Overview#
An investigation team has built what they believe is a solid case. The suspect is identified, the evidence is linked, and the theory of the crime is coherent. Before the case goes to the prosecutor, a senior analyst runs a counterfactual stress test. The system generates three alternative scenarios that could explain the same evidence without the suspect's involvement. Two of those scenarios collapse quickly under scrutiny, the alibi evidence rules them out. But the third reveals a gap: a two-hour window where the suspect's location is unaccounted for but the evidence could theoretically fit someone else.
That gap needs to be closed before the case goes forward. The Counterfactual domain found it before the defence barrister did.
Key Features#
- Hypothesis stress testing with evidence-based validation.
- Adversary reaction simulation for threat modelling.
- Black swan event identification and probability assessment.
- Risk-aware pathfinding for operational planning.
- Dynamic identity synthesis for analytical scenarios.
- Configurable simulation parameters and thresholds.
- Evidence conflict detection and resolution.
- Profile validation for synthesised analytical entities.
Use Cases#
Investigation teams test hypotheses against available evidence before committing resources, using counterfactual analysis to identify weaknesses and gaps in the investigative theory while there is still time to address them.
Intelligence analysts simulate adversary responses to planned operational actions, identifying likely counter-moves before an operation is executed and adjusting plans accordingly.
Threat assessment teams identify low-probability, high-impact scenarios in strategic threat assessments, the "black swan" events that standard risk analysis would miss because they fall outside expected probability distributions.
Operational planners use risk-aware pathfinding to design operational deployments that balance evidence collection potential against operational risk, with the system identifying routes and approaches that optimise both dimensions.
Integration#
Integrates with investigation, threat intelligence, and evidence domains for data-driven scenario analysis and hypothesis validation.
Open Standards#
- GraphQL (June 2018 Specification): the entire counterfactual API surface is exposed as a typed Strawberry GraphQL schema, with named query and mutation operations for scenario creation, assumption monitoring, pathfinding, and identity synthesis.
- JSON (RFC 8259): scenario payloads, evidence objects, AI-generated results, and synthesised identity profiles are all serialised and deserialised as JSON; evidence blobs are persisted in PostgreSQL JSONB columns.
- OAuth 2.0 / JWT (RFC 6749 / RFC 7519): every query and mutation is gated by an
IsAuthenticatedpermission class that verifies RS256 JWTs issued by the platform's auth service, with public keys resolved via JWKS. - SHA-256 (FIPS 180-4): a SHA-256 provenance hash is computed over the canonical JSON representation of each AI result before storage, providing a tamper-evident audit trail for every generated scenario.
- UUID (RFC 4122): all scenarios, assumption monitors, pathfinding routes, and identity synthesis records use RFC 4122 version-4 UUIDs as primary keys.
- IEEE 1278.1 (Distributed Interactive Simulation): the EDF simulation-training capability pack that includes the counterfactual subsystem implements a DIS IEEE 1278.1 entity-state parser, enabling counterfactual what-if replay against live exercise entity positions.
- HLA Run-Time Infrastructure / IEEE 1516 (High Level Architecture): the same simulation-training pack integrates an HLA RTI federation adapter so that counterfactual analysis can operate against federated constructive simulation environments.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14