-
-
Logo
Inspiration
Artificial intelligence is rapidly transforming finance. AI systems are now responsible for approving refunds, monitoring fraud, performing identity verification, evaluating loan eligibility, and managing high-volume transaction workflows. However, while adoption is accelerating, reliability engineering has not kept pace. Most financial AI systems are evaluated using static benchmarks or manual testing approaches that do not quantify how models behave under adversarial stress, how failure rates evolve over time, or whether observed regressions are statistically meaningful. In high-stakes financial environments, hallucinations, false positives, false negatives, and silent policy bypasses can result in real economic and compliance risk. We identified a fundamental gap: teams deploying AI in finance lacked infrastructure to measure reliability with statistical rigor. Questions such as “Is this regression significant?” or “Is reliability drifting across versions?” were often answered qualitatively rather than quantitatively. MetroX was built to introduce disciplined reliability engineering into financial AI systems by combining adversarial testing, probabilistic modeling, drift detection, and statistical inference into a unified platform.
What it does
MetroX is a reliability engineering platform for financial AI agents and LLM-based systems that executes structured adversarial evaluation campaigns and converts raw execution behavior into statistically grounded reliability intelligence. Instead of performing isolated prompt checks or static benchmarking, MetroX launches finance-specific stress tests against workflows such as refund processing, chargebacks, identity verification, loan decisions, transaction monitoring, and wire transfers. These adversarial campaigns simulate realistic failure scenarios including refund abuse, identity mismatch, prompt injection, policy manipulation, and tool misuse, enabling controlled exposure of high-risk operational paths.
During execution, MetroX captures structured telemetry including response content, token usage, tool invocation traces, retrieval signals, latency metrics, and policy decisions. Multiple detection engines evaluate each execution, combining rule-based analysis, retrieval consistency validation, and model-judge scoring. These signals are fused into probabilistic multi-label failure outputs with associated confidence, disagreement, and uncertainty measures, allowing the system to move beyond binary pass-or-fail reporting.
MetroX then applies statistical reliability modeling to quantify behavior. It computes attack success rates and failure-type rates, constructs bootstrap confidence intervals, and evaluates whether observed changes between runs are statistically meaningful. If a failure rate shifts from 0.08 to 0.14, MetroX determines whether
$$ \Delta = 0.06 $$
represents a statistically significant regression or expected sampling variance. This ensures that release decisions are based on inference rather than intuition.
Beyond rate metrics, MetroX trains calibrated logistic regression models to estimate conditional failure probabilities:
\( P(\text{failure} \mid \text{runtime features}) \)
Calibration diagnostics such as Expected Calibration Error and Brier score are computed to ensure predicted risk probabilities align with empirical outcomes. Feature-level drivers are extracted to explain which operational signals most strongly influence failure risk.
To monitor longitudinal reliability, MetroX performs drift detection across runs and configuration versions using distributional comparison methods including Population Stability Index, Kolmogorov–Smirnov testing, and KL divergence:
\( D_{KL}(P \parallel Q) \)
Change-point detection is applied to score trajectories to identify silent behavioral degradation over time.
MetroX also integrates operational governance by tracking execution cost, enforcing budget ceilings, and supporting checkpoint-resume policies to prevent uncontrolled API spending during adversarial campaigns. Each evaluation produces structured analytics and downloadable reports summarizing failure rates, risk probabilities, calibration diagnostics, drift signals, and mitigation recommendations.
By combining adversarial testing, probabilistic modeling, statistical inference, drift detection, and cost governance, MetroX transforms financial AI evaluation from ad hoc experimentation into measurable, production-grade reliability engineering.
How we built it
MetroX was engineered as a modular reliability infrastructure system composed of three coordinated layers: a runtime execution plane, a statistical analytics plane, and an operational control plane. The backend is implemented in Python 3.13 using FastAPI and Uvicorn for API orchestration. PostgreSQL serves as the primary persistence layer, Redis powers the queue backend for distributed execution, and SQLAlchemy with Alembic manages schema evolution. The frontend is built using React 18 and TypeScript with Vite, providing a responsive control plane for launching evaluations, monitoring adversarial flows, and visualizing statistical outputs.
