Palantir Gotham: Why One Breach = Every American

Gotham doesn't organize data. It creates new data through entity resolution.

def entity_resolution(records):
    # Input: SSA + IRS + DHS siloed records
    # Output: unified citizen objects + derived attributes
    s_ij = similarity(record_i, record_j)
    if s_ij > θ: merged_entity = f(∪attrs)
    return merged_entity  # NEW DATA

4-Layer Architecture:

1. Federation → siloed agency APIs
2. Entity Resolution → s_ij > θ math
3. Ontology → risk scores, graphs
4. Query → analysts see derived outputs

What questions do you have about the detection rules?

Full Technical Analysis + YARA Rules

Comments

[ayoo]

good work