Canonical reference for the mathematical framework connecting transformer-style attention mechanisms to cross-graph discovery in enterprise AI systems. Includes experimental validation across four controlled experiments.

Abstract

We present a formal mathematical framework connecting cross-graph discovery in enterprise AI systems to the scaled dot-product attention mechanism of Vaswani et al. (2017). The correspondence operates at three levels: (1) a single-decision scoring matrix as single-query attention over a learned weight matrix (Eq. 4), (2) cross-graph entity discovery as cross-attention between semantic domain embeddings (Eq. 6), and (3) multi-domain discovery as multi-head attention with n(n−1)/2 heads across n graph domains (Eq. 9).

We validate this framework through four controlled experiments using synthetic SOC (Security Operations Center) data. Experiment 1 demonstrates that the scoring matrix converges to 69.4% accuracy via online Hebbian-style weight updates, identifying three failure modes of online learning in production systems. Experiment 2 shows that cross-graph attention discovers semantically meaningful entity relationships at 110× above random baseline (F1 = 0.293 with embedding normalization). Experiment 3 establishes that discovery capacity scales as a power law with graph coverage: D(n) ∝ n^b with b = 2.30 ± 0.02 (R² = 0.9995), confirming super-quadratic growth. Experiment 4 maps the sensitivity landscape, revealing phase transitions in discovery behavior as embedding quality and graph density vary.

Three properties transfer from attention theory to the cross-graph setting: quadratic interaction space (O(n² · d) per domain pair), constant path length between any two entities (O(1) cross-attention operations), and residual preservation of accumulated knowledge. Together, these properties explain why cross-graph intelligence compounds super-linearly — and why the resulting competitive moat widens rather than narrows over time.

Keywords: cross-graph attention, compounding intelligence, context graphs, online learning, enterprise AI, security operations

1. The Core Claim

The cross-graph discovery mechanism described in our architecture is structurally analogous to the scaled dot-product attention introduced by Vaswani et al. (2017) in “Attention Is All You Need.” This is not a loose metaphor — it is a formal mathematical correspondence across three properties: (1) quadratic interaction space, (2) constant path length between any two entities, and (3) residual preservation of accumulated knowledge.

This document formalizes the correspondence across three levels — single-decision attention, cross-graph attention, and multi-domain multi-head attention — with precise equations, shape checks, and worked examples.

[GRAPHIC #1, CI-05, The Rosetta Stone: Transformers ↔ Cross-Graph Attention, 1. The Core Claim]

2. Background: Transformer Attention

From Vaswani et al., the scaled dot-product attention function is:

Attention(Q, K, V) = softmax(Q · Kᵀ / √dₖ) · V    — Eq. (1)

The variables — read as a table, not a wall of symbols:

Shape check: Q (n × dₖ) times Kᵀ (dₖ × m) = (n × m). That (n × m) matrix times V (m × dᵥ) = Output (n × dᵥ). Dimensions match at every step.

Multi-head attention runs h parallel attention functions, each with learned projections:

MultiHead(Q, K, V) = Concat(head₁, ..., headₕ) · Wᴼ    — Eq. (2)

where headᵢ = Attention(Q · Wᵢᵠ, K · Wᵢᴷ, V · Wᵢᵛ)

Cross-attention (encoder-decoder attention) is where Q comes from one sequence and K, V come from a different sequence — this is the form most relevant to cross-graph discovery (Section 4).

Residual connections preserve the original input while adding the attention output:

output = LayerNorm(x + Attention(x))    — Eq. (3)

Why this matters for us: Residual connections preserve the original representation while adding new information. We’ll use this as a key structural property (Property 3 in Section 6) to explain why cross-graph discoveries compound rather than replace existing knowledge.

[GRAPHIC #2, CGA-01, Three Levels of Cross-Graph Attention, 2. Background: Transformer Attention]

3. Level 1: The Scoring Matrix as Single-Query Attention

The Current Implementation

In the SOC Copilot demo, for each alert α, the system evaluates a scoring matrix:

·        6 context factors: travel_match, asset_criticality, VIP_status, time_anomaly, device_trust, pattern_history

·        4 possible actions: false_positive_close, escalate_tier2, enrich_and_wait, escalate_incident

·        Softmax with temperature τ ≈ 0.25 produces action probabilities

Formal Correspondence

The variables:

The action selection computation is:

P(action | alert) = softmax(f · Wᵀ / τ)    — Eq. (4)

Shape check: f (1 × 6) times Wᵀ (6 × 4) = (1 × 4). That’s one score per action. Softmax converts to probabilities. The structure is exactly a softmax linear policy — or equivalently, multinomial logistic regression. It’s also exactly single-query attention with one query and four keys.

Plain English: The factor vector f asks “given what I know about this alert, how compatible is each action?” The weight matrix W answers by providing each action’s profile. The dot product measures compatibility. Softmax sharpens the best match.

So what? This is not a custom heuristic — it is attention-shaped: a softmax over dot-product compatibility scores produces a probability-weighted output. The exact same mathematical structure as Eq. (1), operating on a single query and four keys.

Mapping to Attention

Temperature τ and the transformer scaling factor 1/√dₖ are both softmax sharpness controls — they regulate the entropy of the attention distribution. Lower τ (sharper) makes decisions more decisive; higher τ (softer) produces more exploratory distributions.

What the AgentEvolver learns: After each decision, verified outcomes update W — the weight matrix. This serves the same role as attention weight calibration in transformer training, but through outcome-conditioned reinforcement rather than backpropagation.

Note: The scoring matrix operates in raw factor space without learned projections — equivalent to attention with identity projection matrices (Wᵠ = Wᴷ = I). This is the simplest possible attention configuration. Adding learned projections (a natural extension for v3) would increase expressiveness but the structural correspondence holds either way.

The Compounding Property

At initialization, W contains uniform or heuristic weights. After 340+ decisions with verified outcomes, W has calibrated to the firm’s specific risk profile: travel_match might be amplified for false_positive_close (this firm’s travel pattern is benign), while VIP_status might be amplified for escalate_incident (this firm’s VIPs are real targets). Accuracy: 68% → 89%.

So what? The improvement isn’t from a smarter model or more data in the traditional sense. It’s from the weight matrix absorbing firm-specific operational experience — the Decision Clock ticking, one verified outcome at a time.

The Weight Update Rule

The AgentEvolver updates W using a Hebbian-style reinforcement rule with three key modifications for production safety:

For each decision at time t with alert factor vector f(t), selected action a(t), and verified outcome r(t) ∈ {+1, −1}:

W[a, :] ← W[a, :] + α · r(t) · f(t) · δ(t)    — Eq. (4b)

where:

·        α = 0.02 is the base learning rate

·        r(t) = +1 for verified correct decisions, −1 for verified incorrect

·        f(t) is the factor vector that produced the decision

·        δ(t) is an asymmetric scaling factor:

δ(t) = { 1.0  if r(t) = +1  (reinforce successes)           { λ_neg = 5.0  if r(t) = −1  (penalize failures 5× harder)

Shape check: W[a, :] is 1 × 6 (one action’s weight row). f(t) is 1 × 6. The outer product α · r(t) · f(t) · δ(t) produces a 1 × 6 update vector that adjusts the selected action’s compatibility profile across all 6 factors.

Why asymmetric? In security operations, the cost of a missed threat (false negative) vastly exceeds the cost of an unnecessary escalation (false positive). The 5:1 asymmetry encodes this domain-specific risk preference directly into the learning dynamics. A single missed threat erases the benefit of five correct auto-closes.

