A Context Graph Is Not Context

Your AI agents can reason. Without context, they can't decide.

A vulnerability scanner finds 15,000 issues. A context graph captures why you triaged the last 500. Neither one can tell you that three medium-severity findings, on the same instance, behind a config change from Tuesday, are about to take down your largest customer's payment flow.

That's not a data problem. That's a context problem. And most of what's being called "context" today doesn't solve it.

Context is the connective tissue between data and meaning: the relationships, history, and business reality that turn isolated facts into actionable intelligence.

Without it, your agents are guessing with confidence. And here's what makes it harder: enterprise data doesn't sit still. Systems change, configurations drift, business relationships evolve. Context that was accurate last week can be dangerously wrong today. A context layer that only captures a point-in-time view is already stale by the time you query it. The infrastructure has to evolve as fast as the environment it describes, getting smarter with every interaction, not just logging what happened.

The Conversation Everyone's Having is Wrong

There's a thesis gaining traction in enterprise AI: context graphs — the decision traces that capture the reasoning behind actions — will be the next trillion-dollar platform shift. The argument is compelling. Systems of record captured the "what." Context graphs will capture the "why."

Context Graphs: AI's Trillion Dollar Opportunity

The thesis is right about the destination. It's wrong about the architecture. Decision traces tell you why someone acted. They can't tell you why something broke that nobody touched.

Decision traces are valuable for single-domain workflows: renewals, escalations, discount approvals. But the hardest problems in enterprise don't live in one domain. They live in the gaps between domains, in relationships no single system can see, in combinations that are individually benign and collectively catastrophic.

A vulnerability is manageable. A vulnerability on a server that runs your checkout flow, with two other critical findings creating a compound risk, exposed to the internet by a config change 48 hours ago? That's a business crisis. And no decision trace will surface it, because no single decision created it.

Context isn't a record of past reasoning. Context is the live, cross-domain understanding that makes reasoning possible in the first place.

What's Actually Missing

Three assumptions break down when you move from single-domain decisions to enterprise-scale intelligence.

The topology doesn't exist anywhere

Decision traces start with known entities: accounts, tickets, incidents. But in operational domains, the entities themselves are fragmented. No single system knows that a vulnerable EC2 instance runs an application supporting a product generating $4M monthly for your largest customer. That chain has to be discovered, correlated, and maintained. You can't trace decisions about relationships you haven't found yet.

Nobody can answer "how did we get here?"

This might be the most important gap. Enterprises don't just need "why did we act?" They need to reconstruct the trajectory. How did this asset's attack surface expand over six months? When exactly did we fall out of compliance? What changed between the last audit and today? Decision traces capture moments. But drift, degradation, and compounding exposure only become visible when you can scrub backward through time and trace the path from "safe" to "critical." The question isn't just what happened. It's how the situation evolved to the point where something could happen.

Different types of context have fundamentally different behaviors

Every context graph implementation claims to span systems and modalities. But spanning isn't the same as serving well. Structural relationships (which server runs which application for which customer) are relatively stable and best queried through traversal. Analytical insights (this combination of findings creates an exploitable attack path) are derived, scored, and versioned. Temporal events (a config change at 2:47 AM exposed this instance to the public internet) are immutable and time-ordered.

You can put all of these in a single graph. Temporal graph databases and OLAP-capable graph engines exist. But the query patterns, update frequencies, and retention requirements are so different that optimizing for one consistently degrades the experience of the others at enterprise scale. The architecture has to respect these differences rather than forcing uniformity.

Consider operational risk as an example: a vendor delay on a critical component, a system already running at capacity, an SLA penalty clause with your largest customer, and a compliance audit scheduled next month. Four systems, four teams, zero overlap. No individual signal was alarming. The combination was existential. Surfacing that kind of convergence requires context types that are purpose-built for their respective query patterns, not collapsed into a single model that handles none of them well.

The Difference, Made Concrete

Security: Which vulnerabilities actually threaten our business?

A CISO asks: "Which vulnerabilities actually threaten our business?"

Without cross-domain context: Query the scanner. Get 15,000 findings. Sort by CVSS. Start at the top. Miss the three that matter.

