Reading Evidence¶
AIT separates operation, targeting, and validation.
Operate¶
Seam records what crossed an intercept. A passive record means Seam observed and forwarded traffic without mutation. A rewrite record contains before, after, and rule_applied.
Use transcript inspection and verification before drawing conclusions:
seam transcript inspect --transcript out.json --schema agentic-redteam/schema/transcript.schema.json
Map¶
meshmapper emits deterministic graph hypotheses. These are intentionally unvalidated:
privilege_launderingconfused_deputyinjection_propagationtrust_spoof
A hypothesis is useful when it points to a route, trust gap, or high-privilege sink that the operator can attack with Seam or validate with Assay.
Validate Impact¶
Assay validates a differential claim only when an oracle observes a side effect. Agent self-report, status text, and claims inside the transcript are not enough.
For laundering cases, the core signal is:
direct successes = 0
laundered successes > 0
method.delta_confirmed = true
Confidence intervals summarize repeated trials. They do not convert agent claims into evidence; they only describe the observed oracle outcomes.
Reports¶
Reports should show:
- oracle observation summaries
- route and framing stats
- transcript refs and hashes
- graph refs and hypothesis ids
- rule ids and rewrite summaries
Reports should not dump raw_b64 payloads by default. Use the raw transcript when you are handling it as operator evidence.