Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

Back to Guides
Product Guides
Advanced25 min

Agentic Architecture Deep Dive

Explore the 5 core intelligence systems, 20 agents, approval tiers, and how they coordinate autonomously

BrainstormMSP's agentic architecture is built on 5 core intelligence systems that coordinate 20 autonomous agents. Each agent follows OODA loops, produces evidence chains, and respects risk-based approval tiers. This guide covers the complete architecture.

1

Intelligence Systems

The 5 Core Intelligence Systems

1. Evolutionary Brain

The learning core. Processes signals, makes decisions, and evolves strategies based on outcomes. Uses multi-LLM reasoning with Claude as the primary reasoning engine.

2. Signal Processor

The nervous system. Ingests signals from 30 sentinels, edge agents, and connectors. Classifies, enriches, and routes signals to the appropriate agents.

3. Control Graph

The knowledge backbone. Maps relationships between assets, controls, evidence, and compliance frameworks. Powers the compliance engine and gap analysis.

4. Evidence Chain

The audit layer. Creates cryptographic provenance for every decision, action, and outcome. Satisfies SOC 2, CIS, and insurance attestation requirements.

5. Fleet Learning

The edge intelligence. Aggregates patterns from across the edge agent fleet to improve predictions, anomaly detection, and preventive actions.

2

20 Agents

Agent Categories

Observation Agents

Endpoint Observer, Network Intelligence, Asset Intelligence

Security Agents

Security Responder, Compliance Agent, Insurance Agent

Operations Agents

Patch Orchestrator, Data Protection, Remote Troubleshooter

Intelligence Agents

Insight Engine, Predictive Analytics, Fleet Learning, Signal Processor

Orchestration Agents

Automation Orchestrator, Connector Orchestrator, Edge Orchestrator, Triage Coordinator, Vendor Bridge

Core Agents

Control Graph, Remediation Engine

How Agents Coordinate

Agents communicate through the Signal Processor:

1. One agent emits a signal (e.g., "backup failure detected")

2. Signal Processor routes to relevant agents (e.g., Data Protection, Triage Coordinator)

3. Each agent evaluates and may emit follow-up signals

4. The Brain coordinates final actions

3

Approval Tiers

Risk-Based Approval

Not all actions execute automatically. The approval system uses tiered risk levels:

Auto-Execute (No Approval)

READ_ONLY actions (queries, reports, evidence collection)

LOW risk actions (notifications, ticket updates)

MEDIUM risk with confidence > 85%

Approval Required

MEDIUM risk with confidence < 85%

HIGH risk actions (service restarts, configuration changes)

CRITICAL actions (data deletion, access revocation)

Approval Workflow

1. Agent requests approval through the Approval Gates system

2. Notification sent to appropriate role (admin, owner)

3. Approver reviews evidence chain and reasoning

4. Approve, deny, or modify the action

5. Outcome recorded in evidence chain

4

Risk Levels

Risk Classification

Every action is classified by risk level:

Risk LevelExamplesApproval

|------------|----------|----------|

READ_ONLYCollect telemetry, run queriesNever
LOWSend notification, create ticketNever
MEDIUMRestart service, apply patchConditional
HIGHModify config, revoke accessAlways
CRITICALDelete data, disable agentAlways + MFA

Confidence Scoring

The brain assigns a confidence score (0-100) to every decision:

**85+**: High confidence — auto-execute for MEDIUM risk

**70-84**: Moderate — notify but may still require approval

**Below 70**: Low — always require approval regardless of risk

5

Evidence Chain

From Signal to Outcome

Every action creates a complete evidence chain:

1. **Trigger**: The signal or event that initiated the action

2. **Context**: Tenant state, asset history, risk profile

3. **Reasoning**: AI reasoning trace with cited evidence

4. **Decision**: The chosen action and alternatives considered

5. **Execution**: Timestamp, executor, and action details

6. **Outcome**: Result, follow-up signals, and learning update

Evidence for Compliance

Evidence chains map to compliance requirements:

**CIS 8.1**: Control evaluation evidence

**SOC 2**: Access control and change management audit trail

**Insurance**: Attestation evidence packs

Querying Evidence

Access evidence chains at **Brain > Decisions** or via the API:

Filter by date range, agent, risk level, or outcome

Export as PDF for auditor review

Evidence retention: 12 months by default

Completed!

You've completed the Agentic Architecture Deep Dive guide. Ready to continue learning?