DEV Community

Alpha Info
Alpha Info

Posted on

Why your time-series anomaly detection probably misses the real anomaly

#ai #mlops #observability #datascience

TL;DR: Most "anomaly detection" code in production uses z-score, rolling means, or 3σ rules. These detect mean shifts, not structural changes. I built AlphaInfo — a structural intelligence API that perceives signal shape via a 5-D fingerprint. One HTTP call returns calibrated severity, alert level, and an audit-replayable analysis ID. Free tier: 50 calls/month, no credit card.

The bug nobody catches

A few months ago I was watching a team debug a production incident. Their alerting was based on:

if recent_p99_latency > rolling_mean + 3 * rolling_std:
    page_oncall()
Enter fullscreen mode Exit fullscreen mode

The actual incident: a slow memory leak. P99 stayed within bounds because the leak was gradual. By the time the rolling stats updated, the system was already degraded. The alert fired at 4 AM, after every user had felt it.

The team's fix? Tighter thresholds. Which fired false positives the next week.

This is the classic anomaly detection trap: statistical tools detect mean shifts. Real-world incidents are usually structural shifts.

What "structural" means here

Same mean. Same variance. Different shape.

# Both have the same mean (0), same std (1)
# But ONE is white noise, ONE is a sine wave
import numpy as np
white = np.random.normal(0, 1, 1000)
sine = np.sin(np.linspace(0, 100, 1000))

# z-score / 3σ on either: identical
# Are they the same signal? Obviously not.
Enter fullscreen mode Exit fullscreen mode

Real-world version of this:

  • Latency distribution before/after a deploy with same mean but new tail behavior
  • Sensor vibration at same total energy but with new harmonic content
  • User session length with same average but bimodal instead of unimodal
  • Error rates that look "normal" in aggregate but are clustered into bursts

z-score sees none of these. ML classifiers can — if you train one. For every metric. Forever.

The API I built

AlphaInfo is a Structural Intelligence API. You send two signals (or one for internal-change detection), it returns:

{
  "structural_score": 0.23,
  "confidence_band": "unstable",
  "change_detected": true,
  "metrics": {
    "sim_local": 0.41,
    "sim_fractal": 0.78,
    "sim_spectral": 0.18,
    "sim_transition": 0.52,
    "sim_trend": 0.85
  },
  "semantic": {
    "alert_level": "critical",
    "severity_score": 87,
    "recommended_action": "immediate_human_review",
    "summary": "⚠️ Spectral content shifted significantly..."
  },
  "analysis_id": "5533a276-b4e2-461b-8b64-03bc30d565cc"
}
Enter fullscreen mode Exit fullscreen mode

The 5-D fingerprint (sim_local, sim_fractal, sim_spectral, sim_transition, sim_trend) decomposes the structural change. When sim_spectral drops to 0.18 while others stay high, you know the change is in frequency content — useful for diagnostics.

The analysis_id is replayable forever via audit_replay(). Reproduce any past analysis bit-exact. Critical for finance, biomed, and regulated domains.

Six things you can do with one API 

from alphainfo import AlphaInfo
client = AlphaInfo(api_key="ai_...")

# 1. Anomaly without baseline
r = client.detect_internal_change(signal=cpu_metrics, sampling_rate=1/60)
# r.semantic.alert_level → "critical"

# 2. Compare two states
r = client.compare(signal=after_deploy, baseline=before_deploy, sampling_rate=1.0)
# r.structural_score → 0.34 (unstable)

# 3. Locate WHEN something changed in a long stream
r = client.analyze_windowed(signal=long_stream, window_size=200, step=50, sampling_rate=10.0)
# r.worst_window → (start, end, score)

# 4. Multi-sensor fault isolation (1 quota, up to 64 channels)
r = client.analyze_vector(channels={"temp": ..., "press": ..., "vib": ...},
                          baselines={"temp": ..., "press": ..., "vib": ...},
                          sampling_rate=10.0)
# r.channels["vib"].structural_score → 0.21 (the failing one)

# 5. Auto-infer the right calibration
r = client.analyze_auto(signal=mystery, baseline=ref, sampling_rate=10.0)
# r.domain_inference → {inferred: "biomedical", confidence: 0.92, reasoning: ...}

# 6. Parameter fitting (gradient-free)
r = client.fit_parameter_grid(target_signal=observed,
                              candidates={"omega_0.1": gen(0.1), ...},
                              sampling_rate=10.0)
# r.best_param → "omega_0.34"
Enter fullscreen mode Exit fullscreen mode

Ten domain calibrations + 21 recipes

The API ships with calibrations for finance, biomedical, sensors, ai_ml, security, power_grid, seismic, traffic, plus generic and auto. Each tunes sensitivity for that vertical's typical signal characteristics (heavy tails, fast oscillations, sparse events, etc.).

There's also a recipes layer with 21 production-ready recipes including 8 domain-specific probe libraries:

  • probes_finance — vol_regime, crash_event, momentum_break, mean_reversion_break, ...
  • probes_biomedical — tachycardia, bradycardia, PVC, lead_disconnect, atrial_fib, ...
  • probes_industrial — bearing_wear, imbalance, shock, cavitation, resonance, ...
  • probes_mlops — prediction_collapse, imbalance_shift, outlier_increase, ...
  • probes_security — traffic_spike, brute_force, scan_burst, dns_tunnel, ...
  • probes_logistics, probes_energy_grid, probes_climate

~80 pre-built probes. Plug-and-play for the most common patterns in each domain.

What's been validated

  • Real PhysioNet ECG (record 208, N vs PVC): 100% cross-validation accuracy without training a model
  • Real S&P 500 / BTC / VIX / Treasury daily data via yfinance: regime change detection with localized boundaries
  • Multi-sensor HVAC fault: correctly identifies the failing channel ("canal delator") in a single API call across 64 channels
  • Server CPU anomaly: 30-min sustained spike caught with severity 75 and localized timing
  • Account takeover, ransomware-pattern, insider threat detection: critical severity 67-96 on realistic data shapes

Full validation matrix at alphainfo.io.

Free tier — try it

Sign up (no credit card) for 50 analyses/month. 4 paid tiers above that, from $49/mo to Enterprise. All 10 domain calibrations and all 21 recipes available on every tier — capacity is the differentiator, not features.

pip install alphainfo

from alphainfo import AlphaInfo
client = AlphaInfo(api_key="ai_...")
r = client.detect_internal_change(signal=your_csv_column, sampling_rate=1.0)
print(r.semantic.summary)
Enter fullscreen mode Exit fullscreen mode

When NOT to use this

  • You need gradient-based anomaly detection (use isolation forest)
  • Sub-100ms HTTP latency required (API floor is ~250ms; sub-100ms per-comparison via the vector endpoint OK)
  • Billion-scale similarity search (use FAISS, then AlphaInfo for re-ranking)
  • The "anomaly" is purely about magnitude with no shape change (use simple statistics — AlphaInfo measures structure, not magnitude)

Links

Next post: I'll show how to wire this API into Claude Code as a self-correcting skill — the AI agent calls the right method automatically, even retrying with alternative configs when the first answer is borderline. The combination is genuinely powerful.

Feedback / use cases I'm missing — comments open. 🙏

Top comments (0)