# Whisper for Agriculture: give every machine an identity it can prove

> A harvested token and a guessable serial shouldn't be able to reach every
> machine on the land. The address **is** the machine: a routable,
> DNSSEC-anchored /128 no one can forge, revocable by the owner in a single,
> publicly verifiable call. Additive to your SOC and SIEM.

The abuser logs in with a real grower's OAuth grant, so they pass every auth
check, then rotate across Amazon, Google and Azure until all your SOC has
logged is a meaningless *last IP*. The yield maps, field boundaries and
as-applied records leave quietly, and the farmer who owns that data never
learns it happened. It works for one reason: your machines have no identity
they can prove. **We give them one.**

`whisper verify --trustless` · anchored at the IANA DNS root. Our own API is not in the trust path.

- **400M+** engaged acres flow through a single OEM's farm-data platform
- **365d** how long one refresh token keeps a farm-platform grant alive
- **~2×** ransomware against food & agriculture roughly doubled in 2025 (Food & Ag-ISAC)
- **$11M** the ransom one processor paid; it handled about a fifth of US meat
- **~$5M** of looted farm equipment remotely disabled in 2022; nobody could verify who threw the switch
- **2028** FSMA 204 food-traceability records come due on 20 Jul 2028

---

## The attack, step by step

**This is how a whole co-op's data gets harvested by someone who was never a customer.**
No zero-day. No malware. Just authorization logic used exactly as built, at farm scale.

1. **RECON**: an equipment PIN is a structured, *guessable* 17-character string stamped on the frame and printed in every auction listing. A grower's email address is enough to begin.
2. **CREDENTIAL**: phish an FMIS login, or reuse an OAuth grant whose refresh token stays valid for a year. Now they hold a real, valid session, portable to any IP on earth.
3. **PASS AUTH**: the farm-data backend authorizes it; nothing is broken, the token is genuine. One BOLA/IDOR flaw turns *one* grower's account into *any* grower's fields. A researched disclosure once reached owner name, home address, equipment ID and VIN from a guessable identifier alone.
4. **SCALE**: one IP, a whole co-op. Enumerate organizations and fields; pull yield maps, boundaries, as-applied and input records, low-and-slow, under every rate limit.
5. **ROTATE**: egress hops Amazon → Google → Azure, or a residential-proxy swarm, every few requests. Your SOC sees a fresh last IP and correlates nothing.
6. **MONETIZE**: agronomic data resold. Field boundaries, yields and input plans traded with no consent and no contract: a data-sovereignty incident, not only a security one.

Invisible at the network layer by design: a real grower is *one IP to one farm*;
the abuser is *one operator to thousands*, and every IP they ever show you is
disposable. The stakes are not hypothetical: attacks on food and agriculture
roughly doubled in 2025, a ransomware attack halted an equipment maker's
production in planting season 2022, and one processor paid $11M to restart
plants that handle about a fifth of US meat.

---

## Strip the incident down and it isn't a hundred bugs. It's two.

Every step in that chain leans on exactly two structural gaps that every
connected-agriculture program shares. Close both and the attack has nowhere left to stand.

### Gap 1 · you can't follow them when the IP rotates

Rate-limit an IP and they spin up a fresh one. The egress is disposable; the
last IP *was never the attacker*. So you block noise while the operator keeps working.

**The answer: the graph.** A live internet-infrastructure graph, **7.44B**
nodes and **39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting
and threat intelligence, answering in under 300 ms, fingerprints the *operator*, not
the IP. Two levers, kept honestly separate:

- **Cloud rotation**: the graph clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy.
- **Residential-proxy swarm**: where a subscriber IP gives an infra graph nothing to grab, a `JA4/JA3` client fingerprint travels with the *tooling* regardless of the exit and collapses the swarm to one operator.

Every answer returns a reproducible **evidence chain** your SOC, your auditors and a
regulator can replay. The verbs: `identify(ip)`, `origins(prefix)` + `walk(node,depth)`,
`history` / `watch`, and arbitrary read-only Cypher ("one source touching N distinct
machine-identities in a window").

> **"When they rotate residential proxies and fresh cloud IPs, can you actually attribute them, or just rate-limit an IP and move on?"**
> Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client
> fingerprint collapses the residential swarm. The egress IP is the one thing we don't rely on.

### Gap 2 · abuse that passes auth looks legitimate

A harvested grant or a leaked partner-API key *is* a valid credential. Behaviorally
it's a grower. Nothing at the perimeter separates it, because the credential is a
bearer secret: whoever holds it can present it. And on the wire below the cloud, an
ISOBUS `NAME` is a self-declared claim, not a cryptographic proof.

**The answer: identity.** Bind the session to the machine's own forge-proof **/128**,
an address derived from the key already sitting in the machine's secure element, one
the machine can prove and no broker can. A harvested token without the machine's leaf
key simply *fails*, and every access that does happen leaves a per-identity trail the
farmer can be shown.