The runtime plane is responsible for structured adversarial execution. Evaluation runs are created through configuration snapshots and enqueued into a managed RunQueue that supports both in-process and Redis-backed execution. A RunOrchestrator coordinates benchmark generation, attack case construction, and target invocation. MetroX supports multiple target types including managed LLM runtimes, managed agent runtimes, OpenAI-compatible APIs, and generic HTTP endpoints through a unified adapter abstraction layer. This abstraction ensures that evaluation logic remains consistent regardless of the underlying model provider.
Adversarial testing is powered by AFK (Agent Forge Kit), our open-source multi-agent orchestration framework. AFK enables structured role-based collaboration among agents such as attacker, critic, verifier, fraud_analyst, and analyst. Instead of chaining prompts manually, AFK enforces deterministic orchestration policies, join semantics, controlled concurrency, tool policy enforcement, and cost ceilings. Multi-turn attack escalation is governed through explicit phase policies and role routing logic, ensuring reproducible adversarial stress testing across sessions. Telemetry from each role interaction is streamed and persisted for downstream analytics.
To ground testing in real-world financial risk, we built a finance-domain simulation pack under apps/test-agents. These agents emulate operational workflows such as refund handling, chargebacks, KYC verification, loan approval logic, transaction monitoring, and wire transfers. Each simulation encodes realistic policy boundaries and decision constraints, enabling MetroX to probe vulnerabilities such as refund abuse, identity mismatch, and manipulation of transaction rules in a controlled environment.
The analytics plane transforms runtime telemetry into structured statistical intelligence. Feature engineering extracts linguistic signals, token usage, tool invocation counts, retrieval metrics, and latency characteristics from each execution. Detection engines combine rule-based validation, retrieval consistency checks, and model-judge scoring into fused probabilistic labels. Reliability metrics are computed using bootstrap resampling to estimate confidence intervals for failure rates:
$$ \hat{p} = \frac{k}{n} $$
with interval estimation derived from repeated sampling to quantify uncertainty.
Risk modeling is performed using calibrated logistic regression to estimate conditional failure probability:
\( P(\text{failure} \mid X) = \frac{1}{1 + e^{-(\beta_0 + \beta^\top X)}} \)
Calibration diagnostics including Expected Calibration Error and Brier score decomposition are computed to validate predictive alignment between estimated probabilities and empirical outcomes.
Drift detection compares distributions across runs using Population Stability Index, Kolmogorov–Smirnov testing, and KL divergence:
\( D_{KL}(P \parallel Q) = \sum P(x) \log \frac{P(x)}{Q(x)} \)
Time-series change-point detection is applied to reliability score trajectories to identify statistically meaningful behavioral shifts.
The control plane enforces operational safeguards including encryption key lifecycle management, credential encryption, provider validation, cost accounting, and budget gating. Adversarial campaigns may be interrupted when budget thresholds are exceeded and resumed without duplication, ensuring cost stability during stress testing.
Through the integration of structured multi-agent orchestration, financial workflow simulation, statistical modeling, drift detection, and governance controls, MetroX was built as a reproducible and extensible reliability engineering system for production AI in finance.
Challenges we ran into
One of the primary challenges we faced was transforming AI evaluation from surface-level testing into statistically defensible reliability engineering. Generating adversarial prompts is relatively straightforward, but determining whether observed failures represent meaningful regressions required careful statistical design. We needed to distinguish signal from noise, particularly when failure rates fluctuate due to sampling variance. Ensuring that changes such as a shift from 0.08 to 0.14 in failure rate were evaluated with proper confidence estimation required bootstrap interval construction and inference-aware gating logic.
