deliver something more valuable than fast, cheap connectivity: a trusted digital environment for every subscriber."
Operators are no longer passive victims they are direct targets of increasingly sophisticated attacks on critical infrastructure.
EU NIS2 introduces board-level accountability and material financial penalties for non-compliance. Inaction is no longer a neutral position.
The UK Fraud Strategy 2026 2029 names telecoms operators as critical control points in the national fraud response for the first time.
BlackDice Halo integrates into existing routers via SDK, TR-069/369 or containerised deployment. No hardware changes required.
A self-learning AI engine using federated machine learning to analyse device behaviour and neutralise zero-day threats in real time. Predicts malicious behaviour by detecting deviations from established behavioural baselines not by waiting for signature database updates.
Carrier-grade analytics translating raw network telemetry into actionable business intelligence. Real-time threat visibility, telemetry linked to QoE and churn indicators, policy control. Built for operator scale not adapted from enterprise tools.
A white-labelled consumer application giving families and businesses intuitive control over their digital security. Turns security from an invisible service into something subscribers can see, value, and stay for. Strengthens the operator-subscriber relationship at every interaction.
Operators are now accountable for whether their networks are fast and whether their subscribers' digital environments are safe. These are current obligations, not future ones.
NIS2 expanded cybersecurity obligations for digital infrastructure and telecom operators introducing stronger enforcement powers, board-level accountability, and fines of up to 2% of global turnover for non-compliance.
For the first time, the UK Fraud Strategy names telecoms operators as critical control points in the national fraud response. Demonstrable proactive controls are now expected and the absence of them is becoming a regulatory and reputational liability.
US regulators enacted sweeping restrictions on foreign-manufactured consumer routers in March 2026. The EU Cybersecurity Act mandates infrastructure security refresh. Router security has been elevated from an IT concern to a national security priority.
All three deployment tiers share the same underlying intelligence engine and upgrade without re-platforming.
Blocks malicious domains, phishing infrastructure and scam traffic across the full subscriber base. No router changes. No CPE dependency. Powered by the same BlackDice IQ threat intelligence as the full platform. The fastest path to a live security proposition.
Real-time mobile behavioural intelligence, session risk scoring, scam call and SMS detection, device integrity signals. Integrates into your existing subscriber-facing application in days. Particularly valuable for mobile operators with exposure to scam call and SMS phishing volumes.
The complete BlackDice Halo platform embedded directly into your existing CPE estate. Full DPI, all-device IoT protection, zero-day behavioural detection and carrier-grade operator intelligence via BlackDice Retina. Protects all traffic from all devices, including encrypted streams and unmanaged IoT.
Talk to BlackDice to understand how the three outcomes confidence while connected, security of experience, and security of economics translate to your network, your subscriber base, and your commercial roadmap.
Most fraud prevention tools authenticate the customer. The BlackDice Mobile SDK understands the context surrounding the customer and that is where fraud actually begins. Real-time behavioural intelligence, session risk scoring and scam detection, embedded directly into your existing application.
Authorised push payment fraud, social engineering and account takeover have one thing in common: they exploit the gap between a technically successful authentication and a genuinely safe transaction. The customer is real. The credentials are correct. The fraud happens anyway.
The signal that would have stopped the fraud was there a scam call in progress, a remote access app active, a compromised device but no tool was looking for it. BlackDice closes that gap by reading the context surrounding the session.
"APP fraud is not a technology problem. It is an intelligence gap. Most tools authenticate the customer. BlackDice understands what is happening around the customer at the moment of risk."
Authorised push payment fraud has overtaken card fraud as the primary financial crime vector. The PSR reimbursement mandate makes this directly material to financial institution P&L.
The perpetrator is typically in voice or SMS contact with the victim at the moment the fraudulent payment is authorised. That signal is detectable without the right tooling, it is invisible.
Jailbroken devices, accessibility service abuse and credential-harvesting malware create the conditions for account takeover before the first login attempt.
Financial institutions are now required to reimburse APP fraud victims in most cases. The cost of a missed signal is now a direct liability.
When a fraudster persuades a customer to initiate a payment themselves, traditional authentication passes without friction the customer is real, the credentials are correct. BlackDice detects the behavioural context that precedes APP fraud before the transaction is confirmed.
Account takeover often begins with a compromised device. BlackDice identifies device integrity anomalies before the login attempt reaches your authentication layer enabling step-up challenges or session termination before compromise occurs, not retrospective investigation after it already has.
Scam calls and phishing SMS remain the primary first contact in social engineering attacks on banking customers. The SDK identifies known scam number patterns, real-time call activity correlated with active banking sessions, and suspicious SMS behaviour.
For the first time, the UK Fraud Strategy names financial institutions and telecoms operators as critical control points in the national fraud response. The SDK provides the auditable, real-time fraud signal data to demonstrate compliance.
PSD2 SCA requirements demand risk-based authentication. The BlackDice SDK provides a real-time behavioural risk signal that informs dynamic authentication decisions reducing friction for low-risk sessions while increasing scrutiny where signals indicate elevated risk.
Consumer Duty requires firms to demonstrate they are actively protecting vulnerable customers from foreseeable harm including fraud. The BlackDice SDK provides the evidential layer: logged risk signals, intervention triggers and outcome data that supports regulatory examination.
