Actionable Control Gaps, Not Generic Alerts
Findings link each control failure to decision context, root-cause analysis, remediation patterns, and retest steps—closing the loop between discovery and closure.
Finding Anatomy
Every finding specifies:
Severity & Scope
CVSS-like scoring: exploitability (does the attack reliably succeed?), impact (signal availability gap, rule bypass, model blind spot, approval override?), business consequence (fraud category, financial exposure, regulatory violation risk).
Decision Point & Scenario Genealogy
Where in the decision tree the failure occurred; which scenarios triggered it; how many scenarios share the root cause (identifying systemic vs. isolated gaps).
Root Cause Classification
- Signal gap: Required telemetry unavailable, stale, or corrupted (e.g., "KYC verification status missing for 8% of onboarding scenarios")
- Detector gap: Rule/model absent or misconfigured (e.g., "Device fingerprint inconsistency check not triggered for mule-ring scenario family")
- Threshold weakness: Boundary too permissive (e.g., "Velocity threshold allows excessive transactions per minute; scenario passes when historical median indicates anomaly")
- Approval bypass: Gate missing or overrideable without escalation (e.g., "High-risk transactions skip supervisor review when approver is unavailable beyond SLA window")
Patch Pattern Guidance
Concrete remediation examples: "Add freshness check on Device ID (within acceptable time window); validate against historical baseline. Retest using targeted scenario pack."
Retest Validation Steps
Specific pack, version, and scenario subset that isolates the fix; expected outcome if successful; pass/fail criteria.
Patch Pattern Library
Signal Enrichment
New telemetry sources, provenance tracking, integrity verification, cross-correlation with external feeds (device databases, behavioral baselines, graph databases).
Detector Hardening
Rule additions (consistency checks, velocity limits, outlier detection); model fine-tuning with adversarial examples; graph expansion (relationship mapping, circular flow detection, collusion clustering).
Contract Enforcement
Mandatory check sequencing, gate routing based on risk tier, approval escalation logic, policy constraint injection into agent tools or decision engines.
Rate & Velocity Controls
Time-window enforcement (sliding windows, exponential backoff), behavioral adaptation (seasonal adjustment, entity-specific baselines), step-up orchestration (hard blocks vs. soft challenges vs. monitoring).
Approval & Policy Gates
Supervisor routing rules, escalation on override frequency, policy language codification (e.g., "transactions >$10k + high-risk score require dual approval"), agent policy constraints (tool permission lists, action guardrails, latency SLAs).
Operational Workflow
Everything ties back to immutable evidence artifacts and pack versions.