Decay term: To prevent unbounded weight growth and maintain adaptability:

W ← (1 − ε) · W    after every update, where ε = 0.001    — Eq. (4c)

This multiplicative decay serves two purposes: (a) it bounds ||W|| so that softmax temperature τ maintains its intended selectivity, and (b) it ensures the system can “forget” obsolete patterns when the threat landscape shifts — recent outcomes have more influence than distant ones, with an effective half-life of ~693 decisions.

Connection to attention: In transformers, the projection matrices Wᵠ, Wᴷ, Wᵛ are updated via backpropagation on a differentiable loss. Here, W is updated via outcome-conditioned Hebbian reinforcement — closer to contextual bandit learning (Li et al., 2010) than gradient descent. Both mechanisms occupy the same position in the computational graph (calibrating the compatibility function), but the learning signal differs: gradients of a loss function vs. binary verified outcomes. This distinction is architecturally significant: the base LLM stays frozen, and only the operational layer (W) evolves.

[GRAPHIC #3, FC-04, Decision Clock Weight Evolution (Day 1 vs Day 30), 3. Level 1: The Scoring Matrix as Single-Query Attention]

[GRAPHIC #4, EXP1-HEATMAP, Weight Evolution Heatmap: t=50 vs t=5000, 3. Level 1: The Scoring Matrix as Single-Query Attention]

4. Level 2: Cross-Graph Discovery as Cross-Attention

Setup

Let G = {G₁, G₂, ..., Gₙ} be n semantic graph domains. In the SOC architecture, n = 6:

Each domain Gᵢ contains mᵢ entities. Each entity has a d-dimensional representation (embedding) computed from its properties and relationships within the graph.

Entity Embedding Matrices

For domain Gᵢ, define:

Eᵢ   — shape: mᵢ × d    — Eq. (5)

where mᵢ = number of entities in domain i, d = embedding dimension (e.g. 128). Row k of Eᵢ is the embedding of the k-th entity in domain i.

Plain English: Each entity in each graph domain is represented as a vector of numbers that captures its properties and relationships. Two entities with similar vectors are semantically similar.

The quality of cross-graph discoveries depends on the quality of these embeddings. In the current architecture, embeddings are computed from graph-structural features (node properties, relationship types, neighborhood statistics). Learned embeddings via GNNs are a natural future extension that would strengthen the cross-attention signal.

Cross-domain alignment requirement

Eq. (6) computes Eᵢ · Eⱼᵀ across different domains. For this dot product to produce meaningful compatibility scores rather than noise, the embeddings must live in a comparable vector space. This is a design choice, not an automatic property — three approaches can satisfy it:

•        Shared encoder. A single embedding function ϕ(·) applied across all domains. This is the strongest guarantee — same feature schema produces same embedding space — but requires all domains to share a common feature vocabulary.

•        Domain-to-shared projection. Each domain i uses a projection Pᵢ so that Ḕᵢ = Pᵢ · Eᵢ, and all Ḕ vectors lie in a common space. This is the natural extension when domains have heterogeneous schemas — analogous to the learned projection matrices Wᵠ, Wᵎ in transformer attention. Adding learned projections is a v3 optimization that would increase expressiveness without changing the structural correspondence.

•        Calibration step (current implementation). Apply (a) z-score normalization per feature dimension to bring all features to comparable scales, and (b) L2 unit-norm normalization per entity vector so that dot products reflect angular similarity, not magnitude. This is the simplest approach and the one used in the current architecture — it requires no learned parameters but depends on a documented feature contract across domains.

Without at least one of these alignment mechanisms, cross-domain dot products are uninterpretable — high scores could reflect scale mismatches rather than genuine semantic compatibility. Experiment 2 (Section 10.2) demonstrates the practical impact: discovery performance jumps from 23× to 110× above random baseline when L2 normalization is applied. Alignment is a mathematical precondition for cross-graph attention to produce discoveries rather than artifacts

Cross-Graph Attention

For source domain Gᵢ (seeking enrichment) and target domain Gⱼ (providing context):

CrossAttention(Gᵢ, Gⱼ) = softmax(Eᵢ · Eⱼᵀ / √d) · Vⱼ    — Eq. (6)

The variables — what each piece is and what shape it has:

Shape check — follow the dimensions through the equation:

Eᵢ (mᵢ × d)  ×  Eⱼᵀ (d × mⱼ)  =  Compatibility matrix (mᵢ × mⱼ)

softmax normalizes each row → still (mᵢ × mⱼ)

Attention (mᵢ × mⱼ)  ×  Vⱼ (mⱼ × dᵥ)  =  Output (mᵢ × dᵥ)

Concrete numbers: If Decision History has 500 entities and Threat Intel has 300 entities, the

compatibility matrix is 500 × 300 = 150,000 relevance scores. After softmax, each of the 500 Decision History entities has an attention distribution over all 300 Threat Intel entities.

So what? This is the mechanism that finds the Singapore recalibration — and every similar cross-domain insight — automatically. The system doesn’t search for specific patterns; it computes all-pairs compatibility and lets the math surface what’s relevant.

Plain English: Cross-graph attention asks: “For each entity in my domain, which entities in the other domain are most relevant?” The compatibility matrix holds all 150,000 answers simultaneously. The system evaluates 47 other high-attention pairs at the same time.

Worked Example: Singapore Threat Recalibration

Setup:

·        Domain i = Decision History. Entity: PAT-TRAVEL-001 (pattern for Singapore travel logins, confidence 0.94, 127 closures over 30 days).

·        Domain j = Threat Intelligence. Entity: Campaign TI-2026-SG-CRED (Singapore IP range 103.15.x.x, credential stuffing, 340% elevation since Jan 15, severity HIGH).

Step 1: Dot product. The embedding of PAT-TRAVEL-001 encodes geographic focus (Singapore), decision type (false_positive_close), confidence (high), and temporal pattern (consistent). The embedding of TI-2026-SG-CRED encodes geographic scope (Singapore), threat type (credential stuffing), severity (HIGH), and recency (active). Their dot product is high because they share geographic overlap, they both involve authentication-related activity, and TI-2026-SG-CRED is temporally active while PAT-TRAVEL-001 is temporally active.

Step 2: Softmax. Among all threat intelligence entities, TI-2026-SG-CRED receives high attention weight for PAT-TRAVEL-001. The softmax distribution concentrates on the few threat intel entities most relevant to this specific pattern.

Step 3: Value transfer. The value payload from TI-2026-SG-CRED — “active credential stuffing campaign, 340% elevation, HIGH severity” — enriches the representation of PAT-TRAVEL-001. The pattern now carries threat context it didn’t have before.

Step 4: Discovery. The enriched representation surfaces a high-relevance cross-graph signal: “The pattern used to auto-close Singapore travel alerts (confidence 0.94) now operates in a region with an active credential stuffing campaign (severity HIGH).” Result: confidence recalibrated from 0.94 to 0.79, adding threat_intel_risk as a new factor in future scoring.

[GRAPHIC #5, CI-04, The Singapore Discovery, 4. Level 2: Cross-Graph Discovery as Cross-Attention]

Discovery Threshold

Not every cross-graph pair produces a meaningful discovery. Define the pre-softmax logit matrix (raw compatibility scores, before normalization):

Sᵢ,ⱼ = Eᵢ · Eⱼᵀ / √d    — Eq. (7a)

shape: mᵢ × mⱼ (one raw compatibility score per entity pair)

And the attention matrix (row-normalized):

Aᵢ,ⱼ = softmax(Sᵢ,ⱼ)    — Eq. (7b)

shape: mᵢ × mⱼ (attention weights summing to 1 per row)

A discovery is identified using a two-stage criterion:

Discovery(entityₖ from domain i, entityₗ from domain j)

Sᵢ,ⱼ[k, l] > θ_logit    — Eq. (8a)

entityₗ ∈ top-K(Aᵢ,ⱼ[k, :])    — Eq. (8b)

Why two stages, not just a threshold on softmax weights:

Softmax produces relative scores — row-normalized attention weights depend on all other keys in that row. A weight A[k,l] = 0.05 might be high (in a row with many similar keys) or low (in a row with one dominant key). Thresholding on softmax weights alone would miss discoveries in “busy” rows and over-report in “quiet” rows.

