Agentic fraud detection · technical brief
Fraud detection that actually holds up under attack.
Four specialist detectors, a calibrated fusion layer, adversarial stress testing, and a deterministic governance harness — built so SIU, compliance, and legal can trust every escalation Grivara makes.
Why legacy fails
The alert queue is not the problem. The signal behind it is.
Carriers don't need more alerts. They need alerts that survive scrutiny — with the evidence, graph context, and uncertainty honesty SIU needs to act without second guessing.
Fraud rings stay hidden
The most expensive schemes rarely look suspicious claim by claim. They show up as repeated provider, claimant, and timing connections spread across the portfolio — invisible to single-claim review.
Static detection decays
Rules and single-model fraud scores lose edge the moment bad actors learn what they react to. There is no mechanism to tell you the system's signal is getting brittle.
Evidence lives in silos
Notes, documents, photos, bills, weather events, and cross-claim relationships all matter, but they are rarely reviewed together — let alone at intake-time speed.
SIU drowns in noise
More alerts never help a finite SIU team. What matters is the confirmed-fraud yield per reviewed claim, and a queue that respects uncertainty rather than hiding it.
The stack
Four specialist detectors. One weighted fraud posture.
Each detector has its own role, its own schema, and its own confidence. They run in parallel on every claim — then fuse into a single recommendation with the disagreement penalty baked in.
Detector priority in the fused posture
Relative ordering shown · exact weights are tenant-tuned per carrier and per LOB
Layer 01
Graph collusion
Entity-graph traversal across the whole book.
Grivara connects claimants, providers, policies, addresses, and loss dates across your entire portfolio. Repeated connections and shared intermediaries surface as ring candidates — not one alert, but a coordinated case.
What it looks at
- Provider ↔ claimant edge repetition across unrelated claims
- Shared policy or address clusters with suspicious timing
- Intermediary nodes bridging otherwise-disjoint components
- Motif detection for known ring topologies
Layer 02
Tabular risk
Portfolio-baseline anomaly scoring.
Dozens of structured signals — reporting delay, cost outliers, repeat claimants, treatment frequency, prior SIU history — are scored against your own portfolio baselines. Every claim gets a consistent risk read, not an adjuster-by-adjuster guess.
What it looks at
- Reporting delay vs. line-of-business baseline
- Cost outliers against portfolio cohort distribution
- Claimant history density and repeat patterns
- Prior SIU outcome and override signals
Layer 03
Multimodal evidence
Cross-document contradiction detection.
Documents, notes, images, and structured fields are reviewed together. Grivara catches diagnosis-to-billing mismatches, photo-vs-narrative contradictions, phantom line items, and evidence conflicts that tabular scoring alone cannot see.
What it looks at
- Diagnosis ↔ billed procedure mismatches
- Photo content vs. loss narrative contradictions
- Phantom line items and duplicate billing
- Form-field conflicts across submitted documents
Layer 04
Adversarial stress
Robustness testing before escalation.
Before any referral, Grivara simulates how a sophisticated fraudster would try to evade the system — graph link injection, evidence camouflage, and chained attacks. If the score collapses under any of them, the case is held for human review.
What it looks at
- Graph link injection signal dampening
- Evidence camouflage signal suppression
- Mixed attack (both, chained)
- Sensitivity under bounded component perturbations
Fusion + uncertainty
Four detectors in, one calibrated recommendation out.
Grivara fuses the detector scores with carrier-tunable weights, penalizes the result by how much the detectors disagree, and abstains when that disagreement crosses your tenant's uncertainty threshold.
How fusion works
- Detector scores are combined under carrier-tunable weighting — no single lane can dominate a call.
- The result is penalized by how much the detectors disagree, so a shaky consensus never rides out as a confident score.
- When disagreement crosses your tenant's threshold, Grivara abstains and routes the claim to a specialist instead of forcing a brittle call.
Worked example · CL-48291
Detector disagreement
Graph and evidence detectors are calling fraud. Tabular and stress are not. The consensus is shaky.
Abstain → route to specialist
Grivara does not force a call on this claim. It ships a review packet with the full reasoning trail and routes to the fraud specialist lane.
audit_trace = [ "claim=CL-48291", "outcome=abstain", "reason=detector_disagreement", "config_version=v12", "shadow_mode=false", "actor=grivara.fraud.runtime", ]
Adversarial stress · the differentiator
Every fraud call is pressure-tested before it ships.
