Mission control
for AI agents.
An AI agent makes a call that used to take a human, and most of the time it is fine. auditable is open-source oversight that sits outside the agent: it watches the consequential calls, catches the one that has drifted from what is true now, and steps in before it causes harm.
Open source and shipping. The first release, the method, and the benchmarks are public on GitHub and PyPI.
By
Yue Zhao, Assistant Professor of Computer Science at the University of Southern California. Leads the FORTIS Lab. Creator of PyOD.
42M+
PyOD downloads
9.8K+
PyOD GitHub stars
Adopted by OpenAI, Amazon, Walmart, Databricks, Apache Beam, and the European Space Agency.
Recommended in the US Department of Defense CDAO Generative AI Responsible AI Toolkit.
The hard part is not catching attacks. It is reconstructing why a non-adversarial decision was wrong.
Banks, hospitals, and claims offices are putting AI agents in the loop on decisions that used to take a human. Most of the time the agent is fine. Sometimes it produces a wrong answer that was perfectly internally consistent: every reasoning step was reasonable, every tool call was the one it usually makes, and yet the outcome was wrong, for a reason that is hard to see after the fact.
When that wrong answer surfaces months later in an audit or a regulator examination, the trace is usually gone, the model has been re-deployed twice, and the engineer who configured it left the firm. What is missing is a way to reconstruct the decision and stand behind it, long after the moment that produced it has passed.
In practice
A broker-dealer's surveillance agent clears a trading flag that should have escalated. The agent followed the firm's threshold rules, but the customer's KYC tier was provisional at decision time and is no longer treated that way. Three months later, FINRA opens a supervision review on the cleared flag. Can the firm show what happened, and why, before the regulator asks?
Same discipline, new setting.
The lab's work centers on one question: how do you keep AI systems inspectable, safe, and accountable when they ship to real production work? That agenda builds on a decade of anomaly and outlier detection at scale. PyOD is the clearest deployed example: a practical library used across fraud detection, intrusion analysis, operations, and scientific monitoring. Auditing the decisions AI agents make is where that discipline goes next. When an agent's call becomes part of the production system, the same posture applies.
For an agent's decision, the question is whether you can stand behind the call later, when the context it was made in is gone and someone asks you to account for it. The engineering posture that made PyOD trusted (reproducibility, scale, evidence quality) carries over directly.
auditable.
Audit any agent decision across its past, present, and future, on one typed graph.
auditable recovers an agent run as one typed graph and reads it at three points. Before deploy, it lints a declared plan for the structural risks a reviewer would miss. While the agent runs, it captures the dependency state a decision relied on, replays the decision against the state that is live now, and reverses the committed action through a rail when it no longer holds. After a run, it ranks the finished trace and names the one step the rest of the run rests on.
Your logs show what the agent did. auditable shows what it relied on. Most tools record the call; auditable re-decides under live state and rolls the stale action back.
The graph is measured against real agent runs. In GRADE, across six public agent corpora, the dependency layer predicts which runs fail at ROC-AUC 0.805 where run length carries no signal, and the execution layer localizes the faulting step at Top-3 0.614.
The approach builds on a decade of work on anomaly detection at scale (PyOD) and on benchmarking trustworthy machine learning (TrustLLM).
Status
Open source. v0.1.0 is on PyPI, with full docs and the GRADE benchmarks public. Building with AI agents in regulated workflows? The contact below is open.
Yue Zhao is an Assistant Professor of Computer Science at the University of Southern California, where he leads the FORTIS Lab. His research focuses on AI auditing: building methods, benchmarks, and open-source tools that make AI systems inspectable, safe, and accountable.
PyOD is Yue's most visible open-source system, with 42M+ downloads, 9.8K+ GitHub stars, use at OpenAI, Apache Beam, Amazon, Walmart, Databricks, and the European Space Agency, and recommendation in the US Department of Defense CDAO Generative AI Responsible AI Toolkit.
Other lab projects Yue has contributed to include TrustLLM (a trustworthiness benchmark for LLMs led by collaborators at the lab, cited in a US Senate committee report, a NIST special publication on adversarial machine learning, the US Department of Defense CDAO Generative AI Responsible AI Toolkit, the International AI Safety Report 2026, and three editions of the Future of Life Institute AI Safety Index), and the student-led agent-audit and Aegis.
FORTIS Labs is supported by the Foresight Institute, with research operations in Mission District, San Francisco.
Full bio and publication list at yzhao062.github.io.
hello@fortislabs.ai
Working with AI agents in regulated workflows (financial services, healthcare, claims handling, compliance review)? Reach out.