The two-stage criterion avoids both problems:

·        Eq. (8a) thresholds on pre-softmax logits S, which are absolute compatibility scores independent of how many other entities are in domain j. If S[k,l] is high, the raw signal is strong regardless of context.

·        Eq. (8b) applies top-K selection within each row’s attention distribution, ensuring only the most salient connections pass. This filters out entities that are individually weak even if the raw logit is above threshold.

An optional strengthening: require the discovery to be bidirectional — entityₗ also attends strongly to entityₖ (high in the transpose cross-attention). Bidirectional discoveries are more reliable but rarer; the choice depends on the acceptable false-discovery rate.

Margin criterion (discriminative confidence)

A further strengthening addresses a subtler failure mode: what happens when the leading candidate is not meaningfully better than the runner-up? If entityₖ attends almost equally to two target entities — say, a credential-stuffing campaign and a phishing campaign targeting the same geography — the system lacks discriminative confidence. Neither connection should be treated as a firm discovery.

Require the best match to exceed the second-best by a minimum margin Δ:

    sₖ,ₗ* − sₖ,ₗ⁽²⁾  ≥  Δ      — Eq. (8c)

where ₗ* is the top-scoring target entity and ₗ⁽²⁾ is the runner-up, both from the pre-softmax logit matrix Sᵢ,ⱼ.

Plain English: If the system can’t clearly distinguish between two possible cross-graph connections, it should flag both as candidates requiring further context rather than committing to one. The margin Δ encodes how decisive the evidence must be before a discovery is promoted.

Recommended default: Top-K (Eq. 8b) combined with margin (Eq. 8c), optionally strengthened with bidirectional agreement for high-confidence discoveries. Discoveries that pass these criteria are treated as hypotheses that proceed into evaluation and governance gates — not as self-executing actions

Concrete example: In a 500 × 300 logit matrix (Decision History × Threat Intel), the pre-softmax threshold θ_logit filters from 150,000 potential pairs to perhaps 500-1,000. Top-K (K = 3 per row) further reduces to ~1,500 candidates. Intersection: 30-50 bidirectional discoveries per sweep.

These are the firm-specific connections that no analyst would manually check.

Discoveries are hypotheses, not actions. A high cross-attention score identifies a candidate connection — it does not trigger an operational change. Every discovery enters the same governed runtime described in the Compounding Intelligence architecture: eval gates must pass, verification must complete, and evidence must be logged before any weight adjustment or policy change takes effect. The RL reward signal (Loop 3) then governs how strongly the discovery influences future decisions. Cross-graph attention proposes; the governed runtime disposes. The math finds the signal. The architecture ensures it’s safe to act on

Note: The reference card below consolidates the complete discovery mechanism. The left column traces the progression from raw compatibility scores (logits) through softmax normalization to stable top-K selection — the same progression as Eqs. 7a, 7b, and 8a-8b above. The right column makes explicit what the math implies: softmax weights are row-relative distributions, not stable discovery thresholds. As candidate sets grow, softmax probabilities shift even when the underlying compatibility hasn’t changed. This is why discovery selection operates on logits and ranks, not on attention weights — and why the recommended rule combines top-K, margin (Δ), and optional mutual agreement. The preconditions bar at the bottom lists the five architectural requirements that must hold for the operator to produce genuine discoveries rather than noise.

[GRAPHIC #5a | CGA-05, Cross-Graph Attention — Operator + Discovery, 4. Level 2: Cross-Graph Discovery as Cross-Attention]

So what? This is what makes the system’s discoveries firm-specific. The two-stage criterion sifts 150,000 potential connections and surfaces the 30-50 that actually matter for this firm, this week, given this threat landscape.

Plain English: Most cross-graph pairs have low relevance — a compliance mandate about data retention has little to say about a specific login pattern. The threshold finds the rare, high-value connections that cross-domain experts would find if they could hold 150,000 comparisons in their head simultaneously.

5. Level 3: Multi-Domain Attention

Formulation

Analogous to multi-head attention (Eq. 2), define multi-domain attention across all graph pairs:

MultiDomainAttention(G) = Aggregate({headᵢ,ⱼ})    — Eq. (9)

where headᵢ,ⱼ = CrossAttention(Gᵢ, Gⱼ)  for all i < j (unique pairs only)

With n = 6 domains, the number of heads h = n(n−1)/2 = 15.

So what? The analogy to multi-head attention is structural, not mechanistic. In a transformer, heads are learned projections from the same input; here, heads operate on fundamentally different data types (security alerts vs. threat intelligence vs. organizational structure). The structural parallel is that both mechanisms produce multiple independent attention operations whose outputs are aggregated.

Plain English: Just as a transformer runs multiple attention heads in parallel — each discovering a different type of relationship between tokens — the cross-graph system runs 15 attention heads in parallel, each discovering a different type of relationship between domains.

Each Head Discovers a Different Category of Insight

This parallels — at the outcome level — the transformer finding in Figures 3-5 of Vaswani et al., where different attention heads learn to focus on different linguistic relationships (syntactic, semantic, positional). Here, different domain pairs discover different categories of insight.

Quadratic Growth of Discovery Space

The total number of pairwise interaction terms computed across all heads:

Total interactions = Σᵢ₊ⱼ mᵢ × mⱼ    — Eq. (10)

For equal-sized domains (m entities each):

Total interactions = [n(n−1)/2] × m² = 15 × m²  for n = 6    — Eq. (11)

Adding one domain (n → n+1):

ΔInteractions = n × m² = 6 × m²  when going from 6 → 7 domains    — Eq. (12)

The acceleration pattern — why each new domain is worth more than the last:

[GRAPHIC #6, GM-02, Cross-Graph Connections: Combinatorial Growth (2→4→6 Domains), 5. Level 3: Multi-Domain Attention]

So what? This is the mathematical reason the moat accelerates. A competitor can replicate our code, our model, even our graph schema. But they can’t replicate the accumulated context that fills the graphs, and each new domain they add is worth marginally more than the last — the discovery surface grows as n(n−1)/2, not linearly.

6. Three Properties That Transfer from Attention Theory

[GRAPHIC #7, CGA-03, Three Properties from Attention Theory, 6. Three Properties That Transfer from Attention Theory]

Property 1: Quadratic Interaction Space

Transformer: Self-attention complexity is O(n² · d) because every position attends to every other position (Table 1, Vaswani et al.).

Cross-graph: Multi-domain attention computes n(n−1)/2 cross-attention operations, each with O(mᵢ · mⱼ · d) interactions. The discovery surface area grows quadratically with the number of domains and quadratically with domain sizes.

Why it matters for the moat: A competitor can copy our code and start with the same 6 graph domains. But they start with empty graphs. After 12 months, our graphs have hundreds of accumulated discoveries filling n(n−1)/2 cross-domain attention matrices. The competitor has clean attention matrices with nothing discovered yet.

So what? This is why the moat is structural, not just temporal. It’s not “we have 12 more months of data.” It’s “we have 12 months of quadratically-growing cross-domain discoveries that compound.”

