Detect anomalous AI usage in real time

Anomalous AI usage often signals a real problem: stolen credentials, runaway autonomous loops, prompt-injection exploitation, or a compromised laptop. GenZAgents' anomaly detector watches the receipt feed in 5-minute windows and alerts on five distinct anomaly categories.

The five anomaly categories

Cost spikes (a single agent burns >$50 in 5 minutes against a rolling baseline). Off-hours activity (receipts at 03:00 UTC for an agent that's typically 09:00-17:00). Atypical model use (an agent that always uses claude-3-haiku suddenly uses gpt-5 at 100x cost). Receipt-count surges (an agent that issues 1-5 receipts/hour suddenly issues 200). Signature failures (a receipt arrives with an invalid signature — could indicate config drift or active tampering).

How the detector works

Cron-scheduled job runs every 5 minutes against the last 60 minutes of receipts. Each anomaly category has a baseline (per agent + rolling 7-day window) and a threshold. Exceedances generate an alert with: anomaly category, agent DID, recent receipts (the evidence), suggested response action. Alerts route via webhooks to Slack / PagerDuty / your SIEM.

Why "anomaly" beats "policy" for AI

Most AI governance products try to enforce policies upfront ("agents can't spend >$100/day"). That works for known-bad patterns but misses novel ones. Anomaly detection catches anything-unusual, which is where AI failure modes actually live — they evolve faster than policy lists. The 5 categories above cover most observed incident types in our design-partner deployments.

Integration with SIEM and SOAR

Alerts ship as JSON to your configured webhook. Most SIEMs (Splunk, Datadog, Chronicle) accept the JSON natively. SOAR playbooks can branch on the anomaly category — cost spikes might trigger "freeze the agent's API key", off-hours might trigger "page the on-call". The receipt audit trail provides the evidence base for the playbook to query.

Realistic deployments

In our design-partner deployments: 15-30 receipts/hour during business hours, 0-2/hour off-hours, mean cost $0.08 / receipt, 95th-percentile cost $0.45. Anomaly thresholds adapt: an agent with high baseline gets a wider tolerance. Most orgs see 0-3 actionable alerts per week — high signal, low noise. The detector is designed to be useful, not annoying.

Forensic chain after an incident

Anomaly alert fires → security responder freezes the agent's key → the agent's receipt feed is intact (signatures still valid) → forensics reconstructs the timeline from receipts. Because receipts are signed end-to-end, the post-incident report has cryptographic evidence rather than narrative-only logs. Same chain-of-custody quality that makes evidence packs work for compliance also works for incident response.

Common questions

How do I tune the thresholds for my org's baseline?▾

/settings/anomaly-thresholds in the org admin UI. Default thresholds work for most orgs; tune up if you're getting false positives, tune down if real anomalies are slipping through.

Does the detector look at receipt content for prompt-injection?▾

Partially. The current detector flags content-side anomalies (sudden change in prompt structure, unusual tool-call sequences). Full prompt-injection detection is in v0.8 — driven by a small fine-tuned classifier model.

What happens if signatures genuinely fail (config drift)?▾

The receipt is still stored but marked unsigned. The anomaly alert tells you the failure mode. Most signature failures are clock skew or key-rotation timing; both are remediable in minutes.

Can I get notified by email instead of Slack?▾

Yes — email is a webhook target. The webhook payload accepts an email transport via Resend / Postmark / your own SMTP. Configured per-team in /settings/webhooks.