Documentation Index
Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Status: shipped — Stage 1 in shadow mode. All six signals compute; they emit telemetry but do not block requests until Stage 1 advances.
Deviation Signals
Gate 2 computes 6 independent deviation signals when an action fails Gate 1’s envelope check. Each signal uses a different probabilistic data structure and detects a different type of anomaly. They are designed to be independently wrong in different ways — corroboration across signals provides exponentially higher confidence.The 6 Signals
1. Hierarchical Novelty (bloom:novel_*)
Three Bloom filter levels detect first-time usage at different granularities:
| Level | Example | Weight | Catches |
|---|---|---|---|
| L0: Domain | Agent has never used mcp before | 0.9 | Agents pivoting to new interaction modes |
| L1: Server | Agent uses mcp but never github | 0.7 | Lateral movement to new services |
| L2: Tool | Agent uses github but never delete_repo | 0.5 | Novel tool usage (recon, escalation) |
2. Frequency Spike (cms:frequency_spike)
The Count-Min Sketch tracks how often each tool has been called. A sudden burst of calls to a rarely-used tool is a frequency spike.
- Weight: 0.4
- Threshold: Usage rate below
1/(FrequencyMultiplier * 10)of total actions - Detects: Brute-force attempts, automated tool scanning, unusual repetition
3. Capability Shift (jsd:capability_shift)
Jensen-Shannon Divergence measures how different the current action’s capability is from the agent’s historical distribution. An agent that normally does 80% reads and 10% writes suddenly doing 50% writes has high JSD.
- Weight: 0.5
- Threshold: JSD > 0.15 (configurable per tenant)
- Bounded: [0, 1], symmetric
- Computed in: ~12 multiplications across 12 capability dimensions
4. Temporal Anomaly (ewma:temporal_anomaly)
The fingerprint tracks the smoothed inter-action interval via EWMA and its variance via Welford’s algorithm. A z-score measures how many standard deviations the current gap is from the mean.
- Weight: 0.3
- Threshold: |z-score| > 2.5
- Detects: Burst activity (automated attack sequences) and long dormancy (agent reactivation)
5. Sequence Anomaly (markov:unusual_sequence)
The fingerprint has a 32-slot hash-based Markov chain tracking action transition probabilities. If the agent always does read_file -> write_file but suddenly does read_file -> send_message, the transition probability is near zero.
- Weight: 0.4
- Threshold: Surprise > 0.99 (transition probability < 0.01)
- Detects: Unusual action chains, novel multi-step patterns
6. Exploration Spike (hll:exploration_spike)
HyperLogLog estimates the number of distinct tools the agent has used. If tool diversity suddenly grows beyond 10% of total actions, the agent is exploring — possibly reconnaissance.
- Weight: 0.3
- Threshold: Cardinality growth > 10%
- Detects: Tool scanning, reconnaissance, agent testing new capabilities
Corroboration
A single signal firing is expected and normal — agents explore new tools, have busy periods, shift capability mix. The system only cares when signals converge:| Signal Count | Response |
|---|---|
| 1 signal | UNCERTAIN — agent is exploring, normal |
| 2 signals | UNCERTAIN — elevated monitoring |
| 3+ signals | Candidate for ANOMALOUS (Gate 3 evaluates) |
| 3+ signals + structural evidence | ANOMALOUS — enforce per profile |
| 5+ signals (no structure) | ANOMALOUS — overwhelming statistical evidence |