> **"A leaked API key or a valid partner session looks legitimate; how do you catch abuse that passes auth?"**
> You bind authority to the machine, not the bearer. State-changing commands
> terminate mutually-authenticated to the *target machine's* /128, the machine
> co-signs, so a platform or partner session can't reach a serial it can't
> cryptographically address. A request that passes auth but can't prove the identity
> never had authority in the first place.

Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.

---

## The root-cause cure · identity

**Give every machine an identity it can prove, and no one can forge.** Stop treating
equipment-API abuse as a detection problem and make it an *identity* problem:
strictly stronger. Whisper has one primitive: **the address is the identity.**

A routable IPv6 **/128** out of `2a04:2a01::/32` (announced by **AS219419**),
deterministically derived from a key, DNSSEC-anchored, **DANE-EE** pinned,
RDAP/WHOIS-registered: re-derivable and verifiable by anyone with `dig`.
`whisper verify --trustless` checks it against the IANA root; *our own API is not in the trust path.*

**Point it at machines.** Derive each tractor's, implement's or ECU's /128 from the
hardware key it already holds: the secure element or TPM, with the **17-character
equipment PIN or an implement/ECU serial as the domain separator**. The private key
never leaves the secure element; the address is a one-way function of its public half
and the PIN. The platform then authorizes on the machine's *pinned identity*, not a
stealable token. And where ISOBUS (ISO 11783 over J1939/CAN) gives a device a `NAME`
that is only a claim, the /128 is the cryptographic counterpart at the machine↔cloud boundary.

```
secure element / TPM  ──pubkey + PIN──▶  /128  ──DNSSEC+DANE-EE──▶  a name anyone can verify
(the machine's device key,               2a04:2a01:…::a6f1           whisper verify --trustless
 never leaves the chip,                  routable identity           our API not in the trust path
 key stays sealed)                                                   op:revoke → owner-thrown, public
```

What becomes true the moment you do this:

- **"1 IP → a whole co-op" becomes physically impossible.** Every forgery is a DNSSEC/DANE inconsistency any verifier catches.
- **IP rotation becomes irrelevant.** Identity is not the source IP; the "last IP" was never the credential.
- **Harvested grants fail.** The broker's server doesn't hold the machine's per-/128 leaf key.
- **One `revoke`, thrown by the owner, verifiable by anyone**: `dig -x` returns nothing, verify returns false. A kill-switch with a paper trail, never a covert lockout.

**Attaches to what you already ship; it does not replace it.** Whisper complements
the ISOBUS (ISO 11783) `NAME` and AEF Guideline 040's ISOBUS security principles, the
secure element or TPM in the telematics gateway, and the X.509 device-cert mTLS your
OEM cloud already runs. It is the publicly verifiable, DNSSEC/DANE-anchored layer
*on top*: no bespoke CA trust store to push to every machine, and revocation at
DNS-TTL speed instead of CRL/OCSP soft-fail. It never reaches into the ISOBUS/J1939
bus itself or the tractor-implement (TIM) safety functions.

**The PIN is the public index; the /128 is its cryptographic counterpart.** The /128
is bound to the device's key as well as the PIN, so PIN alone yields nothing: you
cannot go PIN → /128 without the key, there is no enumerable directory, and
RDAP/reverse-DNS return the registry object, never the machine's whereabouts.

**Lifecycle, end to end, including the auction.** Factory key burn → in-life
authorization → incident `revoke`. Farm equipment changes hands more than cars do: a
trade-in or auction sale is one `revoke` and a re-register to the new owner, so the
data trail transfers with the title instead of leaking past it. Compromise one ECU
and you've compromised *that ECU*, not the fleet.

**The kill-switch, with accountability.** In 2022, roughly $5M of farm equipment
looted from a dealership in an occupied city was remotely disabled. The switch
worked, and it also proved the point: remote disablement is real power, and today it
is unverifiable power. Whisper's `revoke` is the accountable version: thrown by the
registered owner, visible in public DNS, checkable by anyone with `dig`. Explicitly
*not* a covert OEM lockout.

Maps to **ISO 24882** (agricultural-machinery cybersecurity, DIS registered October
2025 in ISO/TC 23/SC 19, carrying the UN R155 lineage into agriculture), **AEF
Guideline 040** (ISOBUS security principles), the **EU Data Act** (in force since
12 Sep 2025 and reaching connected farm machinery), **Ag Data Transparent** (farmers
own their farm data) and the **FSMA 204** / **EUDR** traceability wave. Know,
attribute and revoke every machine, delivered as a network primitive, not a
compliance binder.

---

## The next surface · autonomy & AI agents

**The same primitive governs the autonomous machines and AI agents your fields are
about to run.** Autonomous 9RX-class tractors already work fields without a person in
the cab; ag drones fly under FAA Remote ID; agronomy copilots read and write farm
data on a grower's behalf. Every one of them is an agent making network calls, and
today the answer to "which one did this" is a shrug at a shared NAT address.

