Expand description
Multi-turn session analysis for detecting extraction attacks (R-IS-03).
Tracks cross-request state per session to detect progressive escalation, system prompt extraction probes, credential probing, and suspicious topic shifts across conversation turns.
§Architecture
Each session accumulates SessionEvents. On every new event the analyzer
re-evaluates the full session history looking for:
- Escalation – risk increasing across consecutive turns.
- Extraction probing – regex-matched patterns known to extract system prompts, credentials, or context.
- Topic shifting – sudden drops in inter-turn similarity that correlate with rising risk (a hallmark of social-engineering attacks).
- Cumulative risk – the running sum of per-turn risk scores.
Structs§
- Escalation
Alert - Details of a risk-escalation between consecutive turns.
- Extraction
Indicator - An extraction-probe pattern match.
- Session
Analysis Result - Full result of analysing a session.
- Session
Analyzer - Session-aware multi-turn security analyzer.
- Session
Analyzer Config - Tuneable thresholds for session analysis.
- Session
Event - A single request/response pair recorded in a session.
- Session
State - Accumulated state for a single conversation session.
- Topic
Shift Alert - Detected suspicious topic shift between turns.
Enums§
- Session
Alert - A discrete alert raised by session analysis.