Intent-aware Architecture¶
Merlin AI determines intent from two perspectives: the context of the action and the content of the action. This dual-perspective analysis is the foundation of all Merlin AI capabilities — from real-time detection with Merlin Detect to historical investigation with Merlin Investigate.
What Intent-aware Means¶
Traditional security systems evaluate actions against static rules or known attack patterns. Merlin goes further by understanding the purpose behind each action.
The AI analyzes two perspectives simultaneously:
- Application intent (context) — what the application expects at this point in the workflow
- User intent (content) — what the user actually provides or does
When a session originates from a JIT (Just-in-Time) access request, Merlin adds a third dimension: the task description from the JIT ticket. This tells Merlin what the user is supposed to do during the session, giving the AI a clear baseline to evaluate actions against.
When these perspectives align, the action is allowed. When they diverge, the system flags the action for review.
Intent analysis in practice
A user fills out a healthcare sign-up form with fields for name, email, marital status, and medical allergies.
Merlin first determines the application intent: this is a medical questionnaire, and the current field expects allergy-related information.
Merlin then evaluates the user intent: what the user types into the field. If the user enters a legitimate allergy (e.g., "penicillin"), the intents align. If the user enters an SQL query or a code snippet, the content violates the field's purpose and the action is flagged.
This approach catches both malicious actors (injecting attack payloads) and contextually incorrect input (entering an address into an allergy field) — without relying on signature databases or predefined rules.
Data Layers¶
Merlin organizes session data into three tiers. Each tier serves a different scope and purpose, enabling both real-time detection and deep historical investigation.
Hot Tier — Real-Time Context¶
The hot tier captures a single user action and its surrounding context at the moment it occurs. This unit of data is called a contextual bubble.
Scope: Single action within a single session
What a contextual bubble contains:
- The user's action (keystroke, click, form input)
- The surrounding application context (page structure, field purpose, workflow state)
- The JIT task description, when the session originates from a JIT access request
- The AI's intent assessment for that specific action
Contextual bubbles are lightweight by design. They capture only the information needed for immediate AI analysis, making real-time evaluation possible without performance impact.
The hot tier powers Merlin Detect.
Warm Tier — Session Journey¶
The warm tier aggregates a series of contextual bubbles within a single session, representing the user's journey through an application.
Scope: Multiple actions within a single session
Capabilities:
- Workflow discovery — understand how users navigate applications
- Workflow assistance — identify deviations from expected workflows
- Anomalous journey detection — flag sessions where the user's navigation pattern is unusual
Cold Tier — Historical Analysis¶
The cold tier stores contextually rich historical data across past sessions for a single user.
Scope: All sessions for a single user over time
What the cold tier contains:
- Raw session recordings (web, SSH, RDP)
- All contextual bubbles from the hot tier
- JIT access tickets with task descriptions
- Session metadata (date/time, duration, session type, server hostname)
The cold tier is the data foundation for Merlin Investigate, enabling cross-session investigation and behavioral analysis over time.
Data Layers Overview¶
| Data Layer | Session Scope | Context Scope | Data Sources |
|---|---|---|---|
| Hot Tier | Single session | Single bubble | Contextual bubble for web Contextual bubble for SSH Contextual bubble for RDP Optionally combined with task definition (JIT) |
| Warm Tier | Single session | Series of bubbles | Series of recent contextual bubbles Optionally on-demand access to file content, task definition, etc. |
| Cold Tier | Cross-session / Single user | All bubbles / All recordings | Recordings for web (RRWeb) + all bubbles Recordings for SSH (Asciinema) + all bubbles Recordings for RDP (Guacamole) + all bubbles Augmented with task definitions, helper services (AI), and metadata |
Merlin Detect vs Merlin Investigate¶
Merlin operates in two modes, each leveraging different data tiers:
Merlin Detect — real-time intent-aware anomaly detection using the hot tier. Every user action is evaluated as it happens, producing an immediate ALLOW or CHALLENGE result. See Merlin Detect.
Merlin Investigate — agentic intent-aware investigation using the cold tier. Security analysts query historical data through a conversational interface to investigate patterns, anomalies, and user behavior across sessions. See Merlin Investigate.
How This Differs From Traditional Approaches¶
| Approach | How it works | Limitation |
|---|---|---|
| Signature-based | Matches actions against a database of known attack patterns | Cannot detect novel attacks or zero-day exploits |
| Rule-based | Triggers alerts when predefined conditions are met | Requires manual rule creation; generates high false-positive rates |
| Behavioral baseline | Flags deviations from a learned "normal" behavior pattern | Adapts slowly; misses contextually inappropriate but statistically normal actions |
| Intent-aware (Merlin AI) | Evaluates whether an action aligns with the purpose of the current context; intercepts threats before they reach the target | Preemptive and context-aware — understands why an action is suspicious and stops it before execution |
Two key differences set Merlin apart. First, Merlin does not need to have seen an attack before to detect it — if an action does not match the intent of its context, the system flags it regardless of whether the pattern exists in any database. Second, because Excalibur proxies all access, Merlin evaluates actions before they reach the target system. Threats are intercepted preemptively, not detected after execution.
Next Steps¶
- Merlin Detect — how the hot tier powers immediate threat detection
- Merlin Investigate — how the cold tier enables deep historical analysis
- Deployment and infrastructure — how to deploy Merlin AI on your infrastructure