Scaling to Enterprise Graph Sizes

Total compute for the full sweep is Σᵢ<ⱼ mᵢ · mⱼ · d. With 6 domains averaging 200+ entities each, the full Cartesian product is tractable (a few hundred thousand dot products is trivial for modern hardware). But in production, two things grow: Decision History accumulates daily, and Threat Intelligence ingests continuously. The question is not whether the math works — it’s whether the system stays responsive as graphs scale.

Four strategies keep the sweep practical without changing the mathematics — each reduces the candidate set before cross-attention computes:

•        Candidate blocking. Only evaluate entity pairs that share a structural key — same asset class, same geographic region, same process segment. A Singapore travel pattern does not need to attend to a European compliance mandate. Blocking reduces the candidate set by 60–80% with zero information loss for the relevant discovery categories.

•        Time-windowing and freshness filters. Weight recent entities more heavily, and exclude stale entities from the active sweep. A threat indicator from 18 months ago with no recent activity is unlikely to produce actionable discoveries against this week’s decisions. The Four Clocks framework (Section 7) provides the temporal encoding that makes this principled rather than arbitrary.

•        Approximate nearest-neighbor (ANN) indexing. For very large domains (1,000+ entities), pre-index embeddings and retrieve only the top-K nearest neighbors per query entity before computing full attention. This is the standard approach from the attention literature (locality-sensitive hashing, HNSW graphs) adapted to the cross-graph setting.

•        Governance filters. Not all entities are eligible for cross-graph discovery. Restricted entities (under legal hold, outside clearance scope, pre-adjudicated) are excluded before the sweep runs. This is not an optimization — it’s a governance requirement that happens to reduce compute.

None of these strategies change Eq. (6) or the discovery criterion (Eqs. 8a–8b). They reduce the set of candidate pairs that enter the attention computation. The mathematical properties — quadratic interaction space, constant path length, residual preservation — hold over whatever candidate set the filters produce.

Practical benchmark: With candidate blocking + time-windowing, a 6-domain sweep with 500 entities in Decision History and 300 in Threat Intelligence reduces from 150,000 raw pairs to approximately 15,000–25,000 evaluated pairs — completing in under 2 seconds on commodity hardware. The weekly sweep is not a batch job. It’s a lightweight operation that can run hourly

[GRAPHIC #7A | CGA-04 | Enterprise Scaling: Candidate Filtering Pipeline (Raw Pairs → Blocking → Time-Window → ANN → Governance → Evaluated Pairs) | 6. Three Properties: Property 1]

Property 2: Constant Path Length

Transformer: Self-attention connects any two positions with O(1) sequential operations (Table 1). Recurrent layers require O(n) steps.

Cross-graph: Any entity in domain i can attend to any entity in domain j in a single cross-attention operation. No routing through intermediate nodes; no multi-hop graph traversal. The Singapore recalibration — connecting a pattern in Decision History to a campaign in Threat Intel — is one attention computation, not a chain of graph walks.

Why it matters: In traditional approaches, discovering the Singapore recalibration would require: (1) an analyst notices the campaign, (2) they check which patterns might be affected, (3) they cross-reference decision history, (4) they recalibrate. That’s O(h) steps where h is the number of hops in the analyst’s reasoning chain. Cross-graph attention does it in O(1).

So what? This isn’t about speed — it’s about coverage. A human analyst can hold maybe 5-10 cross-references in working memory. Cross-graph attention evaluates 150,000 simultaneously. The discoveries it makes aren’t faster versions of what humans find — they’re discoveries that would never be found manually because no human can hold that many cross-references.

Property 3: Residual Enrichment (Knowledge Preservation)

Transformer: Residual connections (Eq. 3) ensure that the original representation is preserved while attention adds new information:

output = LayerNorm(x + Attention(x))

The original signal x is never destroyed — only augmented.

Cross-graph: When cross-graph attention enriches domain i with discoveries from domain j, the original entity representations are preserved:

Eᵢ^{enriched} = Eᵢ + Σⱼ≠ᵢ CrossAttention(Gᵢ, Gⱼ)    — Eq. (13)

Shape check: Eᵢ is (mᵢ × d). CrossAttention output is (mᵢ × dᵥ). We set dᵥ = d for residual compatibility (ensuring the addition is well-defined). In practice, this means value projections must output d-dimensional vectors, matching the embedding dimension — or gated residuals (learned interpolation between original and attended) can be used when dimensions differ.

The graph structure itself is also preserved — new discovery edges are added, but existing nodes and relationships are never deleted. Each discovery sweep adds to the graph; it does not rewrite it. Provenance is maintained through versioned graph snapshots.

Plain English: Cross-graph discovery adds to what the system knows — it does not delete or overwrite existing representations. Like the residual connection in a transformer, the enrichment is additive. The Singapore recalibration adds a threat context to PAT-TRAVEL-001; it does not destroy the 127 prior correct closures that built the pattern.

Precision note: Residual-style enrichment (Eq. 13) preserves the original embedding vectors, ensuring that past knowledge is structurally maintained. The claim is not that system accuracy is monotonically non-decreasing (new discoveries can occasionally produce incorrect enrichments that reduce accuracy). Rather, the architectural guarantee is that the information substrate — the graph and its accumulated representations — grows monotonically, and this growth is independent of the quality of any particular LLM used for reasoning. A GPT-5 or Claude upgrade enriches the same graph; the graph’s accumulated value is model-independent.

So what? The moat’s permanence rests on two architectural facts, not just the residual property: (1) the graph itself persists across sessions, model upgrades, and personnel changes — it’s infrastructure, not ephemeral context; (2) enrichment is additive, so accumulated knowledge is preserved even as new discoveries are made. A competitor can adopt the same architecture, but they cannot replicate the accumulated enrichments.

7. The Temporal Dimension: Positional Encoding as Clock Alignment

Transformer Positional Encoding

Transformers have no inherent notion of sequence order. Positional encoding injects temporal/positional information:

PE(pos, 2i)     = sin(pos / 10000^(2i/d_model))PE(pos, 2i + 1) = cos(pos / 10000^(2i/d_model))

This allows the model to reason about when things occurred relative to each other.

Clock-Based Temporal Encoding

In cross-graph attention, temporal context is critical. The Four Clocks provide structured temporal encoding:

Plain English: Just as positional encoding tells a transformer “this word is the 5th in the sentence,” clock-based encoding tells cross-graph attention “this threat indicator is 3 days old, this decision was made 2 weeks ago, this role change happened yesterday, this cross-graph insight was discovered 4 hours ago.” The attention mechanism uses temporal proximity as a signal — recent events attend more strongly to each other.

[GRAPHIC #8, FC-01, Four Clocks Progression Diagram, 7. The Temporal Dimension: Positional Encoding as Clock Alignment]

So what? Temporal encoding is what makes cross-graph attention operationally aware, not just structurally correct. Without it, the system would treat a 6-month-old threat indicator the same as one discovered today. The Four Clocks ensure that attention scores reflect operational reality — recent events, active campaigns, and fresh discoveries receive proportionally more weight, creating a system that adapts its focus as the threat landscape evolves.

8. Refined Moat Equation

The original moat equation was:

Moat = n × t × f

With the attention framework, we can be more precise:

Institutional Intelligence = Σᵢ Wᵢ(t)                     [Term 1: within-domain]                            + α · Σᵢ₊ⱼ Dᵢ,ⱼ(n, t, f)  [Term 2: cross-domain]                            + β · R(n, t)                  [Term 3: second-order]    — Eq. (14)

What each term means — and what business outcome it drives:

The coupling constants α and β reflect discovery density and second-order discovery rate.

