Why InsAIts Features 23 Anomalies OWASP Live Demo Pricing
Star on GitHub
Featured in everything-claude-code 90k+ stars Default security hook
V3.1.6  •  100% LOCAL  •  AIR-GAPPED  •  APACHE 2.0

InsAIts

Runtime security for multi-agent AI.

Detect, intervene, and audit what your agents say to each other — before it causes damage.

GitHub
23
Anomaly Types
17
Detectors
1238
Tests Passing
0
Data Sent Out
9h 16m
longest single burst session

Trusted by developers — integrated into high-star repositories

everything-claude-code
90k ★  •  InsAIts merged as default security hook
MCP Registry
Listed  •  OWASP MCP Top 10 coverage
Amazon vibe-coding outage
Amazon's memo used "high blast radius" — our core metric

Claude Code Opus: 40 min9h 16min

On the same Claude Pro plan. With InsAIts active, Opus sessions ran consistently longer — no manual switching to Sonnet required. Opus subagents stayed active the entire time.

Mechanism: early anomaly correction prevents token waste from compounding errors. Less wasted tokens per unit of actual work.

The blind spot

Why This Matters

Microsoft, CrowdStrike and Cisco can see that an agent exists. They cannot see inside a spawn chain. When an agent spawns a subagent that spawns another subagent, the behavior of those deeper agents is completely invisible to every enterprise monitoring tool on the market today.

InsAIts is the only tool that tracks the full spawn tree at every depth, captures anomalies before execution at every level of the chain, and shows you exactly which agent spawned which.

The agents nobody watches are the agents that cause the most damage.

What it does

Built for real AI swarms

Anomaly Detection

23 anomaly types across 10 detectors: hallucination chains, semantic drift, phantom citations, jargon drift, credential exposure, prompt injection, tool poisoning, behavioral fingerprint changes.

Active Intervention

Quarantine critical messages, reroute to backup agents, escalate to human review. Circuit breaker auto-blocks agents with high anomaly rates. Not just alerting — actual blocking.

Tamper-Evident Audit

SHA-256 hash chain for every message. Regulatory compliance ready. Detects any log modification. Full forensic chain tracing from anomaly to root cause.

Live Dashboard

Real-time Threat Index, Blast Radius, Agent Intelligence Scores. Circuit breaker status grid. Anomaly distribution. OWASP CVE panel with verified signatures.

Claude Code Hook

PreToolUse hook monitors every tool call before execution. Blocks dangerous actions. Writes real-time audit log. Merged into everything-claude-code as the default security hook.

Task Anchor Injection

Configure a behavioral anchor once. InsAIts automatically injects it at every new task — keeping the agent focused, honest, and deep. Zero user effort after setup. Hot-reloads from file.

Stealth Mode

One toggle makes interventions opaque to the monitored model. Prevents the agent from categorizing and dismissing warnings. Mitigates adversarial monitor transparency.

All Frameworks

LangChain, CrewAI, LangGraph, Claude Code, Cursor, Windsurf, Codex CLI, Kiro, Continue.dev, Aider. Slack alerts. Notion and Airtable export. Prometheus metrics.

100% Local Processing

Zero data transmitted to cloud. GDPR and HIPAA ready out of the box. Audit logs store hashes only. Your agents' communications stay on your machine. Air-gapped deployments supported.

Quick start

Three lines to integrate

monitor.py 
from insa_its import insAItsMonitor

# One line setup — 100% local, no API key needed
monitor = insAItsMonitor()

# Monitor any AI-to-AI message
result = monitor.send_message(
    text=agent_response,
    sender_id="OrderBot",
    receiver_id="InventoryBot",
    llm_id="gpt-4o"
)

# Act on results
if result["monitor_result"].should_halt():
    outcome = monitor.intervene(message, result["monitor_result"])

Interactive

See it live — right now

Real anomaly types from production sessions

YouTube Channel → Dashboard Walkthrough → Early Prototype →
$ insaits-monitor --agents 5 --session live
Waiting... click Start Live Monitoring above

Detection coverage

23 Anomalies — All Real Time

Category Anomaly What It Catches Severity
HallucinationFACT_CONTRADICTIONAgent A vs Agent B disagree on factsCRITICAL
PHANTOM_CITATIONFabricated URLs, DOIs, arxiv IDsHIGH
UNGROUNDED_CLAIMResponse does not match source documentsMEDIUM
CONFIDENCE_DECAYAgent certainty erodes: "certain" → "maybe"MEDIUM
CONFIDENCE_FLIP_FLOPAgent alternates between certain and uncertainMEDIUM
SemanticSEMANTIC_DRIFTMeaning shifts over conversation (EWMA + cosine)HIGH
HALLUCINATION_CHAINSpeculation promoted to "fact" across agent hopsCRITICAL
JARGON_DRIFTUndefined acronyms flooding the conversationMEDIUM
Data IntegrityUNCERTAINTY_PROPAGATION"partial results" silently becomes "complete results" downstreamHIGH
QUERY_INTENT_DIVERGENCEUser asks "avg by region" but agent queries "sum by category"MEDIUM
Security (OWASP)TOOL_DESCRIPTION_DIVERGENCETool description changed between discovery and invocation (MCP03)CRITICAL
BEHAVIORAL_FINGERPRINT_CHANGEAgent behavior deviates from established baseline (rug pull)HIGH
CREDENTIAL_EXPOSUREAPI keys, tokens, passwords leaked in agent messages (MCP01)CRITICAL
INFORMATION_FLOW_VIOLATIONData flows between agents that violate policies (MCP06/MCP10)HIGH
TOOL_CALL_FREQUENCY_ANOMALYUnusual spike or pattern in tool invocations (MCP09)MEDIUM
CommunicationSHORTHAND_EMERGENCE"Process order" becomes "PO" — unexplained shorthandHIGH
CONTEXT_LOSSTopic suddenly changes mid-conversationHIGH
CROSS_LLM_JARGONMade-up acronyms between agents: "QXRT", "ZPMF"HIGH
ANCHOR_DRIFTResponse diverges from user's original questionHIGH
ModelLLM_FINGERPRINT_MISMATCHGPT-4 response looks like GPT-3.5MEDIUM
LOW_CONFIDENCEExcessive hedging: "maybe", "perhaps", "I think"MEDIUM
ComplianceLINEAGE_DRIFTSemantic divergence from parent messageMEDIUM
CHAIN_TAMPERINGHash chain integrity violation — audit log was modifiedCRITICAL

