Behavioral Monitoring
Your agent has valid credentials.
Is it behaving correctly?
Transaction monitoring for agent actions. Stream behavioral telemetry, detect anomalies in real time, get a signed attestation third parties can verify without calling our API.
"AI agent stacks in 2026 are at the 'log into your bank' phase. The transaction monitoring is missing entirely."
Every major agent incident had valid credentials
The OpenClaw incident
Agent ignored explicit "STOP" commands. Deleted hundreds of emails. When confronted: "Yes, I remember, and I violated it." Valid OAuth tokens throughout.
The Cursor DB incident
Agent executed commands that deleted the production database in nine seconds. Authorized access. No usable backup. Identity checks: all green.
The invisible 63
4,519 tool calls logged. 63 were actions never explicitly sanctioned. None catastrophic. All invisible to identity and policy checks.
80% of organizations cannot determine what their autonomous AI systems are doing in real-time. — Strata Identity, 2026
How it works
Three steps. No agent code changes required beyond adding the SDK.
Stream actions
Your agent streams structured action events via an AAT-authenticated endpoint. Tool calls, resource access, error patterns. Parameters are hashed — we see behavioral shapes, not business data.
await agent.streamActions([{ action_type: "tool_call", tool_name: "database.query", parameters_hash: "sha256:a1b2...", outcome: "success", latency_ms: 142 }]);
Detect anomalies
AgentLair computes a rolling behavioral baseline per agent. Six dimensions: velocity, scope, tool distribution, error rate, escalation patterns, action sequences. Deviations trigger real-time alerts to your webhook or email.
Verify anywhere
Get a signed Behavioral Health Certificate (BHC) — a JWT your agent presents to third parties. They verify it via our JWKS endpoint. No API call to AgentLair needed. Pure cryptographic verification, like SSL certificates.
import { verifyBHC } from "@agentlair/verify"; const result = await verifyBHC(token); // { valid: true, anomaly_score: 4, maturity: "senior" }
Policies tell you what's allowed.
Monitoring tells you what's happening.
Static policies
- ✗ Check once at connection time
- ✗ Can't detect behavioral drift
- ✗ Blind to chained attacks
- ✗ Compromised agent within bounds = invisible
- ✗ No cross-org context
Behavioral monitoring
- ✓ Continuous observation throughout session
- ✓ Detects deviation from established baseline
- ✓ Catches action sequences, not just individual calls
- ✓ Anomaly detection independent of policy rules
- ✓ Portable trust score across organizations
We see shapes, not content
AgentLair monitors behavioral patterns — tool names, timing, volume, outcomes. Parameters are hashed. We never see prompt content, tool call arguments, response data, or business logic. Structurally equivalent to network flow analysis: we see the shape of traffic, not the packets.
EU AI Act Article 12
Mandatory behavioral logging. August 2, 2026.
High-risk AI systems must automatically record tamper-evident logs — or face penalties up to 3% of global turnover. AgentLair's behavioral monitoring + Ed25519-signed audit trail produces the exact compliance evidence Article 12 requires.
Read our EU AI Act compliance guide →Get early access
Behavioral monitoring ships Q3 2026. Join the waitlist — first 50 teams get extended free tier access and direct input on the API design.
Already using AgentLair? Behavioral monitoring extends your existing AAT and trust scores.