Most test suites verify that a system does the right thing when inputs are normal. FinBot adds a harder requirement: verify that the system notices when something wrong is happening, even when the wrong thing looks normal on the surface. That is what the CTF detector layer does. And testing it requires a different way of thinking. What Detectors Do Every event that flows through Redis Streams gets evaluated against a set of detectors. Each detector answers one question: did t

I've been working on FinBot CTF — an AI-powered financial platform built for the OWASP Agentic AI project. The goal is to explore what happens when you give AI agents real financial responsibilities: onboarding vendors, processing invoices, flagging fraud, and authorizing payments. But before I write about how I test it, I need to explain what I'm actually testing. Because the architecture is what makes this hard. What Does FinBot Do? FinBot is a vendor management portal