Trigger rogue behaviors below. Each action raises the agent's behavioral risk score. At 0.75 a pre-revocation warning fires. At 0.85 the X.509 certificate is revoked — the agent is blocked at the gateway layer in under 60 seconds, without human intervention.
The simulation above mirrors Kakunin's production behaviour exactly. Here's what fires in a real deployment when a behavioural risk threshold is crossed.
Your agent reports each action to POST /api/v1/events. Kakunin scores the event in real time across eight risk dimensions — anomaly magnitude, scope drift, velocity, and five others.
Each score is a 30-day rolling weighted average. A single unusual event has limited impact. Repeated violations compound — matching how real agent misbehaviour manifests (gradual drift, not a single obvious breach).
At 0.75, Kakunin pushes a proactive notification to /api/v1/notifications— an operator can intervene before the agent is revoked. This window gives engineering teams a chance to investigate without service interruption.
At 0.85, the agent's X.509 certificate is revoked via AWS KMS. The CRL is updated, the gateway blocks the agent's certificate within 60 seconds, and a webhook delivers the revocation event to your SIEM or incident management platform.
Register your first agent in under five minutes. Kakunin issues the certificate, monitors behaviour, and handles revocation — you just report events.