The AI Telemetry Gap

Good news, everyone! Your SIEM ingests infrastructure logs, application logs, authentication logs, and network flow logs. It correlates failed login attempts, detects port scanning, and alerts on suspicious file access. None of this detects prompt injection, model behavior drift, context window poisoning, or unauthorized tool execution. The AI telemetry gap is the space between what your SIEM can see and what AI-specific threats look like. Closing this gap requires new log sources that capture AI-specific events.

1. Prompt Interaction Logs Log every interaction with the model: the input, the system prompt version, the context window composition, and the output. These logs are the forensic record that reconstructs what the model saw and how it responded. Without them, AI incidents are invisible after the fact.
2. Tool Invocation Logs Log every tool call the model makes: which tool, what parameters, what result, the latency, and the authorization check result. Tool invocation logs detect privilege escalation — a model using tools outside its authorized scope — and exfiltration — a model sending data to unexpected destinations.
3. Guardrail Event Logs Log every input filter trigger, output guardrail activation, and canary detection event. Guardrail logs are the early warning system — they show attacks that were blocked, which reveals the attack patterns targeting your system even when the attacks fail.