This work addresses the challenge of generalizing graph anomaly detection to unseen domains, which is hindered by significant discrepancies in feature semantics and dimensionality across domains. To this end, the authors propose OWLEYE, the first framework enabling zero-shot cross-domain graph anomaly detection. OWLEYE preserves domain-specific semantics through cross-domain feature alignment, captures shared structural and attribute patterns via multi-domain multi-modal dictionary learning, and computes unsupervised, context-aware anomaly scores using a truncated attention-based reconstruction mechanism. Notably, the model requires no retraining on target domains and demonstrates superior performance over existing methods across multiple real-world graph datasets, exhibiting strong generalization capability and scalability.

Graph data is informative to represent complex relationships such as transactions between accounts, communications between devices, and dependencies among machines or processes. Correspondingly, graph anomaly detection (GAD) plays a critical role in identifying anomalies across various domains, including finance, cybersecurity, manufacturing, etc. Facing the large-volume and multi-domain graph data, nascent efforts attempt to develop foundational generalist models capable of detecting anomalies in unseen graphs without retraining. To the best of our knowledge, the different feature semantics and dimensions of cross-domain graph data heavily hinder the development of the graph foundation model, leaving further in-depth continual learning and inference capabilities a quite open problem. Hence, we propose OWLEYE, a novel zero-shot GAD framework that learns transferable patterns of normal behavior from multiple graphs, with a threefold contribution. First, OWLEYE proposes a cross-domain feature alignment module to harmonize feature distributions, which preserves domain-specific semantics during alignment. Second, with aligned features, to enable continuous learning capabilities, OWLEYE designs the multi-domain multi-pattern dictionary learning to encode shared structural and attribute-based patterns. Third, for achieving the in-context learning ability, OWLEYE develops a truncated attention-based reconstruction module to robustly detect anomalies without requiring labeled data for unseen graph-structured data. Extensive experiments on real-world datasets demonstrate that OWLEYE achieves superior performance and generalizability compared to state-of-the-art baselines, establishing a strong foundation for scalable and label-efficient anomaly detection.