--- title: AI Guard Security Signals description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Datadog Security > AI Guard > AI Guard Security Signals --- # AI Guard Security Signals {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} AI Guard isn't available in the {% placeholder "user-datadog-site-name" /%} site. {% /alert %} {% /callout %} AI Guard security signals provide visibility into threats and attacks AI Guard detects in your applications. These signals are built on top of [AAP (Application and API Protection) security signals](https://docs.datadoghq.com/security/application_security/security_signals.md) and integrate with Datadog's security monitoring workflows. ## Understand AI Guard signals{% #understand-ai-guard-signals %} Datadog creates AI Guard security signals when it detects a threat based on a configured detection rule. Signals indicating threats such as prompt injection, jailbreaking, or tool misuse appear in the Datadog Security Signals explorer. These signals can provide: - **Threat detection**: Attack context based on your configured detection rules - **Action insights**: Blocked or allowed actions information according to your rule settings - **Rich investigation context**: Attack categories detected, AI Guard evaluation results, and links to related AI Guard spans for comprehensive analysis - **Custom runbooks**: Custom remediation guidance and response procedures for specific threat scenarios To help you prioritize your remediation efforts, AI Guard automatically assigns a severity level to every security signal. You can create custom detection rules to customize severity levels and define specific security responses. ## Create detection rules{% #create-detection-rules %} You can create custom detection rules by defining thresholds for when you want to receive notifications; for example, more than 5 `DENY` actions in 10 minutes. When AI Guard evaluations exceed those thresholds, it generates security signals. To create AI Guard detection rules: 1. In Datadog, go to the [AI Guard detection rule explorer](https://app.datadoghq.com/security/ai-guard/settings/detection-rules), then click **New Rule**. {% image source="https://docs.dd-static.net/images/security/ai_guard/ai_guard_detection_rules_1.4a24778ad2c3fcf13cf258866b07b313.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/ai_guard/ai_guard_detection_rules_1.4a24778ad2c3fcf13cf258866b07b313.png?auto=format&fit=max&w=850&dpr=2 2x" alt="AI Guard Detection Rules Explorer" /%} 1. Under **Define your Real-time rule**, choose the type of rule to create. 1. Under **Define Search Queries**, define the types of tags you want to create signals for. You can use the following AI Guard attributes to filter and target specific threat patterns: | Tag | Description | Possible values | | ----------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `@ai_guard.action` | Filter by AI Guard's evaluation result | `ALLOW` or `DENY` | | `@ai_guard.attack_categories` | Target specific attack types | - `jailbreak` - `indirect-prompt-injection` - `destructive-tool-call` - `denial-of-service-tool-call` - `security-exploit` - `authority-override` - `role-play` - `instruction-override` - `obfuscation` - `system-prompt-extraction` - `data-exfiltration` | | `@ai_guard.blocked` | Filter based on whether an action in the trace was blocked | `true` or `false` | | `@ai_guard.tools` | Filter by specific tool names involved in the evaluation | `get_user_profile`, `user_recent_transactions`, etc. | | `@ai_guard.sds.categories` | Filter by sensitive data categories detected by Sensitive Data Scanner | `credentials`, `email_address`, etc. | | `@ai_guard.sds.rule_tags` | Filter by specific sensitive data rule tags | `aws_access_key_id`, `aws_secret_access_key`, `claude_api_key`, `email_address`, etc. | 1. Under **Define Rule Conditions**: 1. Define your threshold conditions, if applicable to the type of rule you chose. 1. Set the severity level of the security signals AI Guard generates with this rule. 1. Choose who should get notifications for new signals and how often. 1. Choose security responses to take, such as automated IP or user blocking, and IP flagging. 1. Configure additional settings, such as updating the same signal instead of creating a new one if AI Guard detects new values within a set amount of time, and decreasing signal severity for non-production environments. 1. Under **Describe your Playbook**, customize the notification and define tags to send with the signals. 1. Click **Save Rule**. For more comprehensive detection rule capabilities, see [detection rules](https://docs.datadoghq.com/security/detection_rules.md). ## Investigate signals{% #investigate-signals %} To view and investigate AI Guard security signals, and correlate them with other security events, you can view signals in two places: - [Application and API Protection Security Signals explorer](https://app.datadoghq.com/security/ai-guard/signals) - [Cloud SIEM Security Signals explorer](https://app.datadoghq.com/security/siem/signals) In the Cloud SIEM Security Signals explorer, beside the search bar, click the **Filter** icon and select the **App & API Protection** checkbox to view AI Guard signals. The Security Signals explorers allow you to filter, prioritize, and investigate AI Guard signals alongside other application security threats, providing a unified view of your security posture. You can create or link cases directly from an AI Guard security signal, and click any signal to open a side panel containing additional context. ## Get additional context with spans{% #get-additional-context-with-spans %} AI Guard spans offer detailed information about the assessments it made and why. When you open a span from the [Investigate](https://app.datadoghq.com/security/ai-guard/investigate) page or from a signal, you can get context on the specific prompts your AI agent used, read exact inputs and outputs, and see any attack categories that contributed to AI Guard assessing a tool call as unsafe. ### Get context on a span{% #get-context-on-a-span %} When you click on a span in the explorer, you can see: - The service and environment the requests occurred in - The [blocking policy](https://docs.datadoghq.com/security/ai_guard/setup.md#blocking-policy) configured for that service, which determines whether AI Guard blocks unsafe requests, or detects and tags them without blocking them - The user who interacted with the agent - The specific inputs and outputs from your agent, and whether they came from LLMs or external tools - Whether AI Guard assessed each request as safe or unsafe - Whether AI Guard blocked the request - If AI Guard assessed the call as unsafe, which attack categories it included - Whether the request included sensitive data, and if so, what type of sensitive data - Additional tags, which you can use to filter spans in the explorer Additionally, you can click **Explore in graph view** to see the requests in the conversation graphed out, or view the span in [APM](https://docs.datadoghq.com/tracing.md) or [LLM Observability](https://docs.datadoghq.com/llm_observability.md). ## Further reading{% #further-reading %} - [AI Guard](https://docs.datadoghq.com/security/ai_guard.md) - [Get Started with AI Guard](https://docs.datadoghq.com/security/ai_guard/onboarding.md) - [Detection Rules](https://docs.datadoghq.com/security/detection_rules.md)