Skip to content

Merlin Detect

Merlin Detect is the preemptive detection mode of Merlin AI. It evaluates every user action before it reaches the target system by constructing a contextual bubble — a compact representation of the action and its surrounding context — and determining whether the action aligns with the application's intent.

How Detection Works

Merlin Detect follows a three-step process:

  1. Capture — the system constructs a contextual bubble from the user's action and the surrounding application context (field purpose, page structure, workflow state). When the session originates from a JIT access request, the task description from the JIT ticket is included as additional context
  2. Evaluate — Merlin analyzes the bubble to determine whether the action's content matches the application's intent and, when available, the stated purpose of the JIT request
  3. Decide — the system returns one of two results:
    • ALLOW — the action aligns with the expected intent; the user continues without interruption
    • CHALLENGE — the action diverges from the expected intent; the system flags it for review

This evaluation happens inline, as a gating mechanism within the streamed session. Because Excalibur proxies all access, Merlin intercepts and evaluates actions before they are forwarded to the target system. Threats are stopped preemptively — the malicious action never reaches the target. The user experiences no delay for allowed actions.

Currently supported protocols

Merlin Detect is available for Vitro Web sessions. Support for SSH and RDP sessions is planned. See the protocol coverage table for current status.

What Users Experience

Allowed Actions

When an action passes evaluation, the user continues their session without any visible interruption. The evaluation happens transparently in the background.

Challenged Actions

When Merlin flags an action with CHALLENGE, the system can provide an explanation of why the action was challenged. This explanation includes:

  • The reason the action was flagged (e.g., "Input does not match the expected content type for this field")
  • The severity of the detection
  • Context about what the system expected vs. what it received

Screenshot needed

A screenshot showing the user experience during a CHALLENGE event will be added here — including the explanation dialog and available actions.

Types of Detections

Merlin Detect identifies both malicious and non-malicious anomalies:

Malicious input:

  • SQL injection attempts in form fields
  • Code snippets or script payloads in text inputs
  • Command injection through web application fields

Contextually incorrect input:

  • Entering an address in a medical allergy field
  • Pasting unrelated content into a structured form
  • Providing data that does not match the field's expected format or topic

Scope deviation (JIT-aware):

  • Accessing resources or performing actions outside the scope defined in the JIT access request
  • Navigating to application areas unrelated to the approved task description
  • Performing administrative actions when the JIT ticket specifies a read-only or diagnostic task

All types receive a CHALLENGE flag. The distinction between malicious input, contextually incorrect input, and scope deviation is reflected in the severity level and the explanation provided.

Triage Dashboard

When Merlin Detect flags anomalies, they appear in the triage dashboard where security analysts can review, investigate, and resolve flagged events.

Anomaly Status Workflow

Each detected anomaly follows a defined status workflow:

  1. Detected — Merlin has flagged an action; no analyst has reviewed it yet
  2. In Review — an analyst has opened the anomaly and is investigating
  3. Dismissed — the analyst determined the flag was a false positive or benign
  4. Confirmed Threat — the analyst confirmed the action as a genuine security concern

Context Bubbles in the Dashboard

Each flagged event in the triage dashboard includes a context bubble — a summarized view of Merlin's reasoning. Context bubbles show:

  • What the user did
  • What the application expected
  • Why Merlin flagged the action
  • The assessed risk level

This context helps analysts make faster, more informed decisions without rewatching full session recordings.

Screenshot needed

A screenshot of the triage dashboard showing the anomaly list, status workflow, and context bubble detail panel will be added here.

Session Timeline Integration

Anomaly events appear directly in the session timeline alongside other session events. You can filter the timeline to show only anomaly-related events:

  • Anomaly Detected — marks the point in the session where Merlin flagged an action
  • Session Resume — indicates the user continued after a challenge
  • Session Terminated — indicates the session was ended following a detection

Screenshot needed

A screenshot of the session timeline with anomaly detection events highlighted will be added here.

Response Policies

Planned feature

Configurable response policies — allowing administrators to define automatic actions per risk level (e.g., allow, challenge with explanation, or terminate session) — are planned for a future release.

Currently, detected anomalies are surfaced in the triage dashboard for analyst review. The system does not automatically terminate sessions based on detection results.

Supported Protocols

Protocol Merlin Detect
Web (Vitro)
SSH
RDP

Supported | Not yet supported

Next Steps