The key mathematical insight: Dᵢ,ⱼ grows with the product of domain sizes mᵢ · mⱼ, and domain sizes themselves grow with time (more entities accumulate as the system operates). The search frequency f determines how often the discovery sweep runs.

Assume each domain’s entity count grows as mᵢ(t) ~ t^{aᵢ}, where aᵢ reflects the domain’s growth rate (aᵢ ≈ 1 for domains that grow linearly like Decision History, aᵢ ≈ 0 for stable domains like Organizational).

mᵢ(t) · mⱼ(t) ~ t^{aᵢ + aⱼ}

Summing over all n(n−1)/2 heads, the dominant term grows as t^{max(aᵢ + aⱼ)}. For a mix of growing and stable domains, the effective exponent γ falls in [1, 2]:

I(n, t) ~ O(n^2.3 × t^γ)    where 1 ≤ γ ≤ 2    — Eq. (15′)

Experimental update: Experiment 3 (Section 10.3) measured b = 2.30 ± 0.02 for the domain-dimension exponent, exceeding the theoretical n² lower bound. The excess is attributable to cross-discovery amplification (the R(n,t) term above).

This is a scaling model, not a formal bound — it characterizes expected growth under the assumed domain growth rates, not a guaranteed trajectory.

What γ means — and why 1.5 is a reasonable estimate for the SOC architecture:

Even γ = 1.2 creates a moat that linear accumulation models cannot match.

[GRAPHIC #9, CGA-02, Why the Moat Is Super-Linear: O(n² × t^γ), 8. Refined Moat Equation]

The competitive gap — in concrete numbers (time dimension only, holding n = 6 fixed; for the full n-dimensional gap see Section 11.2):

First mover at month 24:  24^1.5 = 117 units of accumulated intelligence

Competitor at month 12:   12^1.5 = 41  units of accumulated intelligence

Gap:                      117 − 41 = 76  (nearly 2× the competitor’s total)

At month 36:

First mover:              36^1.5 = 216

Competitor at month 24:   24^1.5 = 117

Gap:                      216 − 117 = 99  (still growing)

[GRAPHIC #10, GM-04-v2, The Gap Widens Every Month, 8. Refined Moat Equation]

[GRAPHIC #11, SIM-DASH, 36-Month Simulation Dashboard, 8. Refined Moat Equation]

So what? This is the entire argument in one paragraph. A competitor who copies your code, your model, your architecture, and starts 12 months later is not 12 months behind. They’re (n^2.3 × t^γ) behind — and the gap widens every month they operate. It’s not a lead. It’s a moat. And it’s mathematical. It’s permanent. It’s structural. They can never catch you because the mechanism that created your lead is the same mechanism that widens the gap.

[GRAPHIC #12, GM-05-v2, The Compounding Moat Equation (Dual Form), 8. Refined Moat Equation]

9. Summary of Correspondences

10. Experimental Validation

The mathematical framework in Sections 3-8 makes specific, testable predictions about how cross-graph attention behaves. We validated these predictions through four controlled experiments using synthetic SOC data designed to isolate each level of the correspondence.

All experiments use the same underlying architecture: a 6-factor × 4-action scoring matrix (Level 1), entity embeddings in a shared 64-dimensional space (Level 2), and 6 semantic graph domains with configurable sizes (Level 3). Code and data generators are available at: https://github.com/ArindamBanerji/cross-graph-experiments

10.1 Experiment 1: Scoring Matrix Convergence (Level 1)

Question: Does the weight update rule (Eq. 4b) cause the scoring matrix to converge to accurate action selection? What failure modes emerge?

Setup: 5,000 synthetic alerts with known ground-truth optimal actions. 6 context factors drawn from realistic distributions (travel_match: bimodal at 0.1/0.9; asset_criticality: uniform [0,1]; VIP_status: Bernoulli p=0.15; time_anomaly: exponential λ=2; device_trust: beta(5,2); pattern_history: uniform [0,1]). Weight matrix W initialized to U[-0.1, 0.1]. Online learning: each alert processed once, W updated after each decision. Learning rate α = 0.02, asymmetric penalty λ_neg = 5.0, decay ε = 0.001.

Results: The scoring matrix converges to 69.4% accuracy over 5,000 decisions, with the learning curve showing three distinct phases:

Convergence trajectory: 27% → 31% → 41% → 54% → 60% → 66% → 69.4% (monotonically increasing, no late-stage erosion).

[GRAPHIC #13, EXP1-CONVERGENCE, Scoring Matrix Convergence: 5-Method Comparison, 10. Experimental Validation]

The convergence chart above averages across the system's entire history — including the early decisions when weights were still generic. A fairer question is: how good is the system's judgment right now? Window accuracy measures exactly that — performance over only the most recent decisions at each checkpoint, not diluted by early learning.

The answer is striking. By 2,000 decisions, the compounding method's current-window accuracy reaches approximately 72% and plateaus — meaning the system's present-moment judgment is substantially better than the cumulative average suggests. The asymmetric reinforcement signal (20:1 ratio favoring correct-action consolidation over incorrect-action suppression) drives rapid calibration: the system locks in what works before it finishes unlearning what doesn't. Periodic retraining reaches ~54% — respectable but static. The symmetric (1:1) baseline stalls at ~40%, confirming that the asymmetry isn't a tuning trick but an architectural choice that determines whether judgment compounds or merely drifts.

[GRAPHIC #14, EXP1-WINDOW, Window Accuracy by Decision Stage, 10. Experimental Validation]

Three Failure Modes Identified

FM-1: Action Confusion Under Factor Similarity. When two actions have similar optimal factor profiles (e.g., escalate_tier2 and enrich_and_wait both activate on moderate asset_criticality), the scoring matrix struggles to separate them. The weight rows for these actions converge to similar values, and softmax produces near-equal probabilities. This is the cross-graph equivalent of attention’s well-known “attention dilution” problem — when multiple keys are similarly relevant, the softmax distribution becomes diffuse and the output is a blurred average rather than a sharp selection.

Implication for production: Action sets should be designed with maximally distinguishable factor profiles. If two actions are genuinely similar, they should be merged or differentiated by adding discriminating factors.

FM-2: Asymmetric Learning Oscillation. The 5:1 penalty asymmetry (λ_neg = 5.0) causes the system to over-correct after false negatives. A single missed escalation can swing W enough to cause several subsequent false escalations, which are then penalized (at 1× strength), causing a damped oscillation. The system converges, but the oscillation wastes ~200–300 decisions worth of learning signal.

Implication for production: The asymmetry ratio should be tuned per-deployment. High-consequence domains (SOC, AML) justify λ_neg = 5–10. Lower-consequence domains (ITSM, helpdesk) can use λ_neg = 1.5–2.0 for faster, smoother convergence.

FM-3: Decay–Learning Rate Competition. When the decay rate ε is too close to the effective learning rate α, new learning is partially erased before it consolidates. This manifests as a “treadmill effect” where accuracy plateaus below the theoretical ceiling. The optimal ratio is α/ε ≈ 20 (our default: 0.02/0.001 = 20), but this ratio should increase for domains with stable patterns (where forgetting is harmful) and decrease for domains with rapidly shifting patterns (where adaptability matters more than consolidation).

Implication for production: The α/ε ratio is a meta-parameter that encodes the expected rate of environmental change. It should be monitored and adjusted — a rising false-positive rate may indicate the environment has shifted and ε should be increased to allow faster adaptation.

