Guardian is Regent’s ML layer. It watches every agent’s audit stream in real time and produces a risk score between 0 (normal) and 1 (highly anomalous). When the score crosses a configured threshold an alert is created — and the gate can deny a high-risk action even when every individual rule passes.

Why ML, not just rules

Mandate enforcement (per-tx limits, daily caps) is rule-based and deterministic — it catches known violations. Guardian catches the unknown ones: agents whose individual actions are all within limits but whose pattern is suspicious.

Examples Guardian catches that mandates miss:

  • An agent suddenly making many tiny trades after weeks of normal pacing
  • An agent triggering many rejections in a short window (probing limits)
  • An agent active at an unusual time of day for its profile
  • An agent whose action types shift dramatically (e.g., started buying, now only selling)

How scoring works

Every audit event triggers a fresh score for that agent. Guardian derives behavioral signals from the agent’s recent activity, evaluates them with an unsupervised anomaly-detection model, and emits a risk score together with a set of explanatory factors. Scoring runs in-line with audit ingestion and is fast enough to inform authorization in real time.

Explainable by design

Every score comes with per-signal contributing factors — so an alert can be defended with a concrete attribution rather than “the model said so.” This supports the EU AI Act’s explainability expectations: each alert carries a human-readable reason for why the behavior was flagged.

Alerts

When a score crosses the alert threshold (configurable per environment), Guardian creates an alert with status open, surfaced on the dashboard; operators acknowledge or resolve it via the API. A separate drift signal flags a sudden jump in an agent’s score between consecutive events.

A second layer of denial

When api-payment authorizes an action, it consults Guardian’s latest score as a soft dependency: if Guardian is unavailable, authorization still proceeds. If the score is high enough, the action is denied with RISK_THRESHOLD_EXCEEDED — so an agent whose behavioral risk has spiked is blocked even when its individual action is within the rulebook.