The Eight Frame Agents
Trace8 doesn’t run one model with a system prompt and a confidence score. It runs a pipeline of eight specialized agents — each with a defined job, a structured contract, and a single responsibility in the chain from alert to decision.
First contact with the raw alert. Normalizes, assesses, and returns a structured call — true positive, false positive, or escalate — with severity and reasoning attached. Everything downstream builds on this contract.
Pivots across your log sources for everything relevant — the facts that support the verdict and the facts that undercut it. Hunt is deliberately not partisan. It builds the full picture so Challenge has something real to attack.
The agent that makes Trace8 trustworthy. Challenge takes the Triage verdict and tries to break it — searching for the benign explanation, the missed context, the reason the confident answer is wrong. Runs on every verdict, without exception. Adversarial validation is the architecture, not an add-on.
Assembles the investigation into something auditable: what’s known, what’s inferred, what’s still missing. The gaps are first-class output — an honest investigation names what it couldn’t confirm.
Reaches into endpoint telemetry to confirm or contradict the log-level story. Process lineage, parent-child chains, signing status — the detail that separates a real compromise from a look-alike.
Owns anything email-borne. Resolves sender, payload, and the full delivery path to answer the question every phishing investigation turns on: how did this get in, and what did it carry.
Translates the machine investigation into a human decision. Not a field dump — a narrative: what happened, why the system believes it, and what to do next.
Validates the whole chain before anything surfaces. Internal contradictions, broken reasoning, incomplete evidence — caught here, before they reach a human. The last check between the pipeline and your screen.
Why eight, not one