In this talk, we argue that embedding models and threat detection are architectural cousins, and show how a transparent, dual-layer detection design combining explainable signature rules with lightweight, quantised classifiers can outperform brittle rules or opaque ML alone.

We’ll focus on three practical insights

+ why confidence scores often lie
+ how fp32→fp16→int8 quantization subtly breaks scoring assumptions
+ how a simple multi-head voting policy restores both robustness and explainability.

The talk closes with what didn’t work, and a minimal blueprint attendees can apply immediately.