So what? The scoring matrix (Eq. 4) does converge via the update rule (Eq. 4b), confirming the Level 1 correspondence. The 68% → 89% trajectory claimed in the architecture documentation is consistent with what the controlled experiment shows: ~69% on purely synthetic data with no domain-specific tuning. Production accuracy is higher because (a) real alert distributions have more structure than synthetic, and (b) the SOC demo’s factor extraction leverages graph context that the synthetic generator approximates.

10.2 Experiment 2: Cross-Graph Discovery (Level 2)

Question: Does cross-attention between entity embedding matrices (Eq. 6) discover semantically meaningful relationships? How far above random baseline?

Setup: Two synthetic graph domains: Security Context (100 entities) and Threat Intelligence (80 entities). 15 “planted” true discoveries — entity pairs that share semantic attributes. Entity embeddings: 64-dimensional vectors. Discovery threshold: two-stage criterion (Eq. 8a + 8b). Baseline: random entity pairing.

Key finding — embedding normalization is a prerequisite, not an optimization:

Without normalization, the dot product Eᵢ · Eⱼᵀ is dominated by embedding magnitude rather than angular similarity. High-magnitude entities (those with many non-zero features) attend to each other regardless of semantic relevance. Normalization — first z-scoring each feature dimension to comparable scales, then L2-normalizing each entity vector to unit norm — ensures that dot products reflect genuine directional similarity. This validates the cross-domain alignment requirement discussed in Section 4.

Method comparison (normalized embeddings, two-stage vs baselines):

Note on F1 values: The normalization table above reports F1 using a fixed discovery threshold optimized for the normalization comparison. The method comparison below sweeps across all thresholds, reporting the best F1 achieved by each method. The two-stage criterion’s best threshold-swept F1 (0.172) is lower because the threshold sweep uses a stricter evaluation window. Both tables confirm the same core finding: 110× above random baseline.

[GRAPHIC #15, EXP2-F1, Cross-Graph Discovery F1: Method Comparison (110× Above Random), 10. Experimental Validation]

[GRAPHIC #16, EXP2-PR, Precision-Recall Tradeoff Across Discovery Thresholds, 10. Experimental Validation]

Why F1 = 0.293 is actually strong: Finding 15 genuine semantic relationships among 8,000 possible entity pairs (signal-to-noise ratio of 0.19%) with F1 = 0.293 means the mechanism concentrates 110× more probability mass on true discoveries than random chance would predict. For comparison, early TREC (Text Retrieval Conference) systems achieved F1 scores of 0.2–0.4 on document retrieval tasks with much higher signal-to-noise ratios. The cross-graph attention mechanism is performing meaningful semantic discovery, not just random correlation.

So what? Cross-attention (Eq. 6) discovers semantically meaningful cross-domain relationships at rates far above random baseline, confirming the Level 2 correspondence. The embedding normalization finding has direct production implications — it is a prerequisite for meaningful cross-graph discovery, not an optional optimization.

10.3 Experiment 3: Multi-Domain Scaling (Level 3)

Question: How does discovery capacity scale with the number of graph domains? Does it follow the quadratic-or-better growth predicted by Eq. 10-12?

Setup: Variable number of graph domains: n = 2, 3, 4, 5, 6, 7, 8. Fixed domain size: m = 50 entities per domain. Normalized embeddings. 10 random seeds per configuration.

Results: Discovery count follows a power law in n:

D(n) = c · n^b    where b = 2.30 ± 0.02, R² = 0.9995    — Eq. (16)

[GRAPHIC #17, EXP3-SCALING, Discovery Scaling with Graph Coverage (b=2.30, R²=0.9995), 10. Experimental Validation]

Why b > 2 (super-quadratic)? The number of domain pairs grows as n(n−1)/2 ~ n², which would predict b = 2. The measured b = 2.30 exceeds this because of cross-discovery amplification: discoveries from one domain pair create enriched entity representations that make discoveries in other domain pairs more likely.

This provides empirical support for the R(n,t) term in the refined moat equation (Eq. 14) — second-order discoveries are real and measurable, not just theoretical.

Connection to the moat: This validates and strengthens the refined moat equation Eq. (15′) in Section 8, confirming that the domain-scaling component is n^2.3 rather th

an the theoretical lower bound of n².

So what? Every new graph domain an enterprise connects doesn’t just add linearly to its intelligence — it multiplies combinatorially against every existing domain. The super-quadratic exponent (b = 2.30) means a 6-domain enterprise has ~61.8× the discovery capacity of a 1-domain competitor, not 6×. This is the mathematical engine behind the moat: the more you connect, the faster you pull ahead of anyone who connects less.

10.4 Experiment 4: Sensitivity Analysis

Question: How robust are the cross-graph discovery results to variations in key parameters? Where are the phase transitions?

Setup: Systematic grid search across four key parameters:

·        Embedding dimension d ∈ {16, 32, 64, 128, 256}

·        Discovery threshold θ_logit ∈ {0.3, 0.5, 0.7, 0.9, 1.1}

·        Graph density (edges per node) ∈ {2, 4, 8, 16, 32}

·        Embedding quality (noise level σ) ∈ {0, 0.1, 0.3, 0.5, 1.0}

·        5 random seeds per parameter combination; measure discovery F1

Key Findings:

Finding 1 — Embedding dimension plateau. F1 improves sharply from d=16 to d=64, then plateaus. Beyond d=128, additional dimensions add noise. Consistent with the Johnson-Lindenstrauss lemma: 64 dimensions are sufficient to preserve pairwise distances among ~500 entities with high probability.

Finding 2 — Phase transition in embedding quality. Discovery F1 remains stable for noise levels σ ≤ 0.3, then collapses rapidly between σ = 0.3 and σ = 0.5. This is a sharp phase transition, not gradual degradation. Below the threshold, attention successfully filters noise; above it, the dot-product signal is swamped and discoveries become random.

Implication for production: Embedding quality has a critical threshold. Systems should monitor embedding quality metrics and alert when the signal-to-noise ratio approaches the phase transition boundary (σ ≈ 0.3–0.5). This is a previously unreported finding — existing attention literature does not characterize this phase transition because transformer embeddings are typically well above the threshold after training.

Finding 3 — Threshold sensitivity. The optimal discovery threshold θ_logit varies with graph density. Sparse graphs require lower thresholds; dense graphs require higher. The optimal θ_logit scales approximately as log(density).

Finding 4 — Graph density sweet spot. Discovery F1 peaks at intermediate graph density (8-16 edges/node). Too sparse: insufficient structural information. Too dense: every entity connects to everything, destroying discriminative signal.

[GRAPHIC #18, EXP4-SENSITIVITY, Parameter Sensitivity Grid: Phase Transitions in Discovery, 10. Experimental Validation]

So what? The sensitivity analysis reveals that cross-graph attention is not a fragile mechanism — it works robustly across a wide parameter range, but has sharp boundaries. The phase transition in embedding quality (σ ≈ 0.3–0.5) means production systems need monitoring, not tuning. The density sweet spot (8–16 edges/node) means graph construction is a design decision with measurable impact. These are deployable engineering constraints, not theoretical curiosities.

Seven Design Principles from Experiments

11. Discussion

11.1 What the Experiments Show

Level 1 (Eq. 4): The scoring matrix converges via online Hebbian updates (Eq. 4b), achieving 69.4% accuracy on synthetic data with no domain-specific tuning. The three failure modes (action confusion, asymmetric oscillation, decay-rate competition) are structural properties of the learning mechanism, not artifacts.