Security standards

Full OWASP MCP + Agentic AI Coverage

MCP01
Token / Secret Exposure
CredentialPatternDetector — API keys, tokens, passwords in agent messages
CVE-2025-54135
MCP02
Tool Call Frequency Anomaly
ToolCallFrequencyAnomalyDetector — privilege escalation, excessive permissions
CVE-2025-52882, CVE-2025-62149
MCP03
Tool Poisoning + Prompt Injection
ToolDescriptionDivergenceDetector — tool descriptions modified at invocation
CVE-2025-54135
MCP04
Behavioral Fingerprint / Rug Pull
BehavioralFingerprintDetector — agent suddenly deviates from established baseline
CVE-2026-6514, CVE-2025-54139
MCP06
Context Collapse / Memory Sharing
InformationFlowTracker — insecure memory and context sharing between agents
MCP09
Incomplete / Supply Chain Code
Tool call anomaly detection — supply chain attack patterns in agentic pipelines
MCP10
Information Flow Violation
Cross-tenant data leakage — data flowing between unauthorized agent pairs
ASI01
Semantic Drift / Goal Hijacking
EWMA + cosine similarity — meaning shifts over multi-agent conversation
ASI03
Hallucination Chain / Memory Poisoning
Speculation promoted to "fact" across agent hops — propagation detection
ASI07
Jargon Drift / Inter-Agent Abuse
Undefined acronyms and invented terminology flooding agent communication

Simple pricing

Start free. Scale when ready.

All detection features are open source. Pay for productivity and team features.

Open Source
$0
Forever. Apache 2.0.
  • All 23 anomaly detectors
  • OWASP MCP Top 10 coverage
  • Circuit breaker + interventions
  • Claude Code hook
  • Basic dashboard
  • All framework integrations
  • SHA-256 tamper-evident audit log
Get Started Free
MOST POPULAR
Starter
$9.90/mo
Everything in Free, plus:
  • Adaptive Persistence Engine
  • Behavioral Fingerprint Timeline
  • Inter-Agent Communication Map
  • Intervention Log panel
  • Session comparison across sessions
  • Audio alerts on CRITICAL events
  • PDF / JSON session export
Start Starter — $9.90/mo Lifetime — $99 one-time (100 seats only)
Pro
$79/mo
Everything in Starter, plus:
  • Central Collector — multi-session event aggregation
  • Inter-Session Dialog Bus — real-time AI-to-AI chat
  • Tamper-Evident Evidence Chain (SHA-256)
  • Human Operator Console with /commands
  • Agent Spawn Tree — full depth visibility
  • File Conflict Detection across sessions
  • Urgent Channel — operator STOP button
  • Multi-user dashboard + RBAC
  • SOC2 compliance export
  • SLA + dedicated support
Start Pro — $79/mo Lifetime — $299 one-time (100 seats only)

Lifetime Access — 100 seats only

Pay once, use forever. Available for both Starter ($99) and Pro ($99) tiers. Once 100 seats are claimed, lifetime pricing is gone.

Lifetime Starter — $99 Lifetime Pro — $299

Questions? Email info@yuyai.pro

Industries

Every industry running AI agents

E-Commerce

Order bots losing context mid-transaction. Pricing contradictions between agents.

Customer Service

Support agents developing incomprehensible shorthand. Jargon drift over sessions.

Finance

Analysis pipelines hallucinating metrics, contradicting numbers between agents.

Healthcare

Critical multi-agent systems where hallucination chains have real consequences.

Research

Scientific integrity — catching fabricated citations and phantom papers.

Legal

AI-generated documents with phantom references and ungrounded claims.

Real sessions

Live Dashboard Screenshots

From actual Claude Code Opus sessions monitored by InsAIts

InsAIts Dashboard v3.3.0 — Live Session with 12 Agents

v3.3.0 — Agent Intelligence Scores + Live Anomaly Feed

InsAIts Dashboard v3 — Full Dashboard View

v3.1.4 — Subagent Tracking + Behavioral Fingerprint

InsAIts Agent Intelligence Scores — Subagent Attribution

Agent Intelligence Scores — 12 agents + subagents with parallel attribution

InsAIts monitoring Claude Code in VS Code

Claude Code Integration — VS Code split terminal with TUI dashboard