Agent API Key Compromise Scenario
An agent's API key is leaked or compromised. Sipi Bot detects anomalous usage (unusual endpoints, changed geo-location, different agent behavior patterns) and forces a key rotation.
The compromised key is immediately revoked, a new key is issued, the incident is logged, and the human operator is notified. All spending under the compromised key is flagged for audit.
How does Sipi Bot detect anomalous usage?
It builds a baseline of normal agent behavior patterns (endpoints called, time of day, request volume). When usage deviates significantly, it flags the incident for human review.