AI Runtime Security allows you to detect and alert on malicious traffic through various protection mechanisms. This page shows how to view and interpret the AI security threat logs and reports for different types of protections. The detailed logs offer enhanced visibility by correlating threats with cloud assets discovered in the Strata Cloud Manager Cloud Application Command Center, enabling a more comprehensive and informed security approach.

For each security event (Block or Alert) triggered by the AI Security profile, the traffic logs between server and client are logged. For instance, Data Leak Detection, URL Security Detection, and Prompt Injection Detection logs. The log includes traffic details such as the AI model name, CSP region name, AI model CSP region name, AI incident type, incident subtype, and the AI security profile name. You can also find the session ID, source, and destination details.

Click on a log to view the detailed traffic logs showing general information about the AI Runtime Security, including a session ID, the source and destination of the traffic, AI Security details such as the model name, the model CSP name, the incident type, and an incident report ID for troubleshooting.

Switch to the AI Security Report tab to inspect the content of the AI traffic for specific AI threat logs:

• The Model Protection displays logs for any detected prompt injection threats.
• The Application Protection Shows URL categories and the specific URLs that triggered these categories.
• The Data Protection Lists DLP data patterns that were triggered and the masked content that caused each pattern to trigger. These logs are categorized based on low, medium, and high-severity alerts.