the fraud platform AI-Native Fraud Investigation Platform

Joseph Fluckiger — AI Principal Engineer

An AWS-native agent platform where Claude orchestrates the fraud platform’s internal tools to investigate fraud cases — with typed contracts, full tracing, and human approval for sensitive actions. The platform augments the investigation workflow, not the fraud engine.

Analyst
Agent Orchestration
the fraud platform Tools
Knowledge & Models
Control Plane
Infrastructure
Analyst Experience Layer
Internal Chat / Copilot
Natural language case investigation embedded in the analyst workflow
Platform API
Programmatic access for automated workflows and integrations
CLI Tools
Command-line investigation — fraud-platform crypto_new_account
analyst question + case context
Agent Orchestration — Claude on Bedrock + AgentCore
Router
Interprets analyst intent, selects workflow and tool path
Investigation
Evidence gathering via user search + cluster detection
Explanation
Risk synthesis from transaction + model explainers
Report
Drafts summaries, separates facts from signals
Guard
Validates evidence grounding, blocks unsupported claims
tool_use calls (parallel)
Typed Tool Layer — Pydantic schemas, RBAC, audit trails
closest_user_search
Find related profiles by shared identifiers — device, email, phone, IP. Multi-accounting detection.
cluster_search
Surface coordinated account clusters and fraud rings by shared attributes.
transaction_explainer
Plain-language summary of why a transaction was flagged, with top risk signals.
model_explainer
Feature importances and model-level insights for auditing risk scores.
evidence + explanations
Knowledge & Model Layer
RAG
Retrieval over SOPs, policies, prior case notes
the fraud platform Fraud API
docs.fraud-platform.io specification as grounding context
Bedrock
Nova (routing, extraction) + Claude (reasoning, synthesis)
SageMaker
Targeted fine-tuning for classification, structured output, report style
Control Plane
LangFuse
Traces every prompt, tool call, and output with nested spans
MLflow
Experiment tracking, model lineage, version control
Kafka
Event backbone — case.flagged → agent.investigate → case.resolved
IAM / KMS
Scoped access, encryption, secrets, immutable audit logs
Core guardrail: The agent cites which tool produced each finding. Unsupported claims are blocked or downgraded. The platform proposes; the system of record decides. Sensitive actions require analyst approval.

Investigation Workflow — Flagged Crypto Transaction

Agent Loop — from case.flagged to analyst report
EVENT
Case Flagged
$2,499 crypto purchase
2-hour-old account
device overlap
AGENT
Claude Evaluates
Reads case context
Decides which tools
to call
TOOL 1
closest_user_search
2 matches found
91% top similarity
shared device + IP
TOOL 2
cluster_search
ring_12 confirmed
3 accounts
coordinated signup
TOOL 3
transaction_explainer
High-risk merchant
New account + velocity
Network overlap
TOOL 4
model_explainer
device_overlap 34%
account_age 27%
velocity 18%
SYNTHESIZE
Investigation Report
Facts vs signals
95% confidence
Recommend: BLOCK
APPROVAL
Analyst Review
Block transaction
Freeze ring members
Human sign-off

Existing Fraud Platform — Source of Truth

Deterministic Systems — unchanged, augmented by AI layer
CatBoost Scoring
Risk scoring engine. Produces the fraud score that triggers case flagging. Not replaced by LLM.
Graph Analysis
Ring detection and entity relationships. Feeds cluster_search and closest_user_search tools.
Shapley Explainability
Model-level feature importances. Powers the model_explainer tool output.
Boundary: The AI layer handles routing, evidence gathering, synthesis, and report drafting. Fraud scoring, graph detection, model explainability, and state mutations remain deterministic. The LLM never directly mutates customer state.

Phased Rollout

PHASE 1
Copilot
Agents gather evidence and draft reports. Analysts approve everything.
PHASE 2
Semi-Autonomous
Low-risk tasks run automatically. High-risk actions still require approval.
PHASE 3
Autonomous SOPs
Mature workflows execute end-to-end. Humans focus on exceptions.