Problem
Security policies are rule-based: they catch known-bad patterns but miss novel attacks. An agent behaving abnormally (e.g., suddenly accessing files it never touched before) may indicate a novel attack.
Solution: Behavioral Baseline
const shield = new TraceShield({
behaviorBaseline: {
enabled: true,
learningPeriod: "7d", // Learn normal behavior for 7 days
anomalyThreshold: 2.5, // Standard deviations
onAnomaly: (event) => {
alertSOC(event) // Unusual tool call pattern detected
}
}
})
// After learning: researcher agent never used delete_file
// Day 8: researcher calls delete_file -> ANOMALY alert
Continuous learning adapts to agent behavior evolution.
Problem
Security policies are rule-based: they catch known-bad patterns but miss novel attacks. An agent behaving abnormally (e.g., suddenly accessing files it never touched before) may indicate a novel attack.
Solution: Behavioral Baseline
Continuous learning adapts to agent behavior evolution.