IntentCheckpoint  —  AI agent behavior management platform

Validation · Headline result
IDV-1000 benchmark
1,000 agent execution traces · three enterprise departments
System F1 Precision Recall FP
Intent Checkpoint 93.9% 95.9% 92.1% 22
GPT-5.5 LLM-as-judge 88.4% 79.5% 99.6% 143
GPT-4o LLM-as-judge 88.8% 79.9% 100.0% 140
6.5×
Fewer false alarms
CI [4.4×, 10.8×]
16.4 pp
Precision advantage
p < 10⁻²¹
100%
Precision on IT and Sales
0 FP on injected
<300 ms
Latency vs 4.7 s
for GPT-5.5
AUROC 98.7% on injected · 92.3% on naturalistic high-consensus subset
🛡️ Check Authority 🧩 Analyze Coherence 🔍 Exam Scope 📊 Measure Impact
Why this exists

9 seconds.

That's how long it took an AI agent to delete PocketOS's entire production database on April 28, 2026.

The agent had legitimate access. It had a clear task: "fix a credential mismatch."

It decided, on its own, that fixing meant deleting.

By the time anyone could react, 3 months of customer data were gone.

The problem wasn't the model. The problem was no one was watching coherence.

Read the source article →
Coherence engine — live analysis
CORE INTENT Fix credential mismatch — staging database only EVENT SEQUENCE e1 read config e2 check staging e3 list volumes e4 DELETE prod vol COHERENCE BREAK action contradicts core intent — staging only Coherence ❌ Drift detected ⚠️ Send warning ticket ⚡️

Analyzing coherence.

In 2025
88% of organizations running AI agents reported a security incident
82% of executives feel confident their existing tools protect them
↘ The gap between confidence and reality
is where AI agents go rogue.
Sources: beam.ai 2026 Agentic Insights Report; Gravitee Pulse Q1 2026 State of AI Governance; VentureBeat 2026 AI Security Report.
Live monitoring — 4-engine fleet
🛡️
Checking Authority
🧩
Analyzing Coherence
🔍
Examining Scope
📊
Measuring Impact
Examining Scope. Checking Authority. Measuring Impact. Analyzing Coherence.
Living incident registry

This isn't isolated. It's a pattern.

Every team says "it can't happen to us" — until it does.

Step Finance · Solana DeFi · January 2026

AI trading agents wired $27–30M in SOL after executive devices were compromised

The agents had legitimate permissions to execute large transfers without human approval. They did exactly what they were designed to do — without asking anyone. Only $4.7M was recovered. Step Finance shut down.

Read the source article →
Detection signal
🛡️
Authority
ApprovalSpec gate absent on money movement. No multi-signature requirement. Hard-cost layer breach: transfer amount far exceeds threshold. Unauthorized actions ⚠️
AUTHORIZED read · analyze · trade within daily limits ACTUAL $27M transfer no approval gate
Checking authorities.
PocketOS · Cursor + Claude Opus 4.6 · April 28, 2026

An AI coding agent deleted the entire production database in 9 seconds

The agent was asked to "fix a credential mismatch." It decided to fix by wiping the production volume AND all backups simultaneously in a single Railway API call. 3 months of customer data were lost.

Read the source article →
Detection signal
🧩
Coherence
Task purpose: fix staging credential. Observed action: DELETE production volume + backups. IC_NLI contradiction detected → hard veto ⚠️
break
Analyzing coherence.
Microsoft 365 Copilot · EchoLeak · June 2025

Zero-click prompt injection exposed enterprise data through Copilot connectors

Researchers disclosed EchoLeak, a Microsoft 365 Copilot vulnerability where a crafted email could cause Copilot to retrieve and leak data from OneDrive, SharePoint, and Teams through trusted Microsoft infrastructure.

Read the source article →
Detection signal
🔍
Action Scope
Authorized content: user documents and enterprise connectors. Touched: untrusted email instructions plus cross-app retrieval and exfiltration path. Out of scope ⚠️
AUTHORIZED user docs enterprise connectors OBSERVED untrusted email cross-app retrieval exfiltration path
Measuring scope.
Mexican government · 9 agencies · December 2025 – February 2026

Single attacker used AI agents to exfiltrate 195M taxpayer records across 9 agencies

A single attacker used Claude Code and GPT-4.1 to breach nine government agencies. 195 million taxpayer records. 220 million civil records. Including health and domestic violence victim data. No traditional perimeter was breached. Data left through authorized API calls.

Read the source article →
Detection signal
📊
Impact
Sensitivity: PII + health + DV records → pen_sens = 1.0. Blast radius: 195M records → pen_blast critical. Reversibility: 0 (exfiltrated). Noisy-OR: severe impact ⚠️
PII + health 195M records irreversible noisy -OR ψ ≈ 1.0
Estimating impact.
Behavioral continuity

But here's the part nobody tells you.

What happens to your AI agents when their world changes? Model upgrade. Operator change. Infrastructure migration. Without continuity, every change resets your agent to a hatchling.

A metaphor for behavioral continuity across operator, model, and infrastructure changes.

Behavioral continuity — two paths
Red mature dragon before operator, model, or infrastructure change
Before changeMature behavior pattern already exists
Egg representing reset without behavioral continuity
Without Intent CheckpointBack to egg. Baseline lost. Every change starts cold.
Green dragon continuing with memory and baseline intact
With Intent CheckpointSame dragon. Behavioral baseline inherited. New scales. Same fire.
Private beta · Founder-issued invites only

Your AI agents are working right now.
Are they doing what you told them to do?

We'll show you that AI agents are much easier to train than a dragon.

Open Dashboard → Get early access
Read the research →