Detection Types Reference
Robost recognizes the detection types listed below. Each type has a stable code used in policies and API responses. This page is generated from the product registry — if you add a new detection type, rebuild the docs to refresh this reference.
| Label | Category | Description |
|---|---|---|
| Access Keys | Security | Access Keys include API keys, service account credentials, SSH keys, and other machine-to-machine authentication tokens used to access cloud services, databases, and internal systems. Exposure of access keys can grant attackers immediate unauthorized access to critical infrastructure, enabling data exfiltration, resource abuse, and lateral movement across connected systems. |
| Billing and Payment Information | Financial Services | Billing and Payment Information encompasses invoices, billing addresses, payment methods on file, subscription details, and transaction records tied to customer accounts. Unauthorized disclosure can facilitate financial fraud, unauthorized charges, and violations of PCI DSS and consumer financial protection regulations. |
| Bulk PII | Personally Identifiable Information | Bulk PII refers to large-scale datasets containing personally identifiable information such as names, addresses, dates of birth, and government identifiers for many individuals at once. The volume and aggregation of this data dramatically increases the risk of mass identity theft, regulatory penalties, and reputational damage if exposed. |
| Clinical Trial Data | Healthcare | Clinical Trial Data includes patient enrollment records, study protocols, adverse event reports, interim results, and regulatory submissions related to pharmaceutical or medical device trials. This data is subject to strict FDA, EMA, and ICH-GCP regulations, and premature disclosure can compromise trial integrity, violate participant privacy, and affect stock valuations of sponsoring companies. |
| Customer Authentication Data | Security | Customer Authentication Data includes passwords, password hashes, multi-factor authentication secrets, security questions and answers, session tokens, and OAuth credentials belonging to end-users. Exposure enables account takeover attacks, credential stuffing, and unauthorized access to customer accounts across services where credentials may be reused. |
| Customer PII | Personally Identifiable Information | Customer PII includes names, contact details, purchase history, account credentials, and payment information belonging to clients and end-users. Breaches of customer PII trigger regulatory notification requirements under GDPR, CCPA, and similar frameworks, and erode consumer trust and brand reputation. |
| Electronic Health Records | Healthcare | Electronic Health Records (EHR) contain comprehensive patient medical histories including diagnoses, medications, lab results, imaging reports, and provider notes stored in digital health systems. EHR data is protected under HIPAA, HITECH, and international health data regulations, and unauthorized access can lead to severe penalties, medical identity theft, and compromised patient care. |
| Employee Financial Information | Human Resources | Employee Financial Information includes salary details, bonus structures, stock option grants, tax withholdings, bank account numbers for direct deposit, and retirement plan contributions. Organizations are legally obligated to protect this data under employment and tax regulations, and its exposure can lead to discrimination claims, financial fraud, and erosion of employee trust. |
| Employee PII | Personally Identifiable Information | Employee PII includes social security numbers, home addresses, dates of birth, emergency contacts, performance reviews, and medical accommodations. Organizations have a legal and ethical obligation to protect this data under employment and privacy regulations such as GDPR and state privacy laws. |
| Employment Records | Human Resources | Employment Records encompass hiring documents, offer letters, disciplinary actions, termination records, immigration status, background check results, and leave histories. These records are subject to employment law protections and their unauthorized disclosure can expose the organization to lawsuits, regulatory fines, and employee grievances. |
| Financial Projections | Confidential Business Information | Financial Projections include revenue forecasts, earnings estimates, budget plans, and cash flow models used for strategic planning. Leaking this forward-looking data can violate securities regulations such as Regulation FD and provide competitors with strategic intelligence about the organization’s financial trajectory. |
| General PII | Personally Identifiable Information | General Personally Identifiable Information (PII) includes any data that can be used to identify an individual, such as names, addresses, phone numbers, dates of birth, and government-issued identifiers. Protecting general PII is critical to comply with privacy regulations like GDPR and CCPA, and to prevent identity theft or unauthorized disclosure. |
