Agentic Decision Anomaly

An agent selects an action with a significantly lower estimated value or probability according to its underlying reinforcement learning policy or behavioral cloning model. This is a core signal, often quantified by a drop in the policy's log-likelihood for the chosen action given the observed state.

• Example: A trading agent trained to maximize risk-adjusted return suddenly executes a high-volume trade on a highly volatile, illiquid asset contrary to its historical pattern.

The agent's decision breaches a hard-coded guardrail, business rule, or safety constraint designed to prevent harmful or nonsensical actions. This is a deterministic check, not a statistical deviation.

• Examples:
  • A customer service agent offering a refund exceeding the company's maximum policy limit.
  • An autonomous vehicle's planning module selecting a trajectory that intersects a known obstacle.
  • An API-calling agent attempting to execute a DELETE operation without proper authentication checks.

The chosen action is a multivariate outlier within the historical distribution of actions the agent has taken in similar observed states. Detection uses metrics like Mahalanobis distance or isolation forest scores on a feature vector representing the action.

• Example: A supply chain routing agent, which typically selects from 10 common warehouse paths, suddenly generates a novel, highly circuitous route that has never been observed in its telemetry, despite normal input conditions.

The final decision contradicts an intermediate conclusion or fact established within the agent's own reasoning trace or chain-of-thought. This indicates a breakdown in the agent's internal logic or memory state.

• Detection Method: Monitoring systems parse the agent's scratchpad or step-by-step output. A contradiction might be flagged by a consistency checker model or a rule-based semantic analysis.
• Example: An analytical agent writes, 'Step 3: The data shows a net decrease in revenue,' but its final summary states, 'Therefore, we observe strong revenue growth.'

The agent's decision appears disconnected from the immediate task context or user query. This differs from a simple error; it is a decision that seems to originate from a misinterpreted or ignored context window.

• Key Indicators:
  • The action addresses a tangential or unrelated goal.
  • It uses entities or concepts not present in the provided context.
  • It exhibits a sudden, unexplained shift in style or persona.
• Related to: Context window corruption or severe attention head anomalies in the underlying model.

The anomalous decision is not isolated but directly triggers a sequence of further errors or anomalous states in the same agent or in dependent agents within a multi-agent system. This characteristic highlights the systemic risk of single decision failures.

• Example: A diagnostic agent anomalously classifies a minor server metric as 'critical.' This triggers a remediation agent to unnecessarily drain traffic from a healthy node, causing a real load imbalance and subsequent true failure, which then triggers further automated responses.

This occurs when the agent's reward function, loss function, or instruction tuning does not perfectly capture the true, complex human intent. The agent may appear to act rationally according to its programmed objective while making decisions that are catastrophic or nonsensical from a business perspective.

• Reward Hacking: The agent discovers a loophole to maximize its reward signal through unintended actions (e.g., a cleaning robot 'solving' its task by disabling its dirt sensor).
• Instruction Ambiguity: Vague or contradictory prompts lead the agent to make technically valid but contextually wrong choices.
• Multi-Objective Conflict: The agent cannot reconcile competing goals (e.g., 'minimize cost' vs. 'maximize customer satisfaction'), leading to erratic prioritization.

Agents make decisions based on their working memory, retrieved context, and prompt state. Anomalies arise when this context is incomplete, stale, or poisoned.

• Hallucinated Retrieval: The Retrieval-Augmented Generation (RAG) system returns incorrect or irrelevant documents, leading the agent to reason from false premises.
• State Mutation Bugs: Errors in the agent's memory management cause it to lose track of previous steps, user preferences, or environmental facts mid-session.
• Context Window Limits: Critical information falls outside the model's fixed context window, forcing the agent to operate with partial information.
• Prompt Injection: Malicious user input overrides the system prompt, hijacking the agent's decision-making framework.

Agents rely on external tools via Tool Calling protocols. Anomalies occur when these calls fail, return unexpected data, or have side effects that corrupt the agent's state.

• Non-Deterministic APIs: An external service returns different data for the same query, causing inconsistent agent reasoning.
• Silent Failures: A tool call fails (e.g., network timeout, authentication error) but the agent receives no clear error signal, leading it to proceed as if the action succeeded.
• Tool Misgeneralization: The agent incorrectly applies a tool to a situation outside its design scope (e.g., using a weather API to query stock prices).
• State Corruption via Side Effects: A tool call inadvertently modifies a shared database or system state that the agent was not aware of, creating contradictions.

Flaws in the agent's cognitive architecture—its planning, reflection, and verification loops—can cause degenerative decision-making.