With it: A single query traverses the topology: that EC2 instance runs the checkout application, which processes payments for three enterprise customers representing $4M in monthly revenue. A separate analytical layer surfaces the compound risk: this vulnerability, combined with two other findings on the same instance, creates an exploitable attack path. A temporal layer adds the trigger: a config change 48 hours ago exposed this instance to the internet, and the exposure window has been widening since.

Individual risk: medium. Combined risk: critical. The CISO isn't looking at 15,000 findings anymore. She's looking at three, with the full business impact already calculated.

Unified Security: Beyond Point Solutions

Manufacturing: What's causing our defects?

A VP of Quality asks: "What's causing our defects?"

Without cross-domain context: Query the QMS. See 847 nonconformances. Start a manual investigation that takes weeks.

With it, the digital thread traversal builds the picture step by step:

1. Correlate defect reports with production lots to identify affected product lines.
2. Trace those lots to the specific machines and operators on shift during production.
3. Pull material batch records to identify the raw material supplier for each lot.
4. Cross-reference machine sensor data — specifically spindle vibration profiles around tool change events.
5. The pattern emerges: 87% of surface finish defects trace to two CNC machines processing material from one supplier, when spindle vibration exceeds threshold after tool changes.
6. Check current production: three lots are still in progress under the same conditions.

The cost of catching this before shipment instead of after: $3.6M in prevented returns, warranty claims, and customer trust.

Healthcare: Which device vulnerabilities could actually harm patients?

A Chief Medical Information Officer (CMIO) asks: "Which device vulnerabilities could actually harm patients?"

Without cross-domain context: Query the device management system. Get 2,800 vulnerabilities. Prioritize by CVSS score. Miss the clinical context entirely.

With it, the context layer traces from vulnerability to patient impact:

1. Identify the 2,800 vulnerabilities and filter for those with remote code execution potential.
2. Map affected devices to their physical network segments. Flag any sharing a segment with untrusted networks like guest WiFi.
3. Correlate those devices with clinical workflows: which ones are actively involved in medication delivery, vitals monitoring, or surgical support?
4. Overlay patient census data: how many patients, in which units, depend on these specific devices right now?
5. Result: 12 infusion pumps with a remote code execution vulnerability, on the same network segment as guest WiFi, supporting medication delivery for 24 critical patients in cardiac ICU.

The scanner says "medium severity." The context says "life safety." Those are very different conversations with very different response timelines.

These aren't hypothetical. These are the questions enterprises are asking right now — and failing to answer because their tools don't connect the dots.

Why This Requires New Infrastructure

You can't solve this by adding a memory layer to an agent framework. You can't solve it with a bigger knowledge graph. The infrastructure has to do things that existing architectures weren't designed for.

It must close the gap between what exists and what should exist. Discovery tells you what's running. But knowing what should be running — and where reality diverges from intent — is where the highest-value insights hide. Assets in PCI scope missing required controls. Applications supporting revenue but not classified as critical. The infrastructure must hold both views and surface the delta.

It must reconstruct the path, not just the event. This goes beyond event logs. Enterprises need to see what their environment looked like at any point in time: to explain drift, predict trajectories, and prove to auditors exactly when a control stopped being effective. The difference between "what changed" and "how things evolved" is the difference between an alert and an explanation.

It must serve different types of context without compromising any of them. Relationships, intelligence, and events each demand their own query semantics, update cadences, and retention models. The infrastructure must respect those differences while presenting a unified answer at query time.

It must compound, not just accumulate. When an agent surfaces a critical finding, that finding should enrich the context available to every subsequent query — whether from a human or another agent. Data that sits idle depreciates. Context that evolves with every interaction becomes the foundation everything else builds on.

The Shift That's Coming

The last platform shift created systems of record for objects: customers, employees, transactions.

The next will create systems of record for context: the relationships, reasoning, and evolution that make objects meaningful.

That's not a feature you add to Salesforce. Not a dashboard on Snowflake. Not a plugin for an agent framework. It's infrastructure — the kind that becomes invisible once it works and irreplaceable once you depend on it.

We call it Korthread℠ Fabric. We're building it. And we think it's the most important infrastructure for enterprise AI that isn't getting the attention it deserves.

If your AI agents are making decisions without full operational context, if your teams are manually correlating what should be automatic, you're experiencing the problem this solves.

Ready to see Korthread in action?