How AICS Works

On the homepage you type your email into the form and click "Check my email". No account, no password, no card. The request is submitted over HTTPS to AICS servers hosted inside the European Economic Area — even non-EU users benefit from EU-grade privacy protection.

Before AICS sends anything to our breach intelligence provider, it converts your email into a one-way SHA-1 hash. Only the first five characters of that hash leave our infrastructure. This is called a k-anonymity lookup, and it is the same technique that password manager services use when checking whether your password has been leaked.

What that means in plain terms: the breach intelligence provider receives a five-character prefix that matches roughly five hundred other email addresses. It returns the full list of breach hashes beginning with that prefix. AICS then compares your full email hash against the returned list locally, in our own server memory, without anyone outside AICS ever seeing it.

AICS checks against multiple breach intelligence sources, not just one. Public breach databases (the kind of records that companies have legally disclosed after a breach) plus dark-web paste sites and breach dumps that our intelligence partners collect on an ongoing basis.

A free check looks at the surface layer of public databases. AICS membership extends the same technique into the deeper end: paste sites, leak channels and credential databases that don't make the news.

The check completes in about ten seconds. You see one of three outcomes:

• Clean. Your email did not appear in any known breach record. We explain what that does and does not mean (it is a snapshot, not a guarantee), and offer to set up ongoing monitoring.
• Exposed. Your email appeared in one or more known breaches. You see the count, the rough types of data exposed, and the recommended next steps.
• Unknown. Rare. Means the breach intelligence provider was unreachable. AICS retries automatically and shows the result when it lands.

New breaches surface every week. A single check tells you about today; ongoing monitoring tells you the moment something new happens.

AICS membership re-checks your email automatically against new breach data and alerts you the moment your details appear somewhere new. £5.99 per month, or £49 per year (saves 32%). Cancel any time in one click.

For paid plans, AICS adds a deeper layer: Expert Investigation probes the breach source data itself and recovers the actual leaked passwords (plus any other detail captured in that breach — usernames, addresses, phone numbers, etc.) so you know exactly which credentials to rotate first.

Important: AICS only shows what is actually contained in the breach source. We never fabricate or guess values. If a breach source held only metadata, that is what you see — no recovered password to display.

Until 30 June 2026 Expert Investigation is included with every one-time report (£4.99) and every membership. After that date it becomes a members-only feature.