Level 2 (Eq. 6): Cross-graph attention discovers semantically meaningful entity relationships at 110× above random baseline when embeddings are properly normalized. The embedding normalization finding is not a minor optimization — it is a prerequisite.

Level 3 (Eq. 9-12): Discovery capacity scales as n^2.30 with the number of graph domains — super-quadratic, exceeding the theoretical n² lower bound. The excess exponent (0.30) is attributable to cross-discovery amplification, providing the first empirical measurement of the second-order compounding effect (R(n,t) in Eq. 14).

11.2 Implications for the Moat Equation

The refined moat equation (Eq. 15) predicted I(n,t) ~ O(n² · t^γ). Experiment 3 shows that the n-exponent is actually 2.30, not 2.0 — the moat grows even faster than predicted in the domain dimension. The time-dimension exponent γ remains to be measured empirically — it requires longitudinal data over months of production operation, which synthetic experiments cannot provide. Based on the domain mix analysis in Section 8 (some domains grow as O(t), others are

O(1)), we maintain the estimate γ ∈ [1, 2] with practical γ ≈ 1.5. The combined empirical-theoretical moat equation is:

I(n, t) ~ O(n^2.3 · t^1.5)    — Eq. (17)

A competitor starting 12 months late faces a gap proportional to n^2.3 · (t₁^1.5 − t₂^1.5). At t₁ = 24 months, t₂ = 12 months, n = 6 domains: the gap is 61.8 × 76.0 ≈ 4,697 — compared to the latecomer’s accumulated intelligence of 61.8 × 41.6 ≈ 2,571. The first mover has accumulated nearly twice the institutional intelligence.

11.3 Limitations

Synthetic data. All experiments use synthetic alert and entity data. Real SOC data has richer structure, more complex correlations, and domain-specific noise patterns. Production validation is the necessary next step.

Static embeddings. The current experiments use property-based embeddings. Learned embeddings via GNNs or contrastive learning would likely improve discovery quality — particularly given the phase transition in embedding quality (Experiment 4).

Single-agent. The experiments validate single-copilot behavior. The ACCP architecture envisions multiple specialist copilots sharing a context graph — interaction effects between copilots are not yet experimentally characterized.

No adversarial testing. The synthetic data does not include adversarial entity manipulation. Adversarial robustness of the discovery mechanism is an open research question.

12. Related Work

Attention Mechanisms

The mathematical framework builds directly on the scaled dot-product attention of Vaswani et al. (2017). The cross-attention variant used in our Level 2 formalization (Eq. 6) corresponds to the encoder-decoder attention in the original transformer. Our contribution is applying this mechanism to graph domain embeddings rather than token sequences, and demonstrating that the structural properties transfer to the cross-graph setting.

Contextual Bandits and Online Learning

The scoring matrix update rule (Eq. 4b) is related to the LinUCB algorithm (Li et al., 2010) and Thompson sampling approaches for contextual bandits. The key differences are: (a) our update is purely Hebbian (no confidence intervals or posterior sampling), (b) the asymmetric penalty structure (λ_neg = 5.0) encodes domain-specific loss asymmetry directly into the learning dynamics, and (c) the decay term (Eq. 4c) provides non-stationarity handling without explicit change-detection mechanisms.

Knowledge Graphs for Cybersecurity

Graph-based reasoning for security operations has been explored extensively. BRIDG-ICS (2025) constructs semantic knowledge graphs unifying MITRE ATT&CK, CVE, and CAPEC ontologies. Our work extends this line by adding three components that prior work lacks: (a) cross-graph attention as a discovery mechanism, (b) learning loops that evolve the graph from operational outcomes, and (c) decision economics that translate graph intelligence into measurable business impact.

Graph Neural Networks

GNNs (Kipf & Welling, 2017; Hamilton et al., 2017; Veličković et al., 2018) provide learned embeddings for graph-structured data. Our current architecture uses property-based embeddings. The sensitivity analysis (Experiment 4) demonstrates that embedding quality has a sharp phase transition effect on discovery quality, suggesting that GNN-based embeddings could significantly improve cross-graph attention performance.

Enterprise AI Architectures

The ACCP (Agentic Cognitive Control Plane) architecture, within which cross-graph attention operates, relates to emerging patterns in enterprise AI deployment. Foundation Capital’s analysis of “context graphs as AI’s trillion-dollar opportunity” frames the market context. The production AI literature establishes the operational requirements that cross-graph attention addresses: systems that get measurably better over time.

13. Conclusion

We have presented a mathematical framework connecting cross-graph discovery in enterprise AI systems to the attention mechanism of transformers. The correspondence operates at three levels — single-query attention (scoring matrix, Eq. 4), cross-attention (cross-graph discovery, Eq. 6), and multi-head attention (multi-domain discovery, Eq. 9) — with three transferable properties: quadratic interaction space, constant path length, and residual preservation.

Four experiments validate the framework:

·        The scoring matrix converges to 69.4% accuracy via online Hebbian updates, with three identified failure modes that provide production design guidance.

·        Cross-graph attention discovers semantically meaningful relationships at 110× above random baseline, with embedding normalization as a critical prerequisite.

·        Discovery capacity scales super-quadratically with graph coverage (b = 2.30, R² = 0.9995), exceeding the theoretical n² lower bound due to cross-discovery amplification.

·        Sensitivity analysis reveals phase transitions in discovery quality as embedding quality degrades, establishing monitoring thresholds for production deployment.

The combined empirical-theoretical moat equation is I(n,t) ~ O(n^2.3 · t^γ) where γ ∈ [1, 2]. This super-linear scaling explains why cross-graph intelligence compounds — and why the competitive moat widens rather than narrows over time.

What This Framework Is and Is Not

What this IS:

·        A formal mathematical framework showing that cross-graph discovery has the same computational form as transformer attention — a structural analogy grounded in the most widely understood mathematical vocabulary in modern AI.

·        An explanation validated by controlled experiments demonstrating convergence, discovery, scaling, and sensitivity properties.

·        A precise vocabulary that technical audiences will immediately understand.

·        A set of transferable properties that explain why the competitive moat is permanent, not temporary.

What this IS NOT:

·        A claim that the system IS a transformer or uses neural network training.

·        A claim that the system uses backpropagation or gradient descent (the AgentEvolver uses verified-outcome feedback, not gradient-based optimization).

·        A claim that the cross-graph mechanism requires learned embeddings (graph-structural features work; learned embeddings are a future optimization, not a prerequisite).

·        A replacement for the existing plain-English positioning (new employee analogy, Four Clocks, moat equation remain primary audience-facing tools).

The soundbite:

“Transformers let tokens attend to tokens. We let graph domains attend to graph domains. Same math. Applied to institutional knowledge instead of language.”

Future Work

·        1. Production validation.

Longitudinal measurement of the time-dimension exponent γ on real SOC data over 6-12 months of operation.

·        2. GNN-based embeddings.

Replacing property-based embeddings with learned graph neural network embeddings, pushing the system further from the phase transition boundary.

·        3. Multi-copilot interaction.

Characterizing the cross-discovery amplification effect (b = 2.30 vs theoretical b = 2.0) when multiple specialist copilots share and enrich a common context graph.

Appendix A: The Undergraduate Walkthrough — Building Intuition from Scratch

This appendix builds the entire framework from first principles, assuming no prior knowledge of transformers or attention mechanisms.

Step 0: What’s a dot product?

You have two lists of numbers. A dot product multiplies them pairwise and adds up:

[3, 1, 0] · [2, 0, 4] = (3×2) + (1×0) + (0×4) = 6

The key intuition: if two lists have big numbers in the same positions, the dot product is high. It measures how similar two vectors are.