Most fraud prevention tools authenticate the customer. The BlackDice SDK understands the context surrounding the customer and that is where fraud actually begins. Talk to our financial services team to understand how the SDK maps to your specific risk environment.
We believe everyone deserves a safe, trusted digital environment. BlackDice was built to make that a reality embedded in the networks people already rely on, protecting them automatically, at scale.
The internet has become the foundation of daily life for families, businesses, healthcare, and communities. Yet the infrastructure that delivers connectivity has never been built with security at its core.
BlackDice changes that. We embed intelligence and protection directly into the network layer, so every subscriber is defended from the moment they connect without downloading an app, configuring settings, or thinking about it at all.
"Telecoms operators sit at the point of presence for billions of people. BlackDice gives them the tools to turn that position into protection."
Every subscriber feels safe, whatever they do online. Threats are neutralised before they cause harm, without any disruption to the experience.
Banking, remote work, healthcare all protected from disruption caused by threats or fraud. The digital services subscribers rely on remain uninterrupted.
Financial harm from cybercrime is prevented at the network level. Scams, fraud, ransomware stopped before they reach the subscriber's bank account.
BlackDice works with telecoms operators, managed service providers, and hardware vendors who want to deliver security as a native capability not an add-on.
Deploying BlackDice Halo within their infrastructure to protect millions of subscribers at scale, with zero hardware changes and full carrier-grade analytics.
Embedding BlackDice into managed connectivity services for business subscribers, adding a security layer without rebuilding infrastructure.
Integrating the BlackDice edge agent at device level, enabling security to ship as a standard feature in every router that leaves the factory.
Talk to our team about how BlackDice deploys within your infrastructure to protect your subscribers from day one.
As South-east Asian telecoms operators accelerate investment in 5G and fibre infrastructure, the question of how to monetise that investment is becoming increasingly urgent. BlackDice explores why cybersecurity is the next major revenue opportunity for the region's operators.
Strategic partnership extends BlackDice's footprint across South-east Asia, protecting millions of additional subscribers at network edge.
European and UK regulation is moving operators from passive connectivity providers to active participants in digital safety. Here's what that means in practice.
Recognition highlights BlackDice's approach to behavioural intelligence and telco-native deployment as differentiated in a crowded market.
Static signatures and known threat lists are no longer sufficient. We explore why the future of network security is behavioural, not binary.
Our team shares what operators are telling us about their security priorities, and how the conversation has shifted since 2025.
New capital will fund expansion across APAC, MENA and Latin America, supporting operators navigating new cybersecurity regulations.
BlackDice is addressing a $2 trillion market opportunity (McKinsey) with 90% of it still untapped. We give telecoms operators the infrastructure to deliver security as a native service, generating new recurring revenue at scale.
The global cybersecurity market is enormous, but the network-layer, telecoms-native segment remains structurally underserved. Most security solutions are sold to enterprises not embedded in the infrastructure that connects consumers and SMBs.
BlackDice targets this gap: embedding security within operator infrastructure, creating a defensible recurring revenue model that scales with subscriber growth not deal-by-deal enterprise sales.
BlackDice IQ (AI engine), Retina (operator console) and Angel (subscriber app) each defensible independently, exponentially stronger together.
BSNL India, CBN Indonesia and Turkcell Turkey with pipeline extending across APAC, MENA and Latin America.
EP3231153B1, GB2533101 and AU2015359182 protecting the core architectural position that competitors cannot replicate without a direct operator relationship.
The AI-powered intelligence layer. Ingests signals from network, device, and behavioural sources. Continuously learning. Generates risk scores and threat intelligence that drives enforcement decisions in real time.
Full network visibility and control for operators. Real-time threat intelligence, subscriber analytics, and policy management from a single interface.
On-device telemetry, family protection controls, and real-time security awareness delivered as a white-label experience that operators brand as their own.
BlackDice is scaling into the markets with the fastest-growing subscriber bases, strongest regulatory tailwinds, and greatest unmet demand for network-level security.
Fastest growing 5G subscriber base globally, with emerging regulatory frameworks creating operator demand.
Rapid mobile-first infrastructure build-out with governments driving digital trust mandates.
Operators scaling connectivity as subscriber base expands, with significant unmet demand for security services.
"BlackDice is building the security infrastructure layer that telecoms operators have needed for a decade. The combination of edge enforcement, behavioural intelligence, and telco-native deployment is genuinely differentiated."
MARKO ELAZAR CEO, NOVA DEFENSE
For investor relations, funding enquiries, or to request our investor deck:
invest@blackdice.ai →Whether you're an operator, investor, or partner we'd love to hear from you.
See BlackDice Halo in action. Our team will walk you through a live demonstration tailored to your infrastructure and subscriber base.
For general questions, press enquiries, or partnership opportunities:
info@blackdice.ai →For funding enquiries, investor deck requests, or strategic partnership discussions:
invest@blackdice.ai →BlackDice Cyber Ltd
17th Floor, The Pinnacle
67 Albion Street
Leeds LS1 5AA
United Kingdom
For press and media enquiries, including interview requests, bylines, or brand assets, please contact our communications team.
View our newsroom →