Canopy

Category: Security

Canopy is a real-time, adaptive security layer designed to protect the emerging on-chain AI economy. Operating on Base mainnet, it functions as an immune system for AI agent transactions, specifically targeting novel fraud vectors that traditional, human-centric models cannot detect. The system continuously ingests and analyzes live x402 payment settlements involving USDC, building a dynamic understanding of normal machine-to-machine behavior.

At its core, Canopy employs a sophisticated unsupervised machine learning pipeline, utilizing HDBSCAN for density-based clustering and Gaussian Mixture Models (GMM) to model agent behavior without relying on pre-labeled data. This allows it to establish a baseline 'manifold' of legitimate agent activity and instantly flag any transactions that deviate. By learning what normal machine behavior looks like, it effectively identifies anomalies that would be misclassified by legacy systems, which often produce high false positive rates when applied to high-frequency, automated payments.

Canopy's risk assessment is powered by a multi-signal analysis engine that combines four distinct vectors unique to agent commerce: behavioral density scoring, ERC-8004 on-chain identity mismatch detection, drift analysis between a transaction's signed intent and its on-chain action, and counterparty graph analysis to uncover collusion rings. For each transaction, Canopy's API returns a simple 'accept', 'review', or 'block' decision, enabling developers to embed this security layer directly into their AI agent applications. Trained on live Base mainnet traffic, the model achieves 100% adversary detection with a low 1.8% false positive rate, and its performance continuously improves as it processes more transactions.

Key features:

• Unsupervised Anomaly Detection: Utilizes HDBSCAN and Gaussian Mixture Models to learn the baseline of normal AI agent behavior directly from on-chain data, without requiring pre-labeled training sets.
• Real-time Scoring API: Provides a simple API endpoint that returns an 'accept', 'review', or 'block' decision for every transaction, enabling seamless integration into agent workflows.
• Multi-Signal Risk Analysis: Combines four distinct signals for robust detection: behavioral density, on-chain identity mismatch, intent vs. action drift, and counterparty graph analysis.
• Live On-Chain Ingestion: Continuously scrapes and processes live x402 payment settlements from USDC on Base mainnet, ensuring the model is always trained on the most current transaction patterns.
• Graph-Based Collusion Detection: Analyzes the counterparty graph of transactions to identify and flag sophisticated collusion rings and coordinated fraudulent activities that appear normal in isolation.
• Adaptive Learning Model: The risk model continuously evolves and strengthens with every transaction scored, adapting to new patterns of legitimate and malicious agent behavior over time.

Tech stack: Base Mainnet, X402 Protocol, HDBSCAN, Gaussian Mixture Model (GMM), ERC-6004