Conventional anti-money-laundering systems operate on rules: if a transaction exceeds a threshold, flag it; if a wallet appears on a blacklist, block it; if a series of transfers matches a known structuring pattern, alert a compliance officer. These rule-based approaches are effective against known threats but structurally incapable of identifying novel laundering techniques that do not match any predefined pattern. As sophisticated actors continuously invent new obfuscation strategies — exploiting flash loans, cross-chain bridges, and privacy-enhancing smart contracts in combinations that no human analyst has previously catalogued — the gap between static rules and real-world threats widens.

Ludopoly Analytics addresses this gap with an AI risk engine that complements the three-tier rule-based AML motor. The engine uses large language models not to replace rules but to interpret their output, identify anomalies that fall outside rule coverage, and produce human-readable explanations that compliance teams can act on immediately. The result is a system where known patterns are caught by deterministic rules (fast, predictable, auditable) and unknown patterns are surfaced by probabilistic models (adaptive, context-aware, explanatory).

The AI risk engine receives enriched transaction data from the event stream — the same data consumed by the rule-based AML tiers. It converts transaction graphs, time-series anomaly signals, and behavioural deviation metrics into structured natural language prompts. The language model processes these prompts and produces two outputs: a risk assessment score that complements the rule engine's score, and a narrative explanation — a paragraph of plain-language text describing why the transactions appear suspicious and what specific patterns triggered concern.

This narrative capability transforms the compliance workflow. Instead of presenting an analyst with a numeric score and a list of flagged transactions, the system provides contextual analysis: "This cluster of fourteen transactions across three wallets exhibits a classic layering pattern. Funds were deposited in ten sub-threshold amounts over forty-eight hours, consolidated into a single wallet, then routed through a mixer contract before exiting to a CEX deposit address. The progressive fragmentation and reconsolidation pattern, combined with the mixer usage, elevates the risk of structured laundering."

Compliance officers can use these narratives directly in Suspicious Activity Reports, reducing the time between detection and regulatory filing from hours to minutes.

Not every analysis task requires the most capable — and most expensive — language model. A simple pattern explanation can be handled by a smaller, faster model. A complex multi-hop cross-chain analysis genuinely benefits from a larger model's reasoning capacity. The AI risk engine implements intelligent routing: it evaluates the complexity of each analysis request based on the number of transactions involved, the number of chains traversed, and the diversity of contract types, then directs the request to the most cost-effective model that can handle it reliably.

This routing strategy produces significant cost savings at scale. Simple analyses — which constitute the majority of daily volume — are processed by lightweight models at a fraction of the cost per request. Complex analyses — which require deeper reasoning and occur less frequently — are elevated to more capable models. The overall result is a system that maintains high answer quality while keeping per-analysis costs predictable and manageable.

The AI risk engine does not operate in isolation. Its assessments incorporate data from all active modules. Identity verification status from ZK-KYC influences the model's prior probability estimates — a verified user exhibiting unusual behaviour warrants a different interpretation than an anonymous wallet exhibiting the same pattern. Cohort membership data from the dApp analytics module provides behavioural baselines — a "whale" segment user making large transfers is expected behaviour; a "dormant" segment user suddenly transacting at high volume is not.

This cross-module context is what separates an LLM-powered risk engine from a generic chatbot applied to blockchain data. The model does not merely interpret transactions; it interprets transactions within the context of identity, behaviour, and compliance history that the platform's unified architecture makes available.