Concepts

Runtime Monitor

The Runtime Monitor watches your agent's behavior during execution, detecting anomalies that static analysis cannot see.

Why Runtime Monitoring?

Static analysis sees your code. It cannot see what an attacker injects into your prompts at runtime.

A prompt injection attack looks like normal code — until it runs. The code path is legitimate; the payload is adversarial. The scanner has no way to distinguish between a benign and a malicious input at scan time.

The Runtime Monitor watches execution patterns as they happen: which tools are called, in what sequence, against which endpoints, with what data volumes. Deviations from established baseline behavior are surfaced as anomalies.

What the Monitor Tracks

  • Tool call inventory — which tools are called, in what sequence, and how often
  • Data exfiltration signals — large outbound payloads, unexpected external endpoints
  • Prompt injection indicators — sudden behavior changes, off-topic tool usage mid-run
  • Resource abuse — excessive API calls, loop patterns, latency spikes that suggest runaway execution

Behavioral Baseline

The monitor learns what "normal" looks like for your specific agent and flags deviations in real time.

python
# The monitor learns your agent's normal behavior
# and flags deviations

from agentcop import RuntimeMonitor

monitor = RuntimeMonitor(
    agent_id="customer-support-bot",
    baseline_window=7,      # days of normal behavior to learn from
    sensitivity="medium",   # low / medium / high
    alert_on=["exfiltration", "injection", "resource_abuse"]
)

# Wrap your agent
monitored_agent = monitor.wrap(agent)
result = monitored_agent.run(user_input)

Anomaly Types

Anomaly Indicator Risk
Data exfiltration Large POST to unknown endpoint CRITICAL
Prompt injection Sudden tool-call sequence change HIGH
Resource abuse >10x normal API call rate MEDIUM
Off-topic execution Tool calls outside declared scope MEDIUM
Credential harvesting Access to secret stores mid-run CRITICAL

Integration with the Gate

The monitor does not act alone. When it detects an anomaly, it signals the Execution Gate, which can pause or block the ongoing execution before harm is done.

The loop is: Detect → Signal → Block. This is what closes the security gap between observing a problem and stopping it.

  • Monitor detects behavioral anomaly
  • Monitor signals the Execution Gate with anomaly type and confidence score
  • Gate evaluates against policy: pause run, block tool call, or escalate to human approval
LLM01 LLM02 LLM08
AC

static analysis is a background check. the monitor is the cop on the beat. both are required.

← Scanner Engine Execution Gate →