One agent is attacked. The whole fleet immunizes.

The biological analogy

A vaccine works by teaching the immune system to recognise a pathogen's signature without having to survive the disease first. Herd immunity extends that protection across a population: once enough members carry the recognition, the pathogen can't spread.

Sgraal's Memory Vaccination is the same idea for an agent fleet. The first agent to encounter a novel memory attack — an injection, a poisoning pattern, a cross-agent drift cascade — is where the “infection” is recognised. Sgraal turns that single detection into a reusable signature, and every other agent inherits the recognition without having to be attacked itself.

How it works

1. Detect. Sgraal's post-reconciliation detection layers flag a manipulated memory state on one agent (see Protect).
2. Extract. The distinguishing pattern of that attack is distilled into a compact signature — not the underlying content, just the recognisable shape of the attack.
3. Encrypt at rest. The signature is stored encrypted with AES-256-GCM. Signatures are protected both in transit and at rest; the recognition spreads, the raw attack material does not.
4. Immunize. On subsequent preflights across the fleet, the stored signatures let Sgraal recognise the same attack class immediately — before it reaches a decision.

Fleet phase — for the modellers

Memory attacks spread through a fleet the way an infection spreads through a population, so Sgraal models fleet memory health with an SIR-style (susceptible–infected–recovered) analog. A fleet sits in one of three phases:

• Sub-critical — healthy memory dominates; an attack on one agent stays contained.
• Critical — the fleet is near the tipping point where a compromise can begin to cascade.
• Super-critical — conditions favour spread; vaccination and quarantine matter most here.

Vaccination is what keeps a fleet sub-critical: each immunization removes susceptibility, the same way vaccination raises a population's herd-immunity threshold. The phase is computed per domain against a domain-specific critical threshold — surfaced via the fleet health-phase endpoint, with the calibrated thresholds kept server-side.

The observable surface

Vaccination happens automatically when a detection fires — there is no “upload an attack” endpoint. What you can observe and manage:

# List the vaccine signatures protecting a domain
curl -sS "https://api.sgraal.com/v1/vaccines?domain=customer_support" \
  -H "Authorization: Bearer $SGRAAL_API_KEY"

{ "domain": "customer_support", "count": 3, "vaccines": [ /* tenant-scoped */ ] }

# List agents currently flagged as compromised
curl -sS https://api.sgraal.com/v1/compromised-agents \
  -H "Authorization: Bearer $SGRAAL_API_KEY"

{ "count": 1, "agents": ["agent-117"] }

Signatures are tenant-scoped: you see and manage your own fleet's immunity. A signature can be retired with DELETE /v1/vaccines/{signature_id}, and an agent cleared with DELETE /v1/compromised-agents/{agent_id}, once remediated.

What this does not do