Threat Detection Configuration
Configure threat detection settings for your agents.
Default Settings
Threat detection is enabled by default for all plans. Out of the box, every agent gets:
- Pattern-based scanning (47+ rules) on every span
- Agent Risk Score (0-100) updated continuously
- Network Protection contribution (anonymous)
- Automatic incident creation for critical/high threats
Configuring the AI Provider
AI-powered scanning (Dual AI Verification) requires a configured AI provider. Go to Settings → Security AI to set up:
- Provider — OpenAI, Anthropic (Claude), or Google
- Model — The specific model to use for scanning
- API Key — Your provider API key (stored encrypted)
Verification Threshold
The confidence threshold (default: 0.70) controls when LLM Layer 2 verification is triggered. Threats with confidence below this threshold are sent for secondary review.
| Use Case | Recommended Threshold |
|---|---|
| High-security (fintech, healthcare) | 0.60 — more threats verified |
| Standard (general purpose) | 0.70 — balanced |
| Cost-optimized | 0.85 — fewer Layer 2 calls |
Always Verify Critical
When enabled (default: on), all critical-severity threats are sent for Layer 2 verification regardless of confidence score. This ensures the highest-risk detections always get dual-model consensus.
Auto-Incident Creation
By default, critical and high severity threats automatically create incidents. You can configure which severity levels trigger auto-incidents in your settings.