Skip to main content

Documentation Index

Fetch the complete documentation index at: https://threatbasis.io/llms.txt

Use this file to discover all available pages before exploring further.

AI observability extends traditional application monitoring to address the unique challenges of LLM-based security systems—non-deterministic outputs, complex prompt chains, multi-step agent workflows, and quality dimensions that don’t exist in conventional software. Security teams deploying AI for alert triage, threat hunting, or incident response must monitor not just whether systems are running, but whether they’re producing accurate, safe, and cost-effective outputs. The stakes for AI observability in security operations are particularly high. An unmonitored AI system might silently degrade in quality, miss critical threats due to prompt drift, or accumulate costs that exceed budget projections. Unlike traditional applications where errors manifest as exceptions or failed requests, AI failures often appear as subtly incorrect outputs that pass all technical health checks while providing wrong or dangerous recommendations. Security engineers must implement observability strategies that capture both operational health and output quality. According to Gartner research, organizations deploying AI in production face significant challenges with monitoring and debugging, with many lacking visibility into model behavior after deployment. For security applications where AI outputs influence containment decisions, analyst workflows, and threat detection, comprehensive observability is not optional—it’s a critical control that enables safe and effective AI operations.

Why AI Observability Differs from Traditional Monitoring

Traditional application monitoring focuses on deterministic systems where the same input produces the same output. Metrics like latency, error rates, and throughput provide comprehensive visibility because failures manifest as measurable deviations from expected behavior. AI systems break these assumptions in fundamental ways that require new observability approaches. Non-determinism means that identical inputs can produce different outputs across invocations. Temperature settings, model updates, and even infrastructure variations introduce variability that makes traditional regression testing insufficient. Observability must capture output distributions rather than expecting exact matches. Quality subjectivity introduces measurement challenges that don’t exist in traditional systems. Whether an AI-generated threat analysis is “correct” depends on context, analyst expertise, and organizational standards. Observability must incorporate human feedback loops and automated quality scoring to assess output quality at scale. Cost variability creates operational concerns unique to token-based AI systems. A single complex query might cost 100x more than a simple one, and costs can spike unexpectedly due to prompt changes, context expansion, or increased query volume. Traditional resource monitoring doesn’t capture these dynamics. Chain complexity in agentic systems creates debugging challenges that exceed traditional distributed tracing. An AI agent might make multiple LLM calls, invoke external tools, retrieve context from vector databases, and make branching decisions—all within a single user request. Observability must capture this