We’ve followed up our recent infrastructure upgrades with a series of releases focused on investigator privacy, operational precision, and self-serve control.

These updates expand Sardine AI Agents, introduce signal-level AML resolutions, and add new SQL tooling designed to improve auditability and reduce friction across fraud and compliance workflows.

The highlights: 

• Data Analyst (public beta). Query fraud data using natural language to get immediate insights without writing complex SQL.
• User-scoped AI agent conversations. Allow investigators to explore hypotheses with private-by-default research spaces, while preserving shared visibility on alerts.
• Signal-level AML resolutions. Resolve Sanctions, PEP, and Adverse Media signals independently to create clearer audit trails.
• Customer Profiles page. Investigate identities through a unified, searchable record of customer activity and lifecycle data.
• SardineQL (preview). Conduct deeper self-serve analysis with read-only SQL access to user, session, and transaction data.
• Expanded IP allowlisting support. Manage dashboard access using CIDR notation and IPv6 ranges to authorize entire network blocks in a single entry.

AI-Driven investigation workflows

Natural language discovery with Data Analyst (public beta)

The Data Analyst agent is now available to all users for streamlined deep fraud research. It uses natural language queries to bypass the need for complex SQL, enabling faster responses during time-sensitive cases where manual data pulls would cause delays.

The agent now supports iterative analysis workflows, allowing it to ask follow-up questions and perform sequential data exploration.

Developed in collaboration with Sardine’s data science and account management teams, this capability helps investigators build a clearer narrative of suspicious activity through progressive discovery.

User-scoped conversations and the Rule Assistant 

We’ve updated how AI agent chat history is stored to better balance investigator privacy and team collaboration. Most conversations are now private to the individual user, allowing analysts to explore hypotheses and investigate leads without exposing early-stage research across the organization.

To maintain accountability, conversations conducted on the Alerts page remain visible to the entire team, preserving a transparent audit trail for formal reviews.

The Rule Assistant is now integrated directly into the agent workflow, helping teams move from investigation to active defense faster.

Key improvements include:

• Pre-deployment verification: The assistant compiles and validates rules before recommending them.
• Decision transparency: Each recommendation includes a detailed explanation with options for immediate refinement.
• Expanded search coverage: The assistant now searches across all checkpoint features to generate more comprehensive rule suggestions.

Precision AML and identity management 

Signal-level resolutions for independent risk oversight

Managing entity risk often involves overlapping hits from Sanctions, PEP, and adverse media lists. Previously, resolving a hit in one category could automatically resolve alerts in another, creating gaps in the audit trail and increasing operational risk.

With Signal-Level Entity Resolutions, analysts can now resolve each sanctions, PEP, or adverse media signal independently. The platform automatically calculates the overall entity status based on these individual decisions, ensuring reviews remain precise, auditable, and defensible.

This update also introduces a more targeted screening widget. Analysts can now filter views by individual signal types and interact with specific hits directly, rather than treating the entity as a single grouped result.

Unified identity-centric investigations

The new Customer Profiles page provides a source of truth for identity management alongside our existing session-based tracking. This dedicated space offers a searchable view of customer records, enabling teams to analyze the full lifecycle of an individual rather than disconnected web events.

To help investigators quickly isolate records within large datasets, the page supports advanced filtering across several dimensions:

• Personal identity: Search by name, email, or phone number
• Geographic context: Filter by city or country code
• Persistent tags: Locate profiles using customer tags internal lifecycle tags

Self-service infrastructure and technical control

Direct data access with SardineQL (Preview)

SardineQL is a new self-service interface that allows you to query user, session, and transaction data directly within the Sardine platform. Instead of waiting for custom reports, technical teams can use an interactive query editor to surface specific transactions or calculate alert volumes in seconds.

Key features include:

• Smart query editor. Autocomplete for table and field names with real-time linting to catch errors before execution.
• Interactive results. Paginated tables that support browsing through thousands of rows of data.
• Read-only security. A centralized interface designed for speed and data integrity.

Expanded network security and IP allowlisting

Managing dashboard access is now more flexible with the introduction of CIDR notation and IPv6 support for IP allowlisting. Organizations can now authorize entire network blocks in a single entry, eliminating the manual effort of whitelisting dozens of individual IP addresses.

• CIDR range matching. Support for both IPv4 and IPv6 matching (e.g., 10.0.0.0/8 or 2001:db8::/32).
• Automatic normalization. The system handles various IPv6 formats consistently to ensure security matching remains intact.
• Entry metadata. Optional description fields allow administrators to document the purpose of specific network ranges for future audits.

Advancing precision and autonomy with Sardine

We continue to invest in the infrastructure and intelligence needed to give your risk team greater investigative clarity.

From user-scoped AI agents and signal-level AML resolutions to self-serve SQL access and expanded identity management, these updates strengthen the privacy, transparency, and resilience of modern fraud and compliance operations.

Want to see these features in action? Get in touch for a demo.

Current customers can visit our release notes and changelog for more details.