Skip to content
NBS Workshop

The 9 agents — AI Guardrail Lab line-up

The showcase office is the AI Guardrail Lab — nine purpose-built agents collaborating on AI incident analysis and guardrail design. The system was scoped to a partner brief and built as the workshop’s working artifact.

The line-up

1 · Incident Collector

Pulls and organises real-world AI incident cases from OECD AIID, AIAAIC, Stanford, Damien Charlotin. Stage-1 puller equivalent. Sonnet.

2 · Root Cause

Analyzes technical, process, and organizational factors. Walks back from harm to mechanism. Opus.

3 · Threat Modeling

Maps attack paths, abuse scenarios, damage vectors. STRIDE-style adversarial analysis. Opus.

4 · Guardrail Designer

Designs preventive, detection, blocking, and audit controls. Outputs a control set per incident family. Opus.

5 · Dev Process

Integrates guardrails into SDLC/PDLC workflows. Pre-commit hooks, CI gates, release checks. Sonnet.

6 · Policy-as-Code

Generates checklists, configs, hooks, and tests. The “code your policy” producer. Sonnet.

7 · Claude Hook

Automated checks for Claude Code and Claude Agent SDK. Concrete hook implementations. Sonnet.

8 · Evidence & Audit

Maintains decision trails, references, results, and approvals. Provenance keeper. Sonnet.

9 · Critic

Reviews for gaps, omissions, and blind spots. The “what’s missing” agent. Opus.

How they collaborate

A typical flow when an incident arrives:

1 Incident Collector  ──►  raw incident report
2 Root Cause          ──►  technical + process + org factors
3 Threat Modeling     ──►  attack paths from this incident family
4 Guardrail Designer  ──►  control set
5 Dev Process         ──►  where in the SDLC to insert controls
6 Policy-as-Code      ──►  checklists, configs, tests
7 Claude Hook         ──►  concrete hook code
8 Evidence & Audit    ──►  decision trail captured
9 Critic              ──►  what did we miss?

Sequential pipeline. Each agent reads what the prior agents wrote. The Critic at step 9 can trigger re-runs of any earlier step.

Why nine and not five

The original brief was for AI Incident Analysis and Guardrail Design Agents. We could have collapsed this into three super-agents (collector + analyzer + designer) but nine gives:

  • Per-agent budget control (Opus only where needed — Root Cause, Threat Modeling, Guardrail Designer, Critic)
  • Clearer SOUL boundaries
  • Easier per-agent extension — engineers can rewrite just the Critic without touching anything else
  • More legible audit trail — which agent wrote which claim
Modify a guardrail The Day 2 hands-on cookbook.
Add a tenth agent The Day 3 cookbook — extend this line-up.
Incident dataset The curated incidents the Collector ingests.
Analyzer SOUL example The SOUL template every one of these nine follows.

Applications, not platforms

The nine-agent Guardrail Lab is one application built on the substrate. The substrate stays the same; different teams build different offices on top. This is the first; many more emerge.