Another major challenge involved multi-detector fusion. We combined rule-based detectors, retrieval consistency checks, and model-judge evaluations into probabilistic labels. Balancing false positives and false negatives while exposing interpretable confidence and uncertainty metrics required iterative refinement. We had to ensure that disagreement scores and uncertainty measures were informative rather than misleading, especially in finance scenarios where over-reporting failures can be as harmful as under-reporting them.
Calibration under class imbalance also presented difficulty. Financial adversarial cases often contain skewed failure distributions, and naïve probability estimates can become overconfident. Implementing calibrated logistic regression with fallback strategies ensured that predicted risk probabilities aligned with empirical outcomes, but required careful validation and monitoring of metrics such as Expected Calibration Error and Brier score.
Drift detection posed another engineering challenge. Natural variance between adversarial campaigns can appear as behavioral change even when the system is stable. We implemented distributional comparison methods such as Population Stability Index, Kolmogorov–Smirnov testing, and KL divergence to quantify shifts:
\( D_{KL}(P \parallel Q) \)
However, setting thresholds that detect genuine degradation without triggering false alarms required extensive experimentation.
Operational constraints added further complexity. Adversarial testing can escalate API usage rapidly, especially in multi-turn attack scenarios powered by AFK. Embedding cost governance directly into orchestration — including budget ceilings, checkpoint-resume mechanisms, and deterministic run state tracking — required integrating statistical modeling with runtime control logic.
Finally, maintaining reproducibility across runs and configuration versions was non-trivial. We had to bind evaluation runs to configuration snapshots, enforce deterministic orchestration semantics, and persist structured telemetry so that comparisons across time were meaningful. Ensuring that adversarial campaigns were both extensible and reproducible required disciplined architectural separation between runtime execution, analytics, and control layers.
Accomplishments that we're proud of
One accomplishment we are particularly proud of is building a complete end-to-end reliability engineering pipeline rather than a single testing feature. MetroX does not simply generate adversarial prompts; it executes structured campaigns, captures runtime telemetry, performs probabilistic failure fusion, computes statistical confidence intervals, trains calibrated risk models, detects drift, enforces cost governance, and produces production-ready reports within a unified system. Integrating these components into a cohesive architecture required aligning runtime orchestration with statistical inference and operational safeguards.
We are also proud of the structured multi-agent adversarial framework powered by AFK (Agent Forge Kit). Instead of informal prompt chaining, adversarial evaluation is governed through deterministic role semantics, explicit join policies, concurrency controls, and cost ceilings. This enables reproducible multi-turn stress testing in financial workflows. The ability to simulate attacker, critic, verifier, fraud analyst, and analyst roles within a single orchestrated evaluation flow demonstrates that adversarial AI testing can be systematic rather than ad hoc.
Another achievement is the finance-domain simulation pack. By modeling refund workflows, chargebacks, KYC verification, loan approval logic, transaction monitoring, and wire transfers, we grounded adversarial testing in realistic financial policy boundaries. This allowed MetroX to surface vulnerabilities in operationally meaningful contexts rather than synthetic benchmarks. The system evaluates not just model output quality, but policy compliance, tool usage correctness, and workflow integrity.
From a statistical perspective, we are proud of integrating calibrated logistic regression and bootstrap-based confidence interval estimation directly into the evaluation lifecycle. Instead of reporting raw failure rates, MetroX quantifies uncertainty, evaluates statistical significance, and estimates conditional risk probabilities:
\( P(\text{failure} \mid X) \)
Calibration diagnostics such as Expected Calibration Error and Brier score ensure predictive validity. Drift detection using Population Stability Index, Kolmogorov–Smirnov testing, and KL divergence enables longitudinal reliability tracking rather than one-time testing.
Finally, we are proud that MetroX embeds operational discipline into AI evaluation. Budget ceilings, checkpoint-resume execution, deterministic configuration snapshots, and encrypted credential management ensure that adversarial testing is controlled, reproducible, and safe for production environments. The result is not a demo tool, but a foundational reliability infrastructure system for financial AI.
