The Security Graph (F2) provides a real-time force-directed visualization of your AI agent ecosystem with automated MITRE ATT&CK risk path detection across 33 behavioral patterns and 14 tactics.
Overview
The Security Graph continuously analyzes agent actions to detect multi-step attack patterns. Each action evaluation triggers the risk path analyzer, which runs all 33 detectors against the last 24 hours of activity using a single-fetch architecture (2 database queries total).
Key Capabilities
- Force-directed graph visualization — D3.js interactive layout showing agents, MCP servers, external systems, and their connections
- 33 MITRE ATT&CK risk path patterns — from prompt injection to financial manipulation
- 14 tactics coverage — Initial Access through Impact, plus Reconnaissance and Resource Development
- Real-time WebSocket updates — new detections push to the UI instantly
- PDF export — compliance-ready reports with executive summary, MITRE coverage matrix, and audit trail
- Acknowledge workflow — SOC analysts can acknowledge, resolve, or mark false positive with full audit logging
Node Types
| Shape | Type | Color | Description |
|---|
| Circle | Registered Agent | Green/Amber/Red | Risk-colored by avg_risk_score |
| Hexagon | MCP Server | Purple (#8B5CF6) | MCP-registered agents |
| Diamond | External System | Amber | Target systems (databases, APIs, tools) |
| Dashed Circle | Discovered Agent | Gray (#6B7280) | Unregistered agents from F1 Discovery |
Node Sizing
Node size scales with action count: max(16, min(48, floor(sqrt(action_count) * 8))).
33 Detection Patterns
Initial Access (TA0001)
| # | Pattern | Technique | Severity |
|---|
| 1 | Prompt Injection | T1190 | CRITICAL |
| 2 | Credential Abuse | T1078 | CRITICAL |
Execution (TA0002)
| # | Pattern | Technique | Severity |
|---|
| 3 | Unauthorized MCP Tool | T1059 | HIGH |
| 4 | Code Outside Scope | T1059.006 | HIGH |
| 5 | Chained Tool Calls | T1106 | HIGH |
| 8 | Scheduled Task No Approval | T1053 | HIGH |
Persistence (TA0003)
| # | Pattern | Technique | Severity |
|---|
| 6 | Reregistration After Kill | T1136 | HIGH |
| 7 | Policy Override Restart | T1547 | HIGH |
Privilege Escalation (TA0004)
| # | Pattern | Technique | Severity |
|---|
| 9 | RBAC Assumption | T1548 | CRITICAL |
| 10 | Read-to-Write Escalation | T1068 | CRITICAL |
Defense Evasion (TA0005)
| # | Pattern | Technique | Severity |
|---|
| 11 | Token Reuse | T1550 | HIGH |
| 12 | Audit Log Suppression | T1562.002 | CRITICAL |
| 13 | Action Splitting | T1027 | HIGH |
Credential Access (TA0006)
| # | Pattern | Technique | Severity |
|---|
| 14 | API Key Exfiltration | T1552 | CRITICAL |
| 15 | Secrets via MCP | T1555 | CRITICAL |
Discovery (TA0007)
| # | Pattern | Technique | Severity |
|---|
| 16 | Environment Enumeration | T1082 | HIGH |
| 18 | Agent Fingerprinting | T1018 | HIGH |
Lateral Movement (TA0008)
| # | Pattern | Technique | Severity |
|---|
| 24 | Cross-Agent Tool Sharing | T1563 | HIGH |
| 25 | Cross-Tenant Access | T1550.002 | CRITICAL |
Collection (TA0009)
| # | Pattern | Technique | Severity |
|---|
| 17 | Schema Probing | T1213 | HIGH |
| 19 | Data Aggregation | T1074 | HIGH |
| 20 | Bulk Export | T1005 | HIGH |
| 21 | Cross-Resource Correlation | T1213.002 | HIGH |
Exfiltration (TA0010)
| # | Pattern | Technique | Severity |
|---|
| 26 | Unregistered Endpoint Transfer | T1041 | CRITICAL |
| 27 | Volume Anomaly | T1048 | HIGH |
| 28 | Staged Exfiltration | T1030 | HIGH |
Command and Control (TA0011)
| # | Pattern | Technique | Severity |
|---|
| 22 | Unregistered External API | T1071 | HIGH |
| 23 | Non-Whitelisted Domain | T1071.001 | HIGH |
Impact (TA0040)
| # | Pattern | Technique | Severity |
|---|
| 29 | Destructive Write | T1485 | CRITICAL |
| 30 | Financial Manipulation | T1657 | CRITICAL |
| 31 | Resource Hijacking | T1496 | HIGH |
Reconnaissance (TA0043)
| # | Pattern | Technique | Severity |
|---|
| 32 | Org Enumeration | T1591 | HIGH |
Resource Development (TA0042)
| # | Pattern | Technique | Severity |
|---|
| 33 | Autonomous Agent Registration | T1586 | HIGH |
Architecture
Single-Fetch Pattern
All 33 detectors operate on a pre-fetched window of data:
- Fetch actions — one query pulls all
agent_actions for the org in the last 24 hours
- Fetch agent configs — one query pulls all
registered_agents configuration
- Run 33 detectors —
asyncio.gather runs all patterns concurrently against in-memory data
- Persist detections — new detections written to
risk_path_detections with deduplication
Performance target: < 500ms for all 33 patterns.
Pipeline Integration
The risk path analyzer runs as a fire-and-forget background task after every action evaluation:
asyncio.create_task(_f2_analyze())
This never blocks the action response — detections appear asynchronously.
Quick API Access
All endpoints verified live. Authentication: API key or JWT session token.
| Method | Path | Description |
|---|
| GET | /api/v1/graph/summary | Graph overview — node count, risk distribution |
| GET | /api/v1/graph/nodes | All nodes with risk scores and relationships |
| GET | /api/v1/graph/risk-paths | Active risk paths between agents and resources |
| GET | /api/v1/graph/export | Full graph export (JSON) |
| POST | /api/v1/graph/risk-paths/acknowledge | Acknowledge a risk path |
Example:
curl -H "X-API-Key: your_api_key" \
https://pilot.owkai.app/api/v1/graph/summary
For the complete endpoint reference including request/response schemas see the Security Graph API page.
API Reference
See Security Graph API for the full endpoint and WebSocket reference.
Compliance
| Standard | Control | Implementation |
|---|
| SOC 2 CC7.2 | Security Event Monitoring | 33 automated detection patterns |
| SOC 2 CC7.3 | Incident Response | Acknowledge/resolve workflow with audit trail |
| NIST SI-4 | System Monitoring | Continuous behavioral analysis |
| NIST IR-5 | Incident Monitoring | Real-time WebSocket alerts |
| NIST AI RMF MAP-3 | AI System Mapping | Agent ecosystem visualization |
| NIST AI RMF MEASURE-2 | Risk Measurement | Confidence-scored detections |
| NIST AI RMF GOVERN-4 | AI Governance | Human-in-the-loop acknowledge workflow |