InsAIts
Runtime security and anomaly detection for AI-to-AI communication. Detect, intervene, and audit what AI agents say to each other.
pip install insa-its
click to copy
What It Does
Anomaly Detection
23 anomaly types across 10 detectors: hallucination chains, semantic drift, phantom citations, jargon drift, uncertainty propagation, credential exposure, tool poisoning.
Active Intervention
Quarantine critical messages, reroute to backup agents, escalate to human review. Circuit breaker auto-blocks agents with high anomaly rates.
Tamper-Evident Audit
SHA-256 hash chain for every message. Regulatory compliance ready. Detects any log modification. GDPR compatible.
Hallucination Suite
5 independent subsystems: fact tracking, phantom citation detection, source grounding, confidence decay, self-consistency checking.
Security Detectors
Tool poisoning (OWASP MCP03), credential leakage (MCP01), information flow violations, behavioral fingerprinting, tool call frequency anomalies.
NEW V3.1100% Local Processing
Zero data leaves your machine. No cloud dependency. Works air-gapped. Audit logs store hashes, never raw content.
Stealth Mode
Opaque interventions that agents cannot categorize or dismiss. Randomized warning cadence prevents pattern learning. Human-in-the-loop for critical findings.
NEW V3.1.3Live Terminal Dashboard
Real-time TUI monitoring: anomaly feed, per-agent stats, type breakdown, sparkline charts. Claude Code hook integration. Session history, archival, and comparison across monitoring sessions.
NEW V3.1Framework Integrations
LangChain, CrewAI, LangGraph, Slack, Notion, Airtable. MCP server with 4 security tools. Claude Code PostToolUse hook.
Three Lines to Integrate
from insa_its import insAItsMonitor
monitor = insAItsMonitor()
# Monitor any AI-to-AI message
result = monitor.send_message(
text=agent_response,
sender_id="OrderBot",
receiver_id="InventoryBot",
llm_id="gpt-4o"
)
# V3: Structured decision-making
if result["monitor_result"].should_halt():
outcome = monitor.intervene(message, result["monitor_result"])
# {"action": "quarantined", "severity": "critical"}
Live Dashboard in Action
Real screenshots from a live Claude Code session monitored by InsAIts
InsAIts Live: 5 agents monitored, CREDENTIAL EXPOSURE and PROMPT INJECTION caught in real-time
InsAIts monitoring Claude Opus in VS Code — live agent intelligence scores and blast radius tracking
Full live demo: InsAIts monitoring a real Claude Code development session
Live Terminal Dashboard
Real-time monitoring of agent communications. pip install insa-its[dashboard]
23 Anomaly Types
| Category | Anomaly | What It Catches | Severity |
|---|---|---|---|
| Hallucination | FACT_CONTRADICTION | Cross-agent factual disagreement | Critical |
| PHANTOM_CITATION | Fabricated URLs, DOIs, arxiv IDs | High | |
| UNGROUNDED_CLAIM | Response diverges from source documents | Medium | |
| CONFIDENCE_DECAY | Agent certainty erodes across messages | Medium | |
| CONFIDENCE_FLIP_FLOP | Agent alternates certain/uncertain | Medium | |
| Semantic | SEMANTIC_DRIFT | Meaning shifts over conversation (EWMA) | High |
| HALLUCINATION_CHAIN | Speculation promoted to fact across agents | Critical | |
| JARGON_DRIFT | Undefined acronyms flooding conversation | Medium | |
| Data Integrity | UNCERTAINTY_PROPAGATION | "partial results" silently becomes "complete" | High |
| QUERY_INTENT_DIVERGENCE | NL intent vs generated query mismatch | Medium | |
| Security | TOOL_DESCRIPTION_DIVERGENCE V3.1 | Tool poisoning -- description changed (OWASP MCP03) | Critical |
| BEHAVIORAL_FINGERPRINT_CHANGE V3.1 | Agent behavior deviates from baseline (rug pull) | High | |
| CREDENTIAL_EXPOSURE V3.1 | API keys, tokens, passwords leaked in messages | Critical | |
| INFORMATION_FLOW_VIOLATION V3.1 | Data flows between unauthorized agent pairs | High | |
| TOOL_CALL_FREQUENCY_ANOMALY V3.1 | Unusual spike in tool invocations | Medium | |
| Communication | SHORTHAND_EMERGENCE | "Process order" becomes "PO" | High |
| CONTEXT_LOSS | Topic suddenly changes mid-conversation | High | |
| CROSS_LLM_JARGON | Made-up acronyms between agents | High | |
| ANCHOR_DRIFT | Response diverges from user's question | High | |
| Model | LLM_FINGERPRINT_MISMATCH | GPT-4 response looks like GPT-3.5 | Medium |
| LOW_CONFIDENCE | Excessive hedging: "maybe", "perhaps" | Medium | |
| Compliance | LINEAGE_DRIFT | Semantic divergence from parent message | Medium |
| CHAIN_TAMPERING | Hash chain integrity violation | Critical |
OWASP Coverage
Mapped against OWASP MCP Top 10 and OWASP Agentic AI Top 10
Pricing
Free
- All 23 detectors
- Hallucination suite
- Circuit breaker + interventions
- Audit log + metrics
- All integrations
- Terminal dashboard
- 100 messages/day
Starter
- Everything in Free, plus:
- 10,000 sessions/month
- Cloud Decipher (basic)
- 30-day data retention
- Email support
Pro
- Everything in Starter, plus:
- Unlimited sessions
- Full Decipher Engine
- Adaptive jargon dictionaries
- Anchor drift forensics
- Slack/webhook exports
- 1-year data retention
- Priority support
- +$10/extra seat for teams
Enterprise
- Everything in Pro, plus:
- SOC2 compliance
- Air-gapped / self-hosted cloud
- AI Lineage Oracle
- Edge/Hybrid Swarm Router
- Custom integrations (K8s, etc.)
- SLAs + dedicated support
- Volume discounts (>1M sessions)