medOS Platform
Security & RUDS
Behavioral threat detection, fail-open
Rogue-user detection across all 16 services: a unified action-event stream, JSON-predicate detection rules, two-tier scoring and an AI second opinion that can flag but never block.
AI second-opinion (Haiku/Sonnet) for novel patterns — AI cannot block, cannot push to red tier. Inline scorer <50ms.
Capabilities
Unified user_action_events stream across auth, API, LLM and patient access
17 seed rules: credential, exfiltration, snooping, escalation, LLM abuse
Inline scorer <50ms + nightly batch + per-user baselines
AI second opinion: cannot block, cannot escalate to red, no PHI in prompts
SOC dashboard + step-up auth + identity-VPN add-on
Inside the SOC
Every action scored in under 50ms
The same dashboard your security officer watches — a live event tail, risk-tiered users, and an AI second opinion that can flag a novel pattern but never block. The stream below is running; filter it, drill into a flagged user, and lock an account.
Novel pattern. 3 registration clerks each opened the same VIP chart within 9 min of admission. No single rule fired — correlated across users.