Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Status: shipped — Stage 1 in shadow mode. Bands are computed and logged; they do not drive enforcement in production until Stage 1 exits shadow. See ML Roadmap.

Confidence Bands

The behavioral engine does not produce per-action risk scores. Instead, it classifies every action into one of three confidence bands. 95% of actions produce zero output — not a low score, but literally nothing.

The Three Bands

Band% of ActionsSystem ResponseUser Sees
Band 1: KNOWN_SAFE95-97%Zero output. No score. No log entry.Nothing
Band 2: UNCERTAIN3-4.5%Telemetry counter only.Nothing
Band 3: ANOMALOUS<0.5%Enforce per security profile mode.Alert or block

Why Not Scores?

Per-action risk scores create alert fatigue. Every action gets a number. Operators stare at dashboards. Alert fatigue within a week. Three bands solve this: operators only see Band 3 sessions. The system handles Band 1 and 2 automatically.

Noise Budget

MetricHealthyNoisyBlind
Band 1 (silent)95-97%<90%>99%
Band 2 (logged)3-4.5%>8%<0.5%
Band 3 (alerted)0.2-0.5%>2%<0.05%
If noisy: Envelopes need more training data, OR corroboration threshold too low, OR group baselines missing. If blind: Thresholds too loose, OR capability mapping has gaps, OR novel tools aren’t being classified.

Enforcement Modes

Each security profile configures how ANOMALOUS actions are handled:
ModeBand 3 ActionUse Case
StrictBlock requestProduction environments with strict security requirements
BalancedAlert + escalate sessionDefault — flag to security team, monitor the session
PermissiveLog onlyDevelopment environments, initial shadow mode rollout

Shadow Mode

During initial deployment, the behavioral engine runs in shadow mode — it scores every action but never enforces. Both the existing risk engine and the behavioral engine produce results; the risk engine’s decision is authoritative. This provides a calibration period to:
  • Verify Band distribution matches the noise budget targets
  • Identify false positives and adjust thresholds
  • Compare behavioral signals against the risk engine’s scores
  • Build confidence in the behavioral engine before enabling enforcement