Monitor security risks

Attention:

Alpha features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this alpha feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential. Use of alpha features is subject to the Splunk Pre-Release Agreement for Hosted Services.

The following documentation links apply to users who want to store conversation data in Splunk Observability Cloud. Use the following links to navigate between the pages in this release:

After you connect Cisco AI Defense and instrument your AI agents, Splunk Observability for AI surfaces runtime security and privacy risks directly in the Splunk AI Agent Monitoring experience. You can see which agents, interactions, and traces are associated with detected or blocked risks, alongside latency, errors, and other health indicators.

Use the following pages to investigate risk signals in context.

Monitor security risks on the AI overview page

On the top‑level AI overview page, the Quality and risk section includes a Risks chart that summarizes detected and blocked risks across your AI estate.

You can:

  • View counts by risk category and status

  • Use the Type menu to focus on a specific risk type

  • Drill down into agents and traces that contribute to the selected risk

For details about the AI overview page, see Monitor your overall AI application and agent environment with Splunk APM.

Monitor security risks on the AI agents page

On the AI agents page, Splunk Observability Cloud aggregates Cisco AI Defense findings at the agent level so you can quickly see which agents are associated with the most risk.

You can:

  • Use the Risk count tile to spot agents with elevated runtime risks

  • Scan the Risks column to see which risk types are present for each agent

  • Drill into an agent to investigate traces and interactions driving those risks

For more about the AI agents page, see Monitor AI agents with Splunk APM.

The following table describes values you might see in the Risks column. For more information, see Guardrails and Rules.

No detected risks You may not have connected this AI agent with Cisco AI Defense
Risk evaluation failed to run
Security - Prompt injection

OWASP LLM Top 10 threat LLM01:2025 - Prompt Injection

AML.T0051 - LLM Prompt Injection

AML.T0051.001 - LLM Prompt Injection: Indirect
Security - Code detection OWASP LLM Top 10 threat LLM05:2025 - Improper Output Handling N/A
Privacy - PII

OWASP LLM Top 10 threat LLM02:2025 - Sensitive Information Disclosure

MITRE ATLAS threat AML.T0057 - LLM Data Leakage
Privacy - PHI

OWASP LLM Top 10 threat LLM02:2025 - Sensitive Information Disclosure

MITRE ATLAS threat AML.T0057 - LLM Data Leakage
Privacy - PCI

OWASP LLM Top 10 threat LLM02:2025 - Sensitive Information Disclosure

MITRE ATLAS threat AML.T0057 - LLM Data Leakage.

Monitor security risks on the AI trace data page

On the AI trace data page, risk information is available at the individual interaction level so you can analyze risky behavior in full trace context.

You can:

  • Use the Risk histogram to understand how often different risk types occur over time

  • Filter trace results by risk attributes to focus on specific security or privacy issues

  • Use the Risks column to jump into traces where Cisco AI Defense detected or blocked a problem, and review the associated prompts, responses, and downstream actions

For more about working with trace‑level data, see Monitor AI traces and spans with Splunk APM.