- **Which agent did this is the source address**: every autonomous machine, drone controller and agronomy agent egresses from its own routable /128.
- **Every query and connection is logged per-agent**, queryable live via `op:logs`: the trail the farmer can be shown.
- **Policy on every query**: a graph-first resolver and bound egress enforce category, geography, ownership and routing; default deny, allow or block by name or subdomain. An autonomous tractor that should only ever talk to its OEM's ops endpoints simply can't talk to anything else.
- **Inbound agents are verifiable**: FCrDNS, RDAP, `whisper verify`. Per-agent budgets, a kill-switch, one `revoke`.

---

## Prove it in 60 seconds · no account

Two tiers, by design. **No key:** anyone can verify a machine's identity, resolve it,
and back-trace a suspicious host, trustless, anchored at the IANA root. **Your key:**
register a machine, govern its agents, revoke it worldwide.

```sh
# keyless: re-derive and verify any machine's identity, trustless
$ whisper verify --trustless 2a04:2a01:1c0::a6f1
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the identity's key
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED, and our own API was never trusted

# the address is the machine: reverse DNS names it
$ dig -x 2a04:2a01:1c0::a6f1 +short
  pin-1agcm82633a.farm.example-oem.whisper.online.

# who really operates a suspicious host: the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```sh
# give a machine a name it can prove, and govern its agents
$ export WHISPER_API_KEY=whisper_live_xxx
# --pin/--from-secure-element are on the roadmap; today the 17-char PIN rides the live control-plane vin arg (see docs)
$ whisper register --pin 1AGC… --from-secure-element
  → identity 2a04:2a01:1c0::a6f1   DNSSEC + DANE live
$ whisper policy set --default deny --allow ops.example-oem.com,updates.example-oem.com
$ whisper revoke 2a04:2a01:1c0::a6f1   # owner-thrown, publicly verifiable, at DNS-TTL
```

Bring your fleet home → <https://console.whisper.security/sign-up> · Read the [docs](/docs).

---

## Where Whisper fits

**Your SOC sees *that* an API is abused. Whisper tells you *who*, and proves it's
really the machine.** The best behavioral vehicle SOC on the market, Upstream, is
extending into agricultural OEMs and engaging publicly on ISO 24882; it detects abuse
at the app layer, inside your own cloud, and its digital twin is good at it. That's
necessary, and it's where the picture stops. Whisper adds the two layers no one else
owns: an internet-infrastructure attribution graph that fingerprints the adversary
across rotating clouds and residential proxies, and an equipment/agent identity plane
that tells a legitimate machine from an impostor *after* auth, checkable with stock
`dig` and revocable worldwide in one call.

| | Upstream | Whisper |
|---|---|---|
| Detect API abuse in your cloud (BOLA, business-logic) | ✓ | *additive feed* |
| Attribute the operator across rotating clouds / residential proxies | – | ✓ |
| Forge-proof per-machine / per-agent identity **after** auth | – | ✓ |

It's depth on top of the stack you already run: it rides on the same X.509
device-cert mTLS your equipment cloud already speaks and maps straight to your
**ISO 24882** and **Data Act** evidence, landing as a machine-readable feed into your
SIEM (the **Splunk** and **Microsoft Sentinel** connectors ship today), enrichment
that makes **Recorded Future**, **Mandiant** and Sentinel sharper. It doesn't replace
them, and it doesn't add a console your analysts babysit. [See the full comparison →](/compare)

---

## Built for the people who have to sign off

**Additive to your stack. Mapped to your standards. Priced so you can say yes.**
Three planes on one primitive: identity, attribution graph, agent governance, and all
three exit into the stack you already run, not a new silo.

- **Feeds your SIEM, not another console.** The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields, with STIX 2.1 over TAXII export on the roadmap. The evidence chain is signed, replayable JSON you can hand a regulator, or a farmer.
- **Speaks your compliance language.** Maps to ISO 24882 (DIS, October 2025) and AEF Guideline 040 evidence, to the EU Data Act's authorized-party line, and to Ag Data Transparent's core promise: farmers own their data, and now you can show them the trail.
- **In your auth path, and safe there.** It rides *on top of* the X.509 device-cert mTLS your equipment cloud already runs. The DANE/verify plane is built to fail open: a Whisper outage never parks a tractor mid-harvest; checks degrade to your existing anchors. Anycast on AS219419, no single node in the path.
- **Flat, predictable pricing.** Per-machine/year and flat: not per-transaction, not usage-metered, not per-acre. A line item you can forecast. [See pricing →](/pricing)
- **On-prem or your own tenant.** Data residency and GDPR by construction: data sovereignty for the platform is what you already promise the farmer; this is the version you can prove.
- **A vendor that will still be here.** Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start.

---

## Give every machine an identity it can prove.

The address is the machine: routable, DNSSEC-anchored, revocable by the owner in one
publicly verifiable call. Keyless to try, one call to provision, one more to revoke.

Bring your fleet home → <https://console.whisper.security/sign-up> · [For OEM security →](/oem-security)

Or run `whisper verify --trustless` right now.

---

*Whisper for Agriculture · Identity on the wire for the connected farm · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
