Glossary

Anomaly detection — 5-minute polling on the receipt feed

**Anomaly detection** runs every 5 minutes against the org's receipt feed. Flags 5 categories: cost spikes, off-hours activity, atypical model use, receipt-count surges, signature failures. Alerts route via webhook to Slack / PagerDuty / SIEM.
Open spec on GitHubInstall MCP server

Categories

Cost spikes: runaway loops, stolen credentials. Off-hours: compromised laptops. Atypical model use: unauthorized escalation to expensive models. Count surges: data exfiltration via AI prompting. Signature failures: config drift or tampering.

Tuning

Per-agent baseline; rolling 7-day window. Thresholds adjustable per-org via /settings/anomaly-thresholds.

False positive rate

Tuned for ~5% in design-partner data. Most alerts are actionable; user can tune up or down to taste.

SOAR integration

Alerts ship as JSON to webhook. SOAR playbooks branch on category: cost spikes → freeze API key; off-hours → page on-call; signature failures → quarantine laptop.

Related

evidence pack

A signed zip of filtered receipts + control mappings + signature proofs for SOC 2 / ISO 42001 / EU AI Act / EU CRA audits.

work receipt

A signed JSON record of AI-mediated work. Ed25519 signature over JCS-canonical JSON.

audit replay

Reconstructs the tool calls, prompts, and responses of a captured session for forensic review.

Get the trust layer for your AI work

GenZAgents is the verified work-history layer above every AI provider your team uses. Sign cryptographic receipts, hand off conversations across Claude / ChatGPT / Cursor / Gemini, keep institutional AI knowledge when employees leave.

Join the launch waitlistInstall MCP server

Last reviewed · 2 min read· Open spec· Changelog