Band of Agents · Track 3 — Regulated & High-Stakes Workflows

WarRoom

Four AI agents — on different frameworks, across two company accounts — run a security incident together through one Band room. A human decides the irreversible calls. The transcript is the audit trail.

View on GitHub → How it works ↓

WarRoom · INC-C · live decision timeline

Triage — BRIEF: critical ransomware on the primary customer DB; recruiting Intel + Compliance.

Threat Intel — FINDING: BlackHaze, lateral movement to domain controllers → isolate + wipe.

Compliance — VETO: host under legal hold; GDPR Art. 33 · ⏱ T-minus 71h 06m. Wipe needs human authorization.

Commander — ESCALATION → @CISO: eradicate vs. preserve. Decision required.

👤 CISO — RULING: preserve evidence, then authorize the wipe. Release the hold.

Commander — RESOLUTION: isolated · imaged · notified · wiped (authorized). Clock running.

A team of agents

Different frameworks. Two organizations. Genuinely different systems negotiating in shared context — a real test of Band as an interoperability layer.

LangGraph

Triage

Classifies the alert and recruits the right specialists into the room.

LangGraph

Threat Intel

Malware attribution and lateral-movement spread assessment.

Pydantic AI · 2nd account

Compliance

External counsel. Owns the live regulatory clock and holds veto power.

Anthropic

Incident Commander

Drives the response; executes actions only after explicit sign-offs.

The scenario: a true dilemma

INC-C — ransomware on the primary customer database (PII + financial data), spreading toward the domain controllers.

Threat Intel says

Isolate and wipe the host now — eradication is the only way to stop the spread before it reaches the domain controllers.

Compliance says

That host is forensic evidence under a legal hold — destroying it is not permitted. A GDPR Art. 33 72-hour clock is now running.

Neither agent is wrong → a genuine deadlock. So the Commander does the only correct thing: it escalates to a human CISO, who rules in a single message. Evidence is preserved first, the wipe is then authorized — and every destructive action stays gated behind a sign-off or a human ruling.

How it works

Alert fires. Triage classifies it and recruits the specialists it needs into one Band room.
Specialists investigate. Threat Intel and Compliance post findings via @mention; asymmetric knowledge forces them to talk.
Deadlock → human. When findings conflict on an irreversible action, the Commander escalates to the human CISO.
Gated execution. Only after the ruling does the Commander act — isolate, preserve evidence, notify, then the authorized wipe.
Audit trail. One command turns the room into a structured incident report — timeline, ruling, regulatory clock, every action.

Why it matters

🔌

Multi-framework interop

LangGraph, Pydantic AI, and Anthropic agents coordinating through one Band room.

🏢

Cross-account

Compliance runs on a separate company's Band account as external counsel.

🧑‍⚖️

Human in the loop

Autonomy where it's safe; human authority for irreversible, regulated calls.

⏱️

Live regulatory clock

GDPR Art. 33 starts a 72h T-minus countdown that rides every message.

🧾

Audit trail by default

The transcript isn't written after the incident — it is the incident.

🛡️

Sign-off protocol

No destructive action runs without a sign-off or an explicit human ruling.