Before Grivara recommends a referral, it re-runs the claim through simulated attacks a sophisticated fraudster would use — then watches whether the fraud signal survives. If the score collapses under any of them, the case is held for human review instead of escalating on a brittle conclusion.
Graph link injection
Inject fake edges to dilute ring signal
graph_collusion · adversarial_stress
Evidence camouflage
Suppress multimodal mismatch signals
multimodal_evidence · graph_collusion
Mixed attack
Chain injection + camouflage
evidence · graph · stress
These metrics are emitted on every fraud-assessment run. Grivara is the only anti-fraud system we know of that makes attack-success and retention visible on a per-claim basis before escalation.
Governance harness
Nine hard gates between AI output and any consequential action.
The harness runs deterministically around every AI call — before the LLM sees the claim, and again before any recommendation ships. Nothing reaches SIU, legal, or an adjuster without passing every gate.
Pre-LLM · guardrails
Runtime · policy gates
Outcomes are one of allow · allow_with_notice · block · require_human_review. Every verdict is persisted.
Review packet · what SIU actually gets
- Component scores
- 4 detectors · score · confidence · rationale
- Fused score
- carrier-weighted fraud posture
- Uncertainty band
- detector disagreement signal
- Citations
- policy clauses · regulations · evidence atoms
- Graph context
- ring members · shared nodes · motif
- Decision trace
- config version · shadow mode · ablation
- Abstain reason
- if disagreement crosses threshold
- Audit bundle
- SHA-256 before/after · actor · config version
Every decision, override, and gate verdict is persisted with SHA-256 before / after snapshots, actor context, and the active governance config version — so compliance and legal can reconstruct any claim end-to-end.
Tenant control
Your carrier sets the thresholds. Grivara enforces them.
Governance lives in versioned profiles, scoped per carrier, line of business, and jurisdiction. Every change is a new immutable version — and every claim that Grivara assesses links back to the exact profile version that made the call.
Active governance profiles · Northstar Mutual
Property · Texas
Updated 3 days ago by sarah.chen
- Fraud detector thresholds
- Reserve authority limits
- TX prompt-pay & notice rules
- HITL approval lanes
Auto · California
Updated 2 weeks ago by mike.tovar
- Fraud detector thresholds
- Reserve authority limits
- CA recorded statement rule
- HITL approval lanes
Commercial Property · TX
Updated last quarter by legal.review
- Catastrophe response overrides
- Higher reserve authority
- Storm-event escalation
See it before you switch
Run Grivara alongside your existing fraud system before cutover. You'll see exactly which claims it would have referred, which rings it would have caught that you missed, and where it would have held back — without anything actually changing in production.
Your data stays yours
Every carrier's claims, override history, and governance settings stay fully separated. Grivara never blends one client's data, decisions, or thresholds into another's — and your team owns the keys to your tenant.
Replayable for any audit
When a regulator, your legal team, or an SIU lead asks how a claim was decided last March, you can replay it against the exact rules that were active that day — with the change history showing who updated what, when, and why.
How this compares
What a rules engine and a single-model scorer can't do.
| Capability | Legacy rules | Single-model scorer | Grivara |
|---|---|---|---|
| Cross-claim entity graph with ring motif detection | |||
| Portfolio-baseline tabular anomaly scoring | |||
| Cross-document multimodal contradiction detection | |||
| Adversarial attack simulation before escalation | |||
| Calibrated uncertainty + explicit abstain | |||
| Tenant-tunable governance gates + thresholds | |||
| Signed audit trail with actor + config version | |||
| Human-review handoff with structured review packet |
Next step
Bring a real fraud queue. We'll walk it through the whole harness.
Ship us a sample of anonymized claims and your SIU thresholds. We'll run the full pipeline — detectors, fusion, adversarial stress, governance, review packet — and show you where Grivara would have caught a ring, where it would have abstained, and where your incumbent would have fired a false positive.
- Anonymized sample claims
- Your SIU thresholds
- Full pipeline replay
- Side-by-side delta vs. incumbent
Typical walkthrough · 15 minutes · with your data