High-quality labeled datasets, adversarial samples, and structured threat intelligence — purpose-built for teams training the next generation of AI security models.
Scroll to explore
50M+
Labeled Samples
12
Threat Categories
99.4%
Label Accuracy
The Problem
AI security teams are data-starved
Building threat detection models requires massive amounts of labeled security data — the kind that's nearly impossible to collect, clean, and annotate at scale without specialized expertise.
Most teams resort to synthetic data, small academic benchmarks, or proprietary siloes that don't generalize. ShieldSet solves this.
01
Scarce Ground Truth
Real-world malware, phishing, and intrusion samples are rare and fragmented across dozens of siloed repositories.
02
Poor Label Quality
Academic benchmarks contain errors, bias, and stale threat signatures that degrade model performance in production.
03
Adversarial Gaps
Models trained without adversarial samples fail the moment threat actors adapt. Defense requires knowing how attackers think.
Dataset Catalog
What We Offer
03 Categories
Dataset 01
Labeled Threat Intel
Structured, expert-labeled threat intelligence data spanning APT campaigns, IOCs, TTPs, and malware families — mapped to MITRE ATT&CK.
Dataset 02
Adversarial Samples
Carefully crafted adversarial examples for phishing, social engineering, and evasion attacks — battle-tested against production detection systems.
Dataset 03
Network Intrusion Logs
Normalized pcap-derived features, flow records, and labeled intrusion events — covering lateral movement, C2, exfiltration, and more.
Process
How It Works
From raw threat telemetry to model-ready datasets — ShieldSet handles the entire pipeline so your team can focus on building, not wrangling data.
01
Ingest & Normalize
We continuously collect threat telemetry from honeypots, dark web monitoring, partner feeds, and proprietary sensors — then normalize everything into consistent schema.
STIX/TAXIIJSONParquet
02
Expert Annotation
Every sample is reviewed by a team of certified security researchers. Multi-pass labeling with adversarial disagreement resolution ensures >99.4% accuracy.
MITRE ATT&CKCVEMulti-label
03
Versioned Delivery
Datasets are versioned, checksummed, and delivered via API or direct download. Every update includes a diff log so your pipelines stay reproducible.
REST APIS3Versioned
04
Continuous Updates
The threat landscape never sleeps. ShieldSet datasets are refreshed with new samples weekly — your models stay current without rebuilding from scratch.
Weekly RefreshDelta Feeds
Coverage
Threat Categories Covered
01
Malware Classification
Ransomware, trojans, worms, rootkits — PE binaries with dynamic + static features.
8.2M samples
02
Phishing Detection
URLs, email headers, HTML content, and screenshot features for phishing identification.
12.4M samples
03
Intrusion Detection
Network flows and host logs from simulated and real-world intrusion events.
6.1M events
04
Vulnerability Intel
CVE-linked exploit samples, patch diffs, and severity context at machine scale.
3.8M records
05
Social Engineering
Spearphishing lures, pretexting scripts, and vishing transcripts with intent labels.
2.1M samples
06
Supply Chain
Dependency confusion, typosquatting, and package tampering indicators.
940K packages
07
C2 Traffic
Labeled command-and-control communication patterns across known RAT families.
4.4M flows
08
Threat Actor TTPs
MITRE ATT&CK-aligned TTP chains mapped to nation-state and eCrime groups.
6,200 groups
Dataset Catalog
Cybersecurity Datasets
Expert-labeled, production-ready datasets for AI security teams. Log in to view full metadata and download options.
Services
Malware & Threat Detection
Comprehensive labeled datasets for training malware detection and classification models — sourced from active honeypots, dark web monitoring, and proprietary sensors, continuously refreshed.
Malware Classification
PE Binary Analysis
Ransomware, trojans, worms, rootkits with dynamic and static feature extraction. 8.2M labeled PE binaries with behavioral tags.
8.2M samples
Adversarial Samples
Evasion-Tested Examples
Adversarial examples crafted to bypass production detection systems, enabling robust model training against adaptive threat actors.
22M+ samples
MITRE ATT&CK Mapped
TTP-Aligned Intelligence
Every record mapped to MITRE ATT&CK tactics and techniques, enabling precise model training for structured threat detection.
6,200 groups
Threat Intelligence
APT & IOC Feeds
Structured intelligence across APT campaigns, indicators of compromise, and nation-state TTP chains — refreshed weekly.
18M+ records
Services
Network Intrusion & Traffic
Normalized pcap-derived features, labeled flow records, and C2 traffic patterns for network anomaly detection models — covering lateral movement, exfiltration, and C2 beaconing.
