For Security

GenZAgents for security engineers — receipt-based forensics + anomaly detection

Your incident-response playbook covers servers, endpoints, SaaS — but not AI activity. GenZAgents receipts are the forensic anchor; anomaly detection is the real-time alerting; signature verification is the chain of custody.
Join the launch waitlistInstall MCP server

What changes in your IR playbook

For any AI-involved incident: (1) identify the time window. (2) query receipts /v1/receipts?from=&to=. (3) filter by suspect agents / users / projects. (4) replay each receipt to see the actual tool calls + arguments + responses. (5) build the timeline + the harm assessment from the replay. (6) verify signatures on every receipt in the timeline to confirm chain of custody hasn't been broken. The receipt IS the evidence.

Why signature verification matters

Receipts are signed at issuance. Any post-hoc tampering invalidates the signature. So your IR chain is cryptographic: if the receipt verifies, you can present it as legally admissible digital evidence. If it doesn't, you have an attack signal (someone tried to tamper). Standard Ed25519 verification; takes a few lines of code; runs offline.

Anomaly detection categories

Cost spikes (runaway loops / stolen credential). Off-hours activity (compromised laptop). Atypical model use (someone's using a more capable model for unauthorised tasks). Receipt-count surges (data exfiltration via AI prompting). Signature failures (config drift OR active tampering). Each category maps to a known attack pattern.

Integration with SIEM + SOAR

Anomaly alerts ship as JSON to your webhook. Splunk / Datadog / Chronicle ingest. SOAR playbooks: cost spike → freeze the agent's API key. Off-hours → page the on-call. Signature failure → quarantine the laptop, force re-install of the MCP server. Standard SOC patterns; the receipt feed is the data source.

Forensic acquisition

/v1/receipts/export?from=&to=&format=evidence produces a signed forensic bundle: all matching receipts + the signature verification proof + the agent registry snapshot + a chain-of-custody manifest. Hand this to forensics or external counsel; standard evidence-acquisition workflow.

What we don't do

We don't prevent attacks (we're audit + alerting, not policy enforcement). We don't catch DLP violations directly (we catch AI-mediated ones via anomaly). We don't replace your EDR. Position us as the AI-specific layer in your defence-in-depth; not as a replacement for anything you already have.

Common questions

Does this catch prompt injection?

Partially. The current detector flags content-side anomalies. Full prompt-injection detection (small classifier model) is on the v0.8 roadmap.

How long are receipts retained for forensic use?

Indefinitely on paid plans; 90 days on free. Per-project retention overrides supported on Enterprise tier (some regulated industries require 7-year retention).

Can I export the audit log to Snowflake?

Yes — CSV export, or pull from /v1/receipts in batches. Push into Snowflake via your standard ETL.

Is the off-hours anomaly tunable per-user?

Yes — per-user baseline. An on-call engineer with 24/7 schedule doesn't trigger off-hours alerts; their baseline includes off-hours activity.

Related

For: CISOs

AI conversations are the largest unmonitored vector in most orgs. Anomaly detection + cryptographic audit + evidence packs close the gap.

For: Platform engineers

Your job is to make AI usable and safe across the eng org. GenZAgents is the receipt-issuance + audit + portability layer you'd otherwise build internally.

For: Enterprise architects

Your AI strategy needs a vendor-neutral metalayer. GenZAgents is the receipt-issuance layer that sits above all providers.

For: Compliance officers

SOC 2 + ISO 42001 + EU AI Act + EU CRA evidence in one signed bundle. Auto-generated from receipts.

Get the trust layer for your AI work

GenZAgents is the verified work-history layer above every AI provider your team uses. Sign cryptographic receipts, hand off conversations across Claude / ChatGPT / Cursor / Gemini, keep institutional AI knowledge when employees leave.

Join the launch waitlistInstall MCP server

Last reviewed · 2 min read· Open spec· Changelog