Kodex

Government portals have authentication built in. Under the EU eEvidence regulation, orders will arrive via systems such as e-CODEX, each with its own security mechanisms. Most organizations will treat that authentication as sufficient. But the compromise history of government systems suggests otherwise. Under the new regulation, each workflow and API connection includes additional verification checks that use agent-specific data and other signals to independently validate the authenticity of requests beyond the portal. Portal authentication is the starting point. The verification layer on top of it is what accounts for how government systems actually behave, not just how they are designed to behave. With enforcement beginning on August 18, that distinction is where the compliance risk lies. Stay ahead of the conversation: https://bit.ly/4u0cSqU

The next Kodex Global Keynote. June 30. We're showing what comes after the network. Legal requests still run on infrastructure built for a different era: faxes, PDFs, manual portals, and inboxes that nobody owns and everyone tolerates. For the past year, Kodex has been building what comes next. There's a reason this work has been quiet. That changes on June 30. ➡️ https://bit.ly/4uMMwd5

A former FBI agent founded Kodex. Our team brings together backgrounds in law enforcement, cybersecurity, legal operations, and trust and safety, united by work that sits at the intersection of security, privacy, and justice. The infrastructure we build connects law enforcement and the private sector so data exchanges happen securely, responsibly, and at the speed real investigations require. When it works, fraud gets stopped, cases move forward, and real people are protected from harm. We're hiring across Marketing, Product, Sales, and Software Engineering for people who want to be part of that work. ➡️ https://bit.ly/4v7IzPY

Tech companies receive law enforcement data requests continuously. Most are genuine, but a growing subset aren't; they are engineered to be structurally indistinguishable from legitimate ones, using compromised government credentials sold on the dark web, spoofed agency domains, forged court orders built from leaked templates, and, increasingly, AI-generated impersonation. No single organization has the cross-network visibility needed to detect these patterns on its own. Identifying a fraudulent request requires knowing whether a credential is currently active and uncompromised, whether a sender has appeared in suspicious requests across other platforms, and whether the request pattern has already been flagged elsewhere in the ecosystem. Kodex addresses this through a continuously monitored network of 15,000+ verified agencies and 140,000+ verified investigators, with real-time credential status delivered via webhooks. If a credential is deactivated or flagged after a request is submitted, the receiving platform is notified immediately. The verification layer is built on OIDC and can be integrated into existing portals in days. Learn more: https://bit.ly/3PLqFn2

Attackers no longer need to break into systems. They buy access. The rapid proliferation of AI-driven phishing, session hijacking, and infostealer malware has created an industrialized supply of valid, stolen credentials available on the dark web before most organizations know they have been compromised. The threat vector has shifted from exploiting code vulnerabilities to abusing legitimate access. Once an attacker has valid credentials, they inherit the legitimate user's permissions and blend into normal access patterns. The defense has to shift accordingly, from preventing credential theft to detecting misuse of legitimate access before the blast radius grows. For teams managing law enforcement data requests, the implication is direct. Compromised government credentials are bought and sold specifically to impersonate trusted authorities and extract sensitive data from companies. Shared verification intelligence across the ecosystem is how that threat gets addressed before sensitive data is disclosed. Read the full SecurityWeek article: https://bit.ly/3RM1gu7

When compromised law enforcement accounts are being used to fraudulently extract customer data, real-time verification is the baseline. Since announcing Kodex Verify, dozens of the world's largest companies have already signed up to check officer credentials before responding to requests. As request volumes grow, building verification into the front of the process is becoming the new standard of care. https://bit.ly/3PLqFn2"

Threat actors are no longer trying to break into law-enforcement data-request workflows. They're operating within them, using stolen credentials, forged legal documents, and compromised government inboxes to navigate processes built on institutional trust. The threat landscape has matured. The verification standard has to match it.

Law enforcement investigators have historically sent legal process requests into email inboxes with no visibility into whether anyone received them, reviewed them, or would respond. Some were still sending faxes. The friction in that process has real consequences. Delayed responses slow investigations, and cases stall. When the infrastructure connecting law enforcement and the private sector creates barriers instead of removing them, the people most affected are the ones the system is meant to protect. 140,000 investigators are now on the Kodex network, doubling year over year. The adoption reflects what happens when that friction gets removed. https://bit.ly/4dGia4C

86% of fraudulent law enforcement domains in Q3 2025 impersonated local and state agencies rather than federal ones. The reason is structural. Local departments often operate outside the federal .gov namespace, making lookalike .us domains cheap to register and difficult to screen. A request from a local department gets less friction than one from a federal agency. Attackers know it, and they plan around it. It's an example of a deliberate targeting strategy that exploits the uneven scrutiny organizations apply based on perceived institutional weight. Familiarity is not the same as legitimacy. Independent verification at the point of request, regardless of jurisdiction, is a necessary baseline.

AJ Iafrate, Ian Lynch, and Tyler Steele were in Miami recently for the ACAMS South Florida Chapter's Major Sporting Events and Exploitation Risk Prevention Through Financial Intelligence symposium. The point he made on stage is directly relevant to any team managing legal requests during a high-volume event. Major sporting events such as the World Cup create significant spikes in law enforcement data requests. Teams that aren't operationally ready will slow down investigations at exactly the moment speed matters most. Law enforcement can't wait a month. The infrastructure handling those requests has to be built for that reality before the event begins, not after. Grateful to the ACAMS South Florida Chapter for the invitation and for putting together such an important event. BIG thanks to Lacee Monk, Christian Bermudez - CAMS, CPAML, and the moderator, Nicholas Schumann. https://bit.ly/4wVEIXS