Skip to main content

mnemo_core/anomaly/
mod.rs

1//! Embedding-space anomaly detection.
2//!
3//! The MINJA-class indirect-injection detector in `query::poisoning` catches
4//! self-referential instruction markers via lexical rules. That covers the
5//! explicit attack surface from arXiv:2503.03704 but misses adversarial
6//! rewrites that preserve semantics while drifting the embedding away from
7//! the agent's normal distribution. This module adds a z-score outlier
8//! gate over the embedding space as a complement — not a replacement —
9//! scoped per agent and per source tier.
10//!
11//! The gate is off by default and only runs when a trained
12//! [`crate::model::embedding_baseline::EmbeddingBaseline`] exists for the
13//! agent and [`crate::query::poisoning::PoisoningPolicy::outlier_threshold`]
14//! is set.
15
16pub mod outlier;