What we learned
Through building MetroX, we learned that AI reliability cannot be reduced to a single accuracy metric or a pass/fail test. In adversarial financial environments, failure modes are multi-dimensional and often subtle. A system can appear stable at an aggregate level while degrading under specific operational conditions. This reinforced the importance of measuring uncertainty and confidence rather than reporting raw rates alone. Statistical inference is not optional in high-stakes AI; it is necessary to distinguish meaningful regression from sampling noise.
We also learned that adversarial evaluation must be structured to be reproducible. Informal prompt chaining produces interesting outputs, but it does not produce reliable engineering signals. By enforcing deterministic orchestration semantics through AFK, we observed how controlled role specialization and explicit join policies improve repeatability and comparability across runs. Reproducibility is foundational for longitudinal analysis, especially when tracking drift and release gating decisions.
Another major lesson involved calibration and interpretability. Predicting risk without validating probability alignment can lead to overconfident systems. Implementing calibrated logistic regression and validating metrics such as Expected Calibration Error and Brier score highlighted how easily models can appear confident while being poorly calibrated. Reliable AI systems must not only predict outcomes, but quantify how trustworthy those predictions are:
\( P(\text{failure} \mid X) \)
We further learned that drift detection requires disciplined thresholding and contextual interpretation. Distribution shifts measured through metrics such as Population Stability Index or KL divergence:
\( D_{KL}(P \parallel Q) \)
must be evaluated against operational baselines rather than absolute values alone. Not every distributional change represents degradation; distinguishing natural variance from meaningful drift requires statistical grounding.
Finally, we learned that cost governance and operational safeguards must be embedded directly into evaluation systems. Multi-turn adversarial testing can escalate API usage rapidly, and without budget ceilings and checkpoint-resume logic, evaluation can become unstable. Reliability engineering is not just about statistical modeling; it requires architectural discipline across runtime execution, analytics, and control layers.
Building MetroX reinforced that AI systems deployed in finance require the same rigor applied to safety-critical software systems. Reliability must be measured, uncertainty must be quantified, regressions must be statistically validated, and evaluation workflows must be reproducible and economically controlled.
What's next for MetroX
The next phase of MetroX focuses on expanding from controlled adversarial evaluation into continuous reliability monitoring for production AI systems. We plan to integrate real-time evaluation hooks that allow financial AI agents to be monitored continuously rather than only during scheduled campaigns. This would enable rolling reliability metrics, live drift detection, and automated regression alerts when statistically significant changes are detected.
We also aim to enhance experiment design capabilities. Future versions will include power analysis utilities that estimate required sample sizes based on minimum detectable effect thresholds. Instead of guessing how many adversarial cases are needed, teams will be able to compute the number of samples required to detect a change ( \Delta ) in failure rate with specified statistical power. This strengthens release gating decisions and reduces unnecessary testing overhead.
Another priority is expanding the finance simulation pack into broader regulatory and compliance workflows, including anti-money laundering scenarios, transaction anomaly pipelines, and complex multi-step approval chains. By modeling more realistic operational graphs, MetroX will better approximate production environments.
On the analytics side, we plan to introduce more advanced causal analysis and counterfactual evaluation tools to better isolate which runtime features contribute most strongly to risk. This includes deeper feature attribution analysis and structured mitigation recommendation engines that suggest configuration changes when risk exceeds policy thresholds.
From an infrastructure perspective, we intend to strengthen scalability by improving distributed execution, optimizing queue backpressure strategies, and refining cost governance controls for large-scale adversarial campaigns. The goal is to make MetroX capable of evaluating enterprise-scale AI deployments without sacrificing statistical rigor.
Long term, our vision is for MetroX to become foundational reliability infrastructure for high-stakes AI systems, where adversarial evaluation, statistical inference, drift detection, and governance are integrated into every model release cycle rather than treated as optional testing steps.
Log in or sign up for Devpost to join the conversation.