Network Intrusion
Labeled Intrusion Events
Network flows and host logs from real and simulated intrusion events covering lateral movement, privilege escalation, and data exfiltration.
6.1M events
C2 Traffic Analysis
Command & Control Patterns
Labeled C2 communication flows across known RAT families — enabling detection of beaconing, tunneling, and encrypted C2 channels.
4.4M flows
Services
Phishing & Fraud Data
Multi-modal phishing datasets spanning URL analysis, email headers, HTML content, and screenshot features — plus social engineering lures for spearphishing and BEC campaigns.
Phishing Detection
Multi-Modal Phishing Data
URLs, email headers, raw HTML, and rendered screenshot features — enabling multi-modal phishing classifiers with 12.4M labeled samples.
12.4M samples
Social Engineering
Spearphishing & Pretexting
Spearphishing lures, pretexting scripts, and vishing transcripts with fine-grained intent labels for social engineering detection models.
2.1M samples
Services
Vulnerability & Exploit Data
CVE-linked exploit samples, patch diffs, and severity context at machine scale — enabling AI models that predict exploitability, prioritize patching, and detect active exploitation.
Vulnerability Intel
CVE-Linked Exploit Data
3.8M CVE-linked records with exploit proof-of-concept samples, patch diffs, and CVSS-enriched severity context for vulnerability prioritization models.
Dependency confusion, typosquatting, and package tampering indicators across 940K malicious or suspicious packages — tagged by attack type and severity.
940K packages
Industries — Startups
Built for Teams Moving Fast
You're building the next generation of security tooling — but acquiring and labeling threat data shouldn't eat your runway. ShieldSet gives early-stage security companies immediate access to production-grade datasets so you can focus on building your product, not your data pipeline.
Ship faster
Skip months of collection
Get API access in minutes and integrate labeled threat data directly into your training pipeline. Skip the collection, cleaning, and annotation work entirely.
Stay lean
Pay-as-you-go pricing
Pay-as-you-go and Growth plans scale with your usage. No enterprise contracts, no procurement headaches, no minimums.
Stay current
Weekly dataset refreshes
Weekly dataset refreshes mean your models train on the latest threat signatures — without rebuilding your data infrastructure from scratch.
Industries — Academic / Research Labs
Rigorous Data for Serious Research
Academic benchmarks in cybersecurity are often outdated, small-scale, or contaminated with labeling errors. ShieldSet provides research labs with large-scale, reproducible datasets that reflect the current threat landscape.
Reproducibility
Versioned & checksummed
Every dataset is versioned and checksummed. Cite a specific version and other researchers can reproduce your exact experimental setup.
Label Quality
>99.4% accuracy
>99.4% label accuracy across all datasets — validated by certified security researchers with multi-pass review and disagreement resolution.
Documentation
Publication-ready
Datasets come with full schema documentation, label taxonomies, and provenance metadata — everything you need for a rigorous methods section.
Industries — Enterprise
Enterprise- Grade Data at Scale
Large security platforms need data that scales with their operations — custom schemas, high-frequency updates, SLA guarantees, and dedicated support. ShieldSet Enterprise is purpose-built for exactly this.
Customization
Custom datasets
Don't see exactly what you need? Our team builds custom datasets to your specification — mapped to your threat model and label taxonomy.
Freshness
15-minute updates
Enterprise customers receive data refreshes every 15 minutes — keeping detection models current against rapidly evolving threats.
Reliability
SLA guarantee
Uptime and delivery SLAs backed by contract. Your data pipelines are mission-critical — we treat them that way.
Support
Dedicated team
A named support team that knows your use case — not a ticket queue. A direct line to people who understand your data architecture.
Industries — Government
Data for National Security
Government agencies and defense contractors require data that meets strict provenance, compliance, and operational security requirements. ShieldSet works with public sector teams to deliver structured threat intelligence that meets federal standards.
Compliance
Provenance documentation
Full chain-of-custody documentation for every dataset — supporting compliance and audit requirements in regulated environments.
Interoperability
STIX/TAXII compatible
Data delivered in STIX/TAXII formats compatible with existing government threat intelligence platforms and SIEM integrations.
Delivery
Custom delivery options
Air-gapped delivery, on-premise licensing, and custom ingestion pipelines available for sensitive operational environments.
Developer
Quick Start
Get your first dataset in under 5 minutes. No setup required — just an API key and a few lines of code.
Step 1 — Get your API key
Sign up for a free account and copy your API key from the dashboard. No credit card required.
