Blast radius

The blast radius gate sits between “one machine has a finding” and “let’s scan the whole fleet” — keeping routine hygiene findings from triggering fleet-wide distribution.

Why it exists

Without this gate, every pathfinder finding would fan out to every agent. A developer with a credential in a .env file would cause every machine in the company to run a credential-hunting scan. That’s expensive, high-visibility — security teams and endpoint owners notice when all machines start running checks — and it erodes trust in the tool when it fires on non-threatening findings.

The gate is the reason an investigation into one suspicious binary stays focused on the machines where that binary could realistically appear, rather than touching every laptop in engineering.

How it works

After the pathfinder exploration completes, the brain runs a blast radius decision using a standard-tier LLM (Sonnet, temperature 0). It is given the original investigation query, the pathfinder’s summary and confidence score, and the fleet size. It returns one of three decisions:

NO_ACTION — the finding is contained to the pathfinder host. Stop here. The brain generates a report from the pathfinder results only and marks the investigation complete. No fleet plan is compiled or distributed.

TARGETED — check a specific subset of agents. The LLM provides a description of which agents to check and why (for example, “developers in the same GitHub org” or “machines that SSH’d into the compromised host”). The decision is logged in the activity feed so you can see the reasoning.

FLEET_WIDE — check all agents of the target OS. Reserved for high-confidence IOCs where the indicator could realistically appear on any machine.

The LLM is instructed to follow these rules, in priority order:

• Hygiene issues (credential in .env, SSH key without passphrase) → always NO_ACTION. These are personal habits; checking the fleet just finds more bad hygiene, not an active threat.
• Shadow IT (unauthorized tool, unapproved AI runtime) → NO_ACTION or TARGETED at most. Never FLEET_WIDE.
• IOCs (suspicious binary, C2 connection, persistence mechanism) → TARGETED first. FLEET_WIDE only if confidence exceeds 0.95 and the indicator is not endpoint-specific.

If the LLM response fails to parse, the brain defaults to NO_ACTION — the conservative choice when the decision is uncertain.

Current behaviour vs intended

TARGETED is partially implemented. The brain decides TARGETED and logs which agents should be checked and why, but the distributor currently fans the plan to every non-stale agent of the target OS — the same as FLEET_WIDE. The scope filtering is future work. You can read the TARGETED reasoning in the activity feed to understand what the system intended, but today you should assume any non-NO_ACTION decision reaches all OS-matching agents.

When you’d touch it

Normally you don’t configure the blast radius gate — it’s fully automatic. What you do with it is read the decision in the activity feed when it surprises you.

If a finding that you expected to go fleet-wide resulted in NO_ACTION, the reasoning field in the activity feed will explain why. The most common cause is that the pathfinder’s confidence landed below 0.30, triggering the low-confidence early exit before the blast-radius decision even runs.

If you’re seeing FLEET_WIDE decisions on findings you consider routine, check whether the pathfinder’s investigation query is too specific — for example, a query framed around a known malware name will encourage the LLM toward higher-confidence IOC classification.

Related

• Concept → Investigations
• Concept → Hive mind
• Internal → Distributor