ThreatExchange Integration
Signal sharing, operationalized inside Videntifier Nexus
What is ThreatExchange?
ThreatExchange is a signal-sharing platform used by trusted programs to exchange indicators of harmful content and activity. In practice, it enables organizations to share and consume "signals" through a controlled, permissioned environment. Read the ThreatExchange documentation →
For visual content, these signals commonly include hashes or fingerprints that can be matched against images or videos. The value is straightforward:
- You keep your own decision-making
- You gain early visibility into content already flagged elsewhere
- You can contribute back to strengthen shared intelligence
Why signal sharing matters
The same harmful content rarely stays in one place. When one service identifies and removes content, it often reappears elsewhere with small modifications, new accounts, or new distribution channels.
Signal sharing helps organizations:
- Act faster on known content by using shared fingerprints (hashes) instead of starting from scratch
- Reduce duplication across Trust & Safety teams, hotlines, and investigators
- Improve coverage across platforms while keeping decisions local to each organization's policy and legal context
Signal sharing works best when it is easy to operationalize: ingest signals, match at scale, and close the loop when you see a match.
Programs using ThreatExchange for signal sharing
ThreatExchange supports multiple real-world initiatives that share signals across companies and organizations.
Lantern
A Technology Coalition program designed to help companies share signals related to child sexual exploitation and abuse.
GIFCT
An industry collaboration that supports sharing and matching signals related to TVEC.
Thrive
A cross-platform effort focused on sharing signals related to suicide and self-harm content.
Nexus + ThreatExchange
Turn shared signals into detection and action
Videntifier Nexus includes a ThreatExchange integration that lets you bring ThreatExchange visual signals into Nexus, use them in your workflows, and optionally publish reactions back to ThreatExchange.
How it works
Connect ThreatExchange to Nexus
Authenticate your ThreatExchange access so Nexus can retrieve signals from the groups you are authorized to use. Nexus automatically creates a dedicated collection and syncs hashes for visual content, keeping ThreatExchange-derived data organized and auditable.
Query your content against the collection
Use Nexus to query incoming or stored content against the ThreatExchange collection to detect matches quickly at scale.
Add reactions back to ThreatExchange (optional)
When Nexus finds a match, you can publish ThreatExchange reactions to help improve shared understanding and workflows across participants.
Automation option: auto SAW_THIS_TOO
Enable an option to automatically add the SAW_THIS_TOO reaction when Nexus detects a match on a hash in the ThreatExchange collection. This creates a lightweight feedback loop with minimal operator overhead.
Benefits for signal sharing teams
Faster triage and fewer repeats
Shared signals help you identify known content in seconds, reducing redundant investigations and accelerating action.
A practical feedback loop
Reactions let you contribute back in a structured way. Over time, this helps signal-sharing programs improve their coverage and confidence.
Operational simplicity
ThreatExchange signals become first-class data inside Nexus, alongside your other databases and internal collections.
Works with multi-hash environments
Nexus is built to work across multiple hash sources and types. ThreatExchange becomes another collection you can operationalize without changing your core workflows.
What you can do in this integration
Ingest
- Download ThreatExchange visual hashes into a dedicated Nexus collection
Detect
- Query content against the ThreatExchange collection and identify matches
Contribute
- Add reactions to matched content
- Optionally auto-publish SAW_THIS_TOO on match