Step 2 — Install the SDK
pip install shieldset
Step 3 — Pull your first dataset
import shieldset as ss
# Initialize with your API key
client = ss.Client(api_key="your_api_key_here")
# List available datasets
datasets = client.datasets.list()
For dataset pulls exceeding 1M records, ShieldSet uses cursor-based pagination. The response includes a next_cursor token to pass in your next request:
Available filter fields vary by dataset. Refer to each dataset's schema documentation — accessible via GET /v1/datasets/:id/schema — for the full list of filterable fields.
Formats
ShieldSet datasets are available in four output formats. Specify the format in your pull request body.
Format
Value
Best for
Plans
Apache Parquet
parquet
Large-scale ML training pipelines, Spark, pandas
All
JSON Lines
json
Streaming ingestion, lightweight integrations
All
CSV
csv
Spreadsheet analysis, quick exploration
All
STIX 2.1
stix
Threat intel platforms, SIEM ingestion
Growth, Enterprise
PCAP
pcap
Network datasets raw packet replay
Enterprise
Format recommendation
Use parquet for any dataset over 100K records — it is 5–10× smaller than CSV and loads significantly faster in pandas, Spark, and PyArrow.
import pandas as pd import shieldset as ss
client = ss.Client(api_key="YOUR_API_KEY")
# Pull as Parquet — returns a pandas DataFrame directly df = client.datasets.pull( dataset_id="malware-clf", format="parquet" ) print(df.dtypes)
STIX delivery
STIX bundles are delivered as a single .json file conforming to STIX 2.1. Each record is represented as a STIX object — indicator, malware, attack-pattern, or threat-actor depending on the dataset.
Versioning
Every ShieldSet dataset is versioned using semantic versioning (MAJOR.MINOR.PATCH). By default, pull requests return the latest version. Pin a specific version for reproducible pipelines.
Pinning a version
POST /v1/datasets/malware-clf/pull
{ "format": "parquet", "version": "v3.0.1" }
List versions
GET /v1/datasets/:dataset_id/versions
Returns all available versions with release dates and change summaries.
GET /v1/datasets/:dataset_id/versions/:version/changelog
Returns a structured diff of what changed between the specified version and its predecessor — new records added, records removed, label corrections, and schema changes.
We recommend pinning versions in production training pipelines and upgrading deliberately. Subscribe to dataset update webhooks to be notified of new versions automatically.
Rate Limits
Rate limits are applied per API key. Exceeding a limit returns a 429 Too Many Requests response with a Retry-After header.
Plan
Requests / min
Pulls / day
Concurrent pulls
Free
10
5 (lifetime)
1
Pay As You Go
60
Unlimited
2
Growth
300
Unlimited
5
Enterprise
Custom
Unlimited
Custom
Rate limit headers
Every API response includes rate limit headers so you can track consumption:
# Stream a large dataset with client.datasets.stream("threat-intel") as stream: for batch in stream.iter_batches(size=10000): process(batch)
JavaScript / Node.js SDK
npm install @shieldset/sdk
import ShieldSet from'@shieldset/sdk';
const client = new ShieldSet({ apiKey: 'YOUR_API_KEY' });
// List datasets const datasets = await client.datasets.list();
// Pull a dataset const result = await client.datasets.pull('malware-clf', { format: 'json', limit: 5000 }); console.log(result.data);
Community SDKs
Community-maintained SDKs for R, Go, and Ruby are available. These are not officially supported — refer to their respective GitHub repositories for documentation.
Errors
ShieldSet uses standard HTTP status codes. All error responses include a JSON body with a machine-readable code and a human-readable message.
{ "error": { "code": "DATASET_NOT_FOUND", "message": "Dataset 'xyz' does not exist or is not available on your plan.", "status": 404 } }
Status
Code
Description
400
INVALID_REQUEST
Missing or malformed request parameter
401
UNAUTHORIZED
Missing or invalid API key
403
FORBIDDEN
Dataset not available on your current plan
404
DATASET_NOT_FOUND
Dataset ID does not exist
409
VERSION_NOT_FOUND
Requested version does not exist
422
FILTER_INVALID
Filter field or operator not supported for this dataset
429
RATE_LIMIT_EXCEEDED
Too many requests — check Retry-After header
500
INTERNAL_ERROR
Server error — contact support@shieldset.com
503
SERVICE_UNAVAILABLE
Temporary outage — retry with exponential backoff
Retry strategy
For 429 and 503 errors, implement exponential backoff with jitter. The Python and JS SDKs handle this automatically.
import time, random
def pull_with_retry(client, dataset_id, max_retries=4): for attempt in range(max_retries): try: return client.datasets.pull(dataset_id) except ss.RateLimitError as e: wait = (2 ** attempt) + random.uniform(0, 1) time.sleep(wait)
Pricing
Simple, Transparent Pricing
Start free, scale when you're ready. No surprises, no lock-in.
