Every feature exists to answer one question: "What did your AI agent do?"
Two-tier analysis: instant rule-based detection, plus optional deep analysis for richer context.
Deterministic breach detection in <1ms. No LLM in the critical path. Pattern matching for PII (SSN, Aadhaar, PAN), PHI, card data, financial hallucinations, and 40+ violation types across four verticals.
Optional async LangGraph pipeline powered by Claude. A six-node analysis graph adds rationale, regulatory mapping, severity justification, and remediation guidance — without blocking the agent.
Every record is cryptographically chained. If a single entry is altered, the chain breaks.
Every breach record is checksummed. Each record includes the hash of the previous record, creating an immutable chain. Integrity scanning runs every 6 hours automatically.
Every breach writes simultaneously to PostgreSQL/SQLite AND real-time JSONL files on disk. Two independent, auditable trails. Ship JSONL to your SIEM.
When the integrity scanner detects a broken hash chain, it creates a tamper_alert record and fires a CRITICAL webhook. You know immediately if someone touched the logs.
Your agent code stays untouched. The policy agent hooks into Python's import system and patches all supported frameworks automatically.
breach-intel install-hook writes a persistent sitecustomize.pyBREACH_INTEL_URL env varPOST /events (5s timeout, silent on failure)Single-file React SPA at /dashboard. Breach counts by severity, agent heatmaps, live feed with click-to-inspect, and vertical distribution.
CRITICAL breaches fire instantly to Slack, Discord, or generic webhooks. Configure thresholds and routing per vertical and severity.
When event load exceeds 500/min (configurable), additional policy agent instances spawn via Docker, K8s, or subprocess.
Scoped API keys with tenant isolation. Rate limiting at 300 events/min per key. Admin keys exempt. Full RBAC for compliance teams.
Built-in /metrics endpoint for Grafana integration. Track event throughput, breach rates, classifier latency, and spawn counts.
Automated retention policies with integrity scanning every 6 hours. Old records archived with full hash chain verification.
Each vertical has its own breach taxonomy mapped to the specific regulations your compliance team cares about.
12 breach types — PII exposure, card data, cross-tenant leaks, unauthorized financial advice, suspicious transactions, privilege escalation.
14 breach types — PHI exposure, clinical notes, unauthorized prescriptions, diagnostic hallucinations, minors data, mental health, genomic data.
14 breach types — trial data fabrication, unblinding, 21-CFR-11 audit trail violations, e-signature bypass, pharmacovigilance, GMP violations.
Odds manipulation detection, insider data leaks, athlete PII protection, match-fixing signal analysis.
Request early access and we'll set up a live demo with your stack.
Request Early Access