| Insurance Claims Data | Financial Services | Insurance Claims Data includes filed claims, adjudication records, payout amounts, loss descriptions, policyholder details, and fraud investigation notes. Disclosure can expose sensitive personal circumstances, enable insurance fraud, violate state insurance regulations, and compromise ongoing investigations. |
| Investment Portfolio Data | Financial Services | Investment Portfolio Data includes holdings, positions, allocation strategies, performance metrics, and trading activity for institutional or client portfolios. Unauthorized disclosure can lead to front-running, market manipulation, or loss of competitive advantage in asset management. |
| Legal Discourse | Legal | Legal Discourse encompasses attorney-client privileged communications, legal memoranda, case strategy documents, regulatory correspondence, and litigation hold notices. Unauthorized disclosure can waive attorney-client privilege, undermine legal strategy, violate court orders, and expose the organization to adverse legal outcomes. |
| Mergers and Acquisitions | Confidential Business Information | Mergers and Acquisitions (M&A) Data encompasses sensitive information involved in the planning, negotiation, and execution of mergers, acquisitions, divestitures, and other business restructuring activities. Protecting M&A data is essential to prevent information leaks that could trigger insider trading, violate securities regulations, and undermine deal negotiations. |
| Payment Transactions | Financial Services | Payment Transactions include records of credit card charges, wire transfers, ACH payments, refunds, chargebacks, and associated metadata such as merchant details and authorization codes. This data is subject to PCI DSS requirements and financial regulations, and its exposure can enable unauthorized transactions, financial fraud, and regulatory penalties. |
| Private Credit Agreements | Financial Services | Private Credit Agreements include loan terms, covenants, interest rate structures, collateral arrangements, and lender syndicate details for non-public debt instruments. Disclosure of these agreements can breach confidentiality provisions, affect credit ratings, reveal financial vulnerability, and provide competitors with intelligence on the organization’s capital structure. |
| Proprietary Source Code | Intellectual Property | Proprietary Source Code represents internal algorithms, architectures, and implementations that constitute core competitive advantages and trade secrets. Exposure can enable competitors to replicate products, discover exploitable vulnerabilities, circumvent licensing agreements, and undermine the organization’s intellectual property portfolio. |
| Protected Health Information | Healthcare | Protected Health Information (PHI) includes medical records, diagnoses, treatment plans, insurance claims, prescription data, and any individually identifiable health information covered by HIPAA. Unauthorized disclosure carries severe regulatory penalties, can cause significant harm to individuals, and triggers mandatory breach notification obligations. |
| Sales Pipeline Data | Confidential Business Information | Sales Pipeline Data details prospective deals, proposal values, customer engagement stages, win/loss forecasts, and competitive positioning notes. Exposure reveals commercial strategy, pricing approaches, and customer relationships to competitors, potentially undermining active negotiations and future revenue. |
| Security Incident Reports | Security | Security Incident Reports document details of breaches, vulnerabilities, attack vectors, remediation steps, and forensic findings from security events. Premature or unauthorized disclosure can expose unpatched vulnerabilities, compromise ongoing investigations, trigger regulatory scrutiny, and provide attackers with intelligence about the organization’s security weaknesses. |
| Settlement and Dispute Resolution | Legal | Settlement and Dispute Resolution data covers active litigation details, settlement negotiations, arbitration proceedings, mediation records, and related financial terms. Premature disclosure can undermine legal strategy, violate court orders, breach settlement confidentiality clauses, and prejudice ongoing negotiations. |
| Source Code | Intellectual Property | Source Code includes application code, configuration files, infrastructure-as-code templates, and build scripts that may belong to the organization or its customers. Unauthorized sharing of source code can expose business logic, security mechanisms, API structures, and deployment configurations that attackers or competitors can exploit. |
| Stored Credit Cards | Financial Services | Stored Credit Cards include full or partial card numbers, expiration dates, cardholder names, and associated billing information retained in databases or payment systems. This data is strictly regulated under PCI DSS, and its exposure can result in massive financial fraud, mandatory forensic investigations, significant fines, and loss of payment processing privileges. |