Free
$0
Forever
Instant API access, no credit card required. Perfect for exploring our datasets before committing.
5 dataset pulls
Access to 1 dataset
Instant API key on signup
Community support
Pay As You Go
$10
Per dataset pull
Only pay for what you use. No monthly commitment. Ideal for variable or unpredictable data needs.
Unlimited dataset pulls
Access to all datasets
Instant API key
Email support
★ Most Popular
Growth
$500
Per month
Unlimited access at one flat monthly rate. Built for AI security teams that need fresh, reliable threat data every single day.
Unlimited dataset pulls
Access to all datasets
Hourly data updates
Usage dashboard
Priority support
Enterprise
Custom
Pricing
Purpose-built data solutions for large security platforms. Custom datasets, volume pricing, and dedicated support.
Unlimited dataset pulls
Custom datasets to spec
15-minute data updates
SLA guarantee
Dedicated support
All plans include access to ShieldSet's high-quality labeled cybersecurity datasets, adversarial samples, and structured threat intelligence — purpose-built for AI security teams.
ShieldSet
Welcome back
Log in to your ShieldSet account
or
Don't have an account?
ShieldSet
Create your account
Start with 5 free dataset pulls. No credit card required.
or
Already have an account?
Dashboard
U
User
user@shieldset.com
Welcome back, User
Free Plan · API key active
Account Tier
Free
Current plan
API Requests
0
All time
Dataset Pulls
0 / 5
Used this month
Downloads
0 / 5
Used this month
API Key Status
Active
No issues detected
API Usage — Last 7 Days
Default API Key
ss_free_••••••••••••••••
Recent Activity
DatasetTimestampStatus
API Tokens
Create named tokens for different integrations. Each token inherits your plan permissions.
Suggest a Dataset or Improvement
Tell us about a dataset you'd like to see, or a way we can improve ShieldSet.
Thanks — your suggestion has been received.
Account Balance
You have no balance at this time.
$0.00
Promotions
ss_free_plan_credit
$0.00 remaining
Expires: 2027-01-01
Accrued Charges
Since last invoice
$0.00
Billing Contact
—
—
—
Payment Methods
VISA
Visa ••••8167 · Expires 08/30
Default
MC
Mastercard ••••2290 · Expires 12/28
Billing & Payment History
Account active since 2026-01-19
DescriptionDateAmount
Invoice #000012026-05-01 04:43$0.00
Invoice #000022026-04-01 04:49$0.00
Contact
Get In Touch
Whether you're evaluating ShieldSet for your team or ready to get started, we'd love to hear from you. We respond to all serious inquiries within one business day.
Message sent — we'll be in touch shortly.
General
hello@shieldset.com
General inquiries, partnerships, and media.
Sales
sales@shieldset.com
Enterprise pricing and custom dataset discussions.
Support
support@shieldset.com
Technical support for API and dataset access.
Privacy
privacy@shieldset.com
Data privacy and compliance inquiries.
Company
We Make Threat Data Work Harder
ShieldSet is a remote-first data engineering company on a mission to eliminate the data bottleneck holding back AI security teams. We continuously collect, annotate, and deliver production-grade cybersecurity datasets — so the teams building the next generation of threat detection can spend their time building, not wrangling data.
We're a small team with deep roots in both data engineering and offensive security. We've seen firsthand how poor data quality kills model performance in production, and we built ShieldSet to fix that — with expert annotation, rigorous versioning, and a relentless focus on keeping datasets current.
Our Mission
The definitive source for cybersecurity training data.
We exist to give every AI security team access to the reliable, up-to-date data they need to build models that work in production. We take data quality personally, and are proud to be the platform the industry turns to for cybersecurity AI data.
Our Values
Remote First
Outcomes, not offices
We believe great work happens when talented people have autonomy and flexibility. We hire for excellence and trust our team to deliver — regardless of where they're based. What matters is the work.
Learning & Growth
Always getting sharper
The threat landscape evolves constantly, and so do we. We invest in continuous learning, share knowledge openly across the team, and genuinely believe our collective expertise is our biggest competitive advantage.
Inclusion
Small team, mighty culture
We're a diverse team that treats everyone with respect and takes inclusion seriously — not as a policy, but as a foundation for building something we're all proud of. Every voice here matters.
Benefits
Health coverage
Health, dental, and vision insurance for you and your dependents.
Flexible time off
Paid time off, sick leave, and company holidays — with no pressure to not use them.