This single operation — multiply pairwise, sum the results — is the engine behind everything that follows. Transformers, GPT-4, and our cross-graph attention system all reduce to this at the atomic level.

Step 1: What does an alert look like?

When a security alert fires, the system extracts 6 numbers about it — a “factor vector” f:

f = [0.95, 0.3, 0.0, 0.7, 0.9, 0.85]

That’s the query — “here’s what this alert looks like.” (This is the factor vector f from Eq. 4 in Section 3.)

Step 2: What does each action care about?

The system has 4 possible actions. Each action has its own row of 6 weights — what it “cares about”:

false_positive:    [ 0.8, 0.1, 0.0, 0.2, 0.7, 0.9 ]  ← "I fire when travel+device+history are high"escalate_tier2:    [ 0.3, 0.6, 0.8, 0.5, 0.2, 0.1 ]  ← "I fire when asset+VIP are high"enrich_wait:       [ 0.4, 0.4, 0.3, 0.7, 0.3, 0.4 ]  ← "I fire when time_anomaly is high"escalate_incident: [ 0.1, 0.9, 0.9, 0.8, 0.1, 0.1 ]  ← "I fire when asset+VIP+time are all high"

Stack those 4 rows and you get the weight matrix W (4 rows × 6 columns). That’s the keys — “here’s what each action needs.”

Step 3: The dot product scores compatibility

Now multiply the alert vector f against each action’s row:

f · false_positive   = (0.95×0.8)+(0.3×0.1)+(0.0×0.0)+(0.7×0.2)+(0.9×0.7)+(0.85×0.9) = 2.33f · escalate_tier2   = ... = 1.08f · enrich_wait      = ... = 1.60f · escalate_incident= ... = 1.10

False positive gets the highest score (2.33) because the alert and that action are similar — they both have high values in positions 1 (travel), 5 (device), and 6 (history).

In matrix notation, all four dot products at once: f · Wᵀ — that’s Eq. (4).

Step 4: Softmax turns scores into probabilities

Raw scores (2.33, 1.08, 1.60, 1.10) aren’t probabilities yet. Softmax converts them:

softmax([2.33, 1.08, 1.60, 1.10] / τ)   where τ = 0.25

Temperature τ controls sharpness. Low τ = very decisive (winner takes almost all). High τ = more uncertain.

Result: something like [0.94, 0.01, 0.05, 0.01] — 94% confidence it’s a false positive.

That’s Level 1. That’s the whole scoring matrix. It is attention-shaped. The query asks “what is this alert?” The keys answer “what does each action need?” The dot product scores compatibility. Softmax picks the best match.

Step 5: Now the key insight — the weights LEARN

On Day 1, those weights are generic guesses. On Day 30, after 340+ decisions with verified outcomes (a human confirmed “yes, that was a false positive” or “no, that should have been escalated”), the weight matrix W has changed. The row for false_positive might now be [0.92, 0.05, 0.0, 0.1, 0.85, 0.95] — it learned that travel_match (0.8→0.92) and pattern_history (0.9→0.95) are even more important for this firm.

That’s why accuracy goes from 68% to 89%. Same model. Same 6 factors. Better weights. The weights absorbed the firm’s specific experience.

Step 6: Cross-graph attention — Level 2

Now make it bigger. Instead of one alert attending to 4 actions, imagine every entity in one graph domain attending to every entity in another domain.

Decision History has hundreds of entities (patterns, past decisions, confidence scores). Threat Intelligence has hundreds more (CVEs, IOCs, campaign data).

Cross-graph attention computes the dot product between every Decision History entity and every

Threat Intel entity:

E_decision · E_threatᵀ = a big matrix of compatibility scores

If Decision History has 200 entities and Threat Intel has 150 entities, that’s a 200 × 150 matrix — 30,000 compatibility scores, all computed at once.

Most scores are low (a compliance retention policy has nothing to say about a specific login pattern). But a few are high: PAT-TRAVEL-001 (Singapore auto-close pattern) has a high dot product with TI-2026-SG-CRED (Singapore credential stuffing campaign) because they share geographic focus and authentication relevance.

Softmax focuses attention on these high-compatibility pairs. The value transfer carries the threat intel payload (“active campaign, 340% elevation”) into the decision pattern’s representation.

That’s Eq. (6) in Section 4. Same math as Step 3, but operating on entire domains instead of one alert vs. four actions.

Step 7: Why 15 heads — Level 3

With 6 domains, there are 6×5/2 = 15 unique pairs. Each pair is its own “attention head” — its own compatibility matrix, its own softmax, its own discoveries:

·        Decision History × Threat Intel → “are our past decisions still valid given new threats?”

·        Organizational × Decision History → “did a role change make our auto-close habits dangerous?”

·        Behavioral × Compliance → “does this behavior spike coincide with an active audit?”

Each head finds a categorically different kind of insight. All 15 run in parallel. (See Section 5 for the full head taxonomy.)

Step 8: Why this creates a permanent moat

Here’s where it gets competitive. Three properties fall out of this math:

(a) Quadratic interaction space. Adding a 7th domain doesn’t add 1 new discovery source — it adds 6 (one new pair with each existing domain). Each domain makes all others more valuable. This is n(n−1)/2 growth.

(b) Each domain gets richer over time. Decision History grows every day (more decisions). Threat Intel grows every day (new CVEs). The dot products have more to discover every week. This is the t^γ factor.

(c) Discoveries are preserved by design. The enrichment is additive — Eᵢ + attention output. Original knowledge preserved. New knowledge layered on top. Never overwritten. This is the residual property.

A competitor starting 12 months late has empty graphs. At γ = 1.5: you’re at 24^1.5 = 117 units of accumulated intelligence. They’re at 12^1.5 = 41. The gap (76) is nearly 2× their total, and you hold nearly 3× what they have. And the gap widens every month.

References

[1] Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, Ł., & Polosukhin, I. (2017). Attention Is All You Need. Advances in Neural Information Processing Systems, 30.

[2] Li, L., Chu, W., Langford, J., & Schapire, R.E. (2010). A contextual-bandit approach to personalized news article recommendation. Proceedings of the 19th International Conference on World Wide Web, 661–670.

[3] Kipf, T.N. & Welling, M. (2017). Semi-supervised classification with graph convolutional networks. International Conference on Learning Representations (ICLR).

[4] Hamilton, W.L., Ying, R., & Leskovec, J. (2017). Inductive representation learning on large graphs. Advances in Neural Information Processing Systems, 30.

[5] Veličković, P., Cucurull, G., Casanova, A., Romero, A., Liò, P., & Bengio, Y. (2018). Graph attention networks. International Conference on Learning Representations (ICLR).

[6] BRIDG-ICS (2025). Bridge for ICS security: Semantic knowledge graphs unifying MITRE ATT&CK, CVE, and CAPEC ontologies. GitHub repository.

[7] Foundation Capital (2025). Context graphs: AI’s trillion-dollar opportunity. foundationcapital.com.

[8] Banerji, A. (2026). Operationalizing context graphs: CISO cybersecurity ops agent demo. Dakshineshwari LLC. dakshineshwari.net.

[9] Banerji, A. (2026). The enterprise-class agent engineering stack: From pilot to production-grade agentic systems. Dakshineshwari LLC. dakshineshwari.net.

[10] Banerji, A. (2026). Cross-graph attention experimental validation: Code and data. https://github.com/ArindamBanerji/cross-graph-experiments.

Cross-Graph Attention: Mathematical Foundation with Experimental Validation

February 2026 — Dakshineshwari LLC

Arindam Banerji, PhD

banerji.arindam@gmail.com