Sign in Start free
Real-time invalid-traffic prevention

Score every visitor in 5 ms.
Block the invalid ones before the ad fires.

PubSentry is the AI Security Engineer for ad publishers. It judges every visitor in real time and, if they’re invalid, the ad never serves — so the bad impression or click never reaches Google, and your AdSense account never sees the spike.

Start protecting free See how it works
One tag · works with AdSense, GPT, Prebid, Amazon · 0 humans wrongly blocked
WATCH SHIFT · LIVE 00:00:00
block‑before‑serve →
ad slot
listening…
Works with the entire ad stack — one tag, no plugin
Google AdSenseGoogle AdsAmazon Publisher ServicesprebidWordPressGoogle AdSenseGoogle AdsAmazon Publisher ServicesprebidWordPress
The stakes

Invalid traffic doesn’t just waste money.
It gets accounts banned.

Bots, click-bombs and policy violations drain your revenue and put your AdSense account one strike from suspension. Most tools report the damage after it’s on your account. PubSentry stops it at the door.

Account suspension

One invalid-click spike can flag your AdSense account. PubSentry intercepts abusive clicks before they ever reach the network — the spike never happens.

Wasted spend & clawbacks

Invalid impressions and clicks erode RPM and trigger clawbacks. Every block is framed as the revenue it protected — a dollar twin on every metric.

Sophisticated bots

Residential-proxy mimicry slips past simple filters. The cross-site reputation network and the ML moat close the gap as they scale — and we’re honest about today’s boundary.

Block before serve

The only honest place to stop fraud is before the ad fires.

A local gate scores every visitor in under 5 ms — before any ad loads. Invalid ones are suppressed across GPT, AdSense, Amazon and Prebid, with a universal fallback. A blocked impression was never served; a blocked click was never billed.

  • Under 5 ms, locally — no network round-trip in the critical path
  • Suppressed before the slot paints — no captcha, no reader friction
  • Fails open — any error serves the ad, so the page is never harmed
Block before serve — the under-5-millisecond pipeline A left-to-right flow: a visitor reaches a local gate that scores 28 signals across 5 families in under 5 milliseconds, then forks. Allow lets the ad fire (green). Block suppresses the ad slot (red, circle-slash) and sends a beacon to enrich and persist. Block before serve The <5 ms pipeline ● Allow · ad fires ● Block · ad suppressed Visitor Local gate <5 MS Block-before-serve decides before the ad call — no round-trip VERDICT ALLOW BLOCK The gate Score 28 signals 5 families · fail-open collectors AUTOMATION ENV BEHAVIOR TIMING HONEYPOT Allow → ad fires IMPRESSION SERVED Block → suppressed No impression ALLOW BLOCK Enrich + persist beacon → IP / ASN / geo reputation · ClickHouse RAW IP / UA HASHED + DROPPED BEACON · OFF THE HOT PATH FAIL-OPEN EVERYWHERE · A REAL READER IS NEVER BLOCKED · FPR = 0
Briefing, not dashboards

It reads you the answer, then shows the data.

Most tools dump you into a table and make you assemble “am I okay?” yourself. PubSentry opens with a written brief from your AI Security Engineer — what it scored overnight, what it blocked, the revenue it protected, and the one thing that needs your eye.

  • A narrated daily “Today” brief, signed by the Engineer
  • Recommend-then-apply: it proposes a counter-rule, you approve it
  • Every number links back to the one request that produced it
The Today screen — a narrated daily security brief
Proof, not promises

A renewal report your boss will understand.

Sentry counts errors. PubSentry counts dollars. Every metric carries its money twin, and the Reports screen turns a month of protection into a board-ready proof of value — revenue protected, account kept clean, zero readers challenged.

  • Money-protected framing on every metric (estimated at your real RPM)
  • A composite “how close am I to a ban?” Account-Safety score
  • The FPR = 0 covenant — 0 readers challenged, front and center
The Reports & ROI screen — a renewal report showing revenue protected
The moat

Built like a security product, not a counter.

Sentry is to code what PubSentry is to ad revenue — except Sentry counts errors and we count dollars. Six things a single-tenant reporting tool structurally can’t copy.

Block-before-serve

The verdict happens before the ad loads — the only honest place to stop fraud. Suppression across every major ad stack.

One detection engine

The same scoring engine runs in the tag, the edge, and the server — a parity test fails the build if they diverge. Rules decide; ML only narrates.

Verdict-as-spine

Open any request and read its decision trace: the signal vector, each weight, the reputation context. Auditable like a stack trace.

FPR = 0, by covenant

Blocking a real reader is the worst failure. Conservative defaults, a calibration gate in CI, and a blast-radius preview before any rule goes live.

Reputation network

An entity flagged on any PubSentry site is pre-flagged on yours — a cross-site signal a single-tenant tool can’t build.

Radical honesty

No fake scores, no “100%”, an “awaiting traffic” state when there’s no data. We publish exactly what we can and can’t catch.

One engine, everywhere

The same brain in the tag, the edge, and the server.

No drift between “what the browser thinks” and “what the server thinks.” A parity test fails the build if the three diverge — so a verdict means the same thing everywhere, and the LLM never invents a number or runs in the gate.

One engine, everywhere A single scoring engine core runs identically inside the TAG (browser), the EDGE (worker), and the SERVER. Three labeled surfaces link to the central engine; a parity test fails the build if any of them diverge, keeping all three in sync. ONE ENGINE / EVERYWHERE @PUBSENTRY/SCORING · ONE DETECTION ENGINE · THREE SURFACES PARITY TEST · PASS SCORING ENGINE RULES + REPUTATION → VERDICT TAG BROWSER BLOCK-BEFORE-SERVE · <5MS EDGE WORKER CACHED VERDICT · <50MS SERVER INGEST ENRICH · SCORE · PERSIST IDENTICAL BYTES · PARITY-GUARDED · DIVERGENCE FAILS THE BUILD FPR · 0
Collective defense

Flagged once, blocked everywhere.

When a fingerprint or IP turns invalid on any PubSentry site, it’s pre-flagged on yours before it costs you a thing. The network gets smarter with every publisher — the kind of moat a single-tenant plugin can never build.

The reputation network — flagged once, blocked everywhere A graph of publisher-site nodes connected by hairline edges. One site detects a flagged entity, a malicious fingerprint or IP, which turns red. A highlighted pulse then propagates outward along the edges, so the neighboring sites are pre-flagged and will block that entity on its first request — a collective cross-site defense a single-tenant tool cannot replicate. The reputation network Flagged once, blocked everywhere ● Flagged entity ● Pre-flagged site ● Protected site site site site site site site site site site Flagged entity fingerprint · IP caught here Pre-flagged Blocks on first request — no test impression spent learning the threat Collective defense One detection protects all sites Shared reputation, hashed IDs Each new site hardens the rest A single-tenant tool CAN'T COPY CROSS-SITE REPUTATION · ONE NETWORK SEES EVERY ATTACKER ONCE SYNDICATED VERDICT · FPR = 0
Start in minutes

Put a security engineer on your ad stack.

One tag. Live verdicts in minutes. Start free with 500 pageviews — no card — and only pick a plan once your real traffic is scored.

Start protecting freeSee pricing
0 humans wrongly blocked — that’s the promise