Remote-first
Fully remote roles. Work from wherever you do your best work.
Performance bonus
Bonus plan tied to individual and company goals — we share in the wins together.
ShieldSet swag
Quality gear for the team. Because working in security should feel like it.
Open Role
Sales Engineer
Remote · Full-time · $120k–$160k
Careers
Join the ShieldSet Team
We're a remote-first company hiring people who care deeply about data quality, security, and building things that work. If that's you, we want to hear from you.
Open Roles
Don't see your role?
We're always open to great people
Send us your resume and tell us how you'd contribute.
Blog
Insights from the Team
Perspectives on AI security, data quality, and the evolving threat landscape — written by the people building ShieldSet.
Partnership
Let's Build Something Together
ShieldSet partners with organizations at the intersection of cybersecurity and data. Whether you produce threat intelligence that complements our datasets, or you're a security platform looking to integrate our data, we want to talk.
Data Providers
Sell your data through ShieldSet
If you produce proprietary threat telemetry, malware samples, or network intelligence, we can help you structure, annotate, and distribute it to AI teams — with revenue sharing that works for you.
Technology Partners
Integrate ShieldSet into your platform
Security platforms, SOAR vendors, and AI tooling providers can integrate ShieldSet data directly via API or white-label licensing. We offer flexible arrangements for platform-level partnerships.
Research Partners
Collaborate on the hardest problems
We partner with research institutions and national labs on data collection, annotation methodology, and dataset benchmarking initiatives. Joint publications and dataset co-creation welcome.
Interested in partnering?
Tell us about your organization and what kind of partnership you have in mind. We respond to all serious inquiries within two business days.
Legal & Privacy
Privacy Policy
Last updated: June 1, 2025
ShieldSet, Inc. ("ShieldSet," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our website and API services (the "Services").
1. Information We Collect
Information you provide directly
When you create an account, we collect your name, email address, company name, and password. Payment information is handled by our payment processor — we do not store full credit card numbers.
Usage and technical data
We automatically collect information about how you use our Services, including API request logs, IP addresses, browser type, operating system, and referring URLs.
2. How We Use Your Information
We use the information we collect to provide, maintain, and improve the Services; process transactions; respond to your comments and requests; send technical notices and security alerts; and monitor usage patterns.
3. Data Sharing
We do not sell your personal information. We share data only with trusted service providers bound by confidentiality obligations — and only as required by law.
4. Data Retention
We retain account data for as long as your account is active or as needed to provide the Services. API request logs are retained for 90 days. You may request deletion by contacting privacy@shieldset.com.
5. Security
We implement industry-standard security measures including encryption in transit (TLS), encrypted storage of credentials, and access controls.
6. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your personal data. Contact privacy@shieldset.com to exercise these rights.
7. Contact
For privacy-related questions, contact privacy@shieldset.com.
Legal & Privacy
Terms of Service
Last updated: June 1, 2025
These Terms of Service ("Terms") govern your access to and use of the ShieldSet, Inc. website and API services. By creating an account or accessing the Services, you agree to be bound by these Terms.
1. Access and Use
Subject to your compliance with these Terms and payment of applicable fees, ShieldSet grants you a limited, non-exclusive, non-transferable right to access and use the Services for your internal business or research purposes. You may not resell or distribute ShieldSet datasets to third parties without express written permission.
2. Acceptable Use
You agree to use the Services only for lawful purposes. You may not use the Services to train models intended to facilitate offensive cyberattacks against unauthorized systems, infringe intellectual property rights, or violate any applicable law.
3. API Usage
Your use of the API is subject to rate limits and usage quotas specified in your plan. ShieldSet reserves the right to suspend API access if abuse is detected.
4. Intellectual Property
ShieldSet and its licensors retain all intellectual property rights in the Services and datasets. Dataset access grants a license to use the data for the purposes described in your plan — it does not transfer ownership.
5. Payment
Paid subscriptions are billed monthly in advance. All fees are non-refundable except as required by law.
6. Termination
Either party may terminate these Terms at any time. ShieldSet may suspend or terminate your access immediately for material breach of these Terms.
7. Disclaimer
The Services are provided "as is" without warranty. ShieldSet's liability is limited to fees paid in the 12 months preceding the claim.
8. Governing Law
These Terms are governed by the laws of the State of Florida.
ShieldSet
Complete your profile
Help us personalize your experience. Takes 30 seconds.
Admin Panel
ShieldSet Admin
Content management & user administration
Careers · Apply
Apply for Role
Fill out the form below. We review every application carefully and respond within 5 business days.
Shield