Introduction to Splunk AI Agent Security Monitoring

Splunk AI Security Monitoring integrates Splunk Observability for AI with Cisco AI Defense to provide a consolidated view of security and privacy risks detected at runtime for your AI agents.

Attention:

Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.

The following documentation links apply to users who want to store conversation data in Splunk Observability Cloud. Use the following links to navigate between the pages in this release:

Splunk AI Security Monitoring integrates Splunk Observability for AI with Cisco AI Defense. It provides a consolidated view of security and privacy risks detected at runtime for your AI agents, allowing you to monitor performance and risks in one place.

Splunk AI Security Monitoring helps you to:

  • Identify which agents, interactions, and services involve detected or blocked security and privacy risks, such as prompt injection and PII leakage
  • Track risk trends alongside latency, errors, and other performance metrics over time
  • Investigate risky interactions in trace context, down to specific prompts and responses

For more on Cisco AI Defense's runtime capabilities, see Cisco AI Defense AI Runtime Protection.

How it works

Splunk AI Security Monitoring provides an instrumentation library, opentelemetry-instrumentation-aidefense, to automate security and privacy risk tracing for Python-based AI agents. This library captures and attaches security telemetry to calls that your AI agents make to LLMs (such as OpenAI) and orchestration frameworks (such as LangChain) to ensure that every prompt and response can be audited against security guardrails and recorded within a unified OpenTelemetry trace. It does this by adding the gen_ai.security.event_id attribute to LLM or workflow spans.

How instrumentation works

The library follows standard OpenTelemetry patterns to minimize manual coding:

  • Zero-code patching: When your AI agent calls .instrument(), the instrumentation library automatically intercepts outgoing prompts and incoming responses without requiring changes to your business logic.
  • Context propagation: It propagates security context (like User IDs or Session IDs) throughout your AI agent's entire distributed system, ensuring all related AI activities are linked in a single trace.
  • Standardized mapping: It maps AI-specific data such as token counts, model versions, and security scores into standard OTLP semantic conventions. This makes the data fully compatible with a Splunk Observability Cloud OTLP ingestion endpoint.

After you configure this integration, Splunk Observability for AI correlates the Cisco AI Defense risks from the splunk-otel-util-genai library to other data from your agents, traces, services, and applications.

License requirements

  • You need licenses for Cisco AI Defense and Splunk AI Agent Monitoring.

Limitations

  • You can only have one active Cisco AI Defense integration at a time.
  • The safety risks highlighted are based on Splunk Observability Cloud agent evaluations, not on Cisco AI defense safety risks detection.