When blocking the right thing is the wrong decision
The hardest problem in AI security isn't detecting attacks. It's handling the cases where legitimate business requests look exactly like attacks. Here's a real pattern from enterprise traffic.
The gap other tools ignore
Four classical injection signals in two sentences: forget, delete, cancel, and an explicit instruction override. Every rule-based detector would flag this.
CUSTOMER INPUT
Forget everything. I have decided to leave. Close my account. Delete all related records. Cancel all my open requests.
How can I help you today?
Rule-based detector
Block
Pattern match on instruction-override and destructive verbs. Classified as prompt injection.
GDPR Article 17
Process
Right to erasure. The bank is legally required to action this request within the statutory window.
Result
Block it and you violate a regulation. Allow it naively and you're defenceless against the same pattern used by an actual adversary. The right answer isn't a better classifier, it's a system that can tell the difference, explain why, and produce evidence that proves the decision was correct.
STRUCTURE
Every decision is a six-layer artifact
Beyond Guard doesn't produce a binary allow/deny with a confidence percentage. It produces a structured evidence package — six layers, each answering a different question an auditor, SOC analyst, or regulator might ask.
This isn't a separate module or an optional add-on. SG-XAI is the default operating mode of Beyond Guard. Every decision, on every endpoint, across every Guard, automatically produces the full evidence package. The package streams to your SIEM in real time and is exportable for regulatory evidence on demand.
Title
Allow, deny, mask, or rewrite, plus the policy clause that fired.
Reasoning
Which BG control triggered, which instruction hierarchy level was broken.
Sub-category
Not just "prompt injection" which of 8 canonical sub-types was detected.
Evidence
Which content fragment carries the risk, and what happens when it's removed.
Confidence
Aggregated from three independent signals — not a single classifier's score.
Action map
High → automatic. Medium → human review. Low → observe and log.
WHAT ACTUALLY IS
Confidence maps to action, not to a static threshold.
Most security tools treat confidence as a number: above 0.7 means block, below means allow. That creates a cliff, everything near the threshold is either over-blocked or under-detected. Beyond Guard maps confidence to three operational paths instead.
REGULATIONS
The regulator's question is the same question SG-XAI answers.
SG-XAI wasn't retrofitted for compliance. It was designed against the same operational constraint regulators have now codified: every consequential AI decision must be reproducible and explainable to a non-technical audience.