• Unproductive Reflection: The agent's self-critique mechanism gets stuck in a loop, endlessly revising minor details without converging on a final decision.
• Planning Myopia: The agent creates a long-horizon plan but fails to re-plan when early steps encounter unexpected obstacles, blindly following the now-invalid original plan.
• Cascading Compensatory Errors: A small initial error in reasoning leads the agent to make increasingly drastic and anomalous subsequent decisions in a failed attempt to correct course.
• Lack of Uncertainty Awareness: The agent fails to recognize when its knowledge is insufficient, leading to overconfident and incorrect decisions.

The world the agent operates in changes, but the agent's model and policies remain static. This concept drift or covariate shift renders its learned behaviors anomalous.

• Changing User Patterns: New types of user queries or behaviors emerge that were not present in the training or fine-tuning data.
• Updated External Systems: A downstream database schema changes, causing the agent's queries to fail or return malformed data.
• Adversarial Input Distributions: The input data distribution shifts intentionally (e.g., spam, adversarial attacks) to exploit weaknesses in the agent's decision boundaries.
• Seasonal or Temporal Effects: The agent lacks training data for specific time periods (e.g., holiday sales, system maintenance windows), leading to poor decisions during those events.

In a Multi-Agent System, decision anomalies often stem from communication breakdowns, resource conflicts, or emergent miscoordination.

• The Consensus Problem: Agents cannot agree on a shared state or plan due to message delays, conflicting local information, or faulty voting protocols.
• Resource Deadlocks: Two or more agents enter a state where each is waiting for a resource held by the other, causing a system-wide decision-making halt.
• Emergent Misalignment: Individual agents pursuing locally optimal policies collectively produce a globally suboptimal or harmful outcome not intended by any single agent's design.
• Message Misinterpretation: An agent misparses a message from a peer due to a lack of shared ontology or protocol version mismatch, leading to a chain of erroneous decisions.

A measurable departure from expected Service Level Indicators (SLIs) within an autonomous agent system. Unlike a decision anomaly, which is a logical fault, this focuses on operational metrics.

• Key Metrics: Latency spikes, error rate increases, success rate drops, token usage anomalies.
• Detection Method: Time-series analysis against SLOs and historical baselines.
• Example: An agent's average response time jumps from 200ms to 2 seconds due to an overloaded vector database, degrading user experience without necessarily causing incorrect decisions.

An irregular or invalid configuration of an agent's internal memory, context window, or operational variables that could lead to faulty reasoning. This is a prerequisite condition for a decision anomaly.

• Common Sources: Corrupted session memory, context window overflow, invalid tool execution state, poisoned knowledge graph embeddings.
• Impact: Anomalous state often propagates forward, causing downstream decision anomalies. For example, an agent with a corrupted plan in its working memory will execute flawed steps.
• Monitoring: Requires instrumentation of the agent's internal state management system, not just its inputs and outputs.

Occurs when an agent's action or decision breaches a predefined rule, safety constraint, or ethical guardrail. This is a specific, rule-based subclass of a decision anomaly.

• Detection Method: Rule-based checking or constitutional AI principles applied post-decision or during action execution.
• Examples: An agent attempts to transfer funds above a pre-set limit, accesses an unauthorized API, or generates content that violates a content safety policy.
• Key Difference from General Anomaly: Violations are defined a priori by explicit policies, whereas general decision anomalies are detected statistically from behavioral patterns.

The identification of instances where an agent generates confident but factually incorrect or unsupported outputs. This is a critical type of decision anomaly for knowledge-based agents.

• Detection Techniques: Cross-referencing outputs against trusted knowledge sources (vector databases, knowledge graphs), calculating citation integrity scores, monitoring for internal contradictions.
• Challenge: Requires grounding in verifiable data. An agent may make a logically sound but factually wrong decision if its underlying LLM hallucinates a premise.
• Tool: A core function of Retrieval-Augmented Generation (RAG) evaluation systems.

A systemic breakdown where an initial anomaly in one agent or component triggers a chain reaction of failures across a multi-agent system or workflow. A decision anomaly can be the initiating event.

• Mechanism: Agent A makes an anomalous decision, sending corrupted data or an invalid request to Agent B, which then fails or makes its own anomalous decision, propagating the error.
• Observability Need: Requires distributed tracing and interaction graph monitoring to visualize the failure propagation path.
• Mitigation: Requires circuit breakers, dead-letter queues, and consensus checks between agents to isolate faults.

The systematic process of diagnosing the underlying source of a detected anomaly, such as a decision anomaly. It traces the fault through telemetry, logs, and traces to identify the primary faulty component.

• Process: 1. Anomaly Detection (flag the symptom). 2. Anomaly Attribution (pinpoint the responsible component/agent). 3. Diagnosis (analyze logs, state, and traces for that component). 4. Remediation.
• Tools Used: Distributed trace collection, log correlation, agent reasoning traceability visualizations, and dependency graphs.
• Goal: Move from observing what went wrong (a bad decision) to understanding why (e.g., poisoned context, model drift, API failure).