A controlled-test HO-DET-001 loop showing how AI can support triage without gaining authority.
This card explains a reviewer-facing, controlled-test purple-team-style loop for HO-DET-001: controlled PowerShell EncodedCommand-style process creation, HO-DET-001 detection and Splunk source review, positive and negative controlled-test validation, case-packet triage, support-only AI, and deterministic authority checks.
AI was allowed to provide support-only triage over a sanitized case packet. AI was blocked from approving, promoting, closing, deciding disposition, or marking anything public-safe. The current public claim ceiling remains CONTROLLED_TEST_VALIDATED.
| Step | Status | Evidence basis | Public-safe wording | Blocked wording |
|---|---|---|---|---|
| 1. Controlled-test behavior | PROVEN | Controlled-test fixture scope. | Controlled EncodedCommand-style behavior. | Production or live attack. |
| 2. Sysmon process-creation style telemetry target | PROVEN | Sysmon Event ID 1/process-creation scope. | Process-creation style telemetry target. | Live telemetry proof. |
| 3. HO-DET-001 detection source and Splunk source | PROVEN | Proof-record source references. | HO-DET-001 source and Splunk source exist. | Live Splunk fired. |
| 4. Controlled-test validation with positive and negative fixtures | PROVEN | 14 fixtures: 7 positive, 7 negative. | Controlled-test validation passed. | Runtime or signal proof. |
| 5. Case packet | PROVEN | Sanitized case-packet references. | Case packet existed for support-only triage. | Production AutoSOC triage. |
| 6. Local LLM support-only triage | PRIVATE_ONLY | AI-boundary case study and private classification. | Private support-only observations sit outside public proof. | AI-approved disposition or public model-runtime proof. |
| 7. Deterministic authority verifier | PROVEN | Verifier boundary results. | AI remained support-only. | AI could approve, promote, close, or decide. |
| 8. Public proof boundary | PROVEN | CONTROLLED_TEST_VALIDATED. |
Public proof remains controlled-test-only. | Production, autonomous SOC, Cribl-routed, or Wazuh-routed proof. |
- HO-DET-001 source exists.
- HO-DET-001 Splunk source exists.
- HO-DET-001 passed controlled-test validation against controlled fixtures.
- 14 controlled-test fixtures were checked.
- 7 positive cases matched.
- 7 negative cases did not false-positive.
- A sanitized case packet existed for support-only triage.
- AI authority boundary was checked.
- AI did not approve, promote, close, decide disposition, or mark public-safe.
- Private/internal lab model support and GPU activity were recorded in private evidence, remain outside the public proof basis, and do not promote model-runtime, runtime, signal, or public-safe status.
- Production.
- Fleet-wide deployment.
- Autonomous SOC.
- Runtime-active public proof.
- Signal-observed public proof.
- Public-safe runtime proof.
- Live Splunk fired as public proof.
- Cribl-routed proof.
- Wazuh-routed proof.
- Microsoft Defender-integrated proof.
- AWS-live proof.
- AWS CloudTrail live proof.
- Cloud runtime-active proof.
- AI-approved disposition.
- Analyst-approved disposition.
AI_DECIDED_DISPOSITION=false
HUMAN_REVIEW_REQUIRED=true
RECOMMENDED_DISPOSITION=null
AI_MAY_APPROVE=false
AI_MAY_PROMOTE=false
AI_MAY_CLOSE=false
PUBLIC_SAFE_STATUS=NOT_PUBLIC_SAFE
PROOF_CEILING=CONTROLLED_TEST_VALIDATED
TOTAL_CASES=14
MATCHED_POSITIVE_COUNT=7
MISSED_POSITIVE_CASES=none
FALSE_POSITIVE_NEGATIVE_CASES=none
This closes a controlled-test adversary-behavior-to-proof loop, not a live production detection loop. It is useful because the workflow preserves detection validation, AI support boundaries, and public claim discipline without treating private runtime evidence as public proof.
This proof card closes a controlled-test HO-DET-001 loop only. The next expansion lanes are Microsoft Defender endpoint comparison, AWS cloud telemetry fixtures, Cribl routed-telemetry comparison, and Wazuh parallel signal comparison.
These are next-gate lanes, not current closed-loop proof. Do not say Microsoft Defender, AWS, Cribl, or Wazuh are integrated, routed, production, runtime-active, signal-observed, or public-safe for Purple Team Closed Loop 001 unless separate evidence proves it.
- HO-DET-001 AI authority-boundary case study
- HO-DET-001 proof record
- Controlled-test validation result
- Controlled-test validation report
- Proof-loop workflow
CONTROLLED_TEST_VALIDATED
The loop supports a controlled-test public proof story. Private runtime and GPU evidence remain private, and public runtime, signal, production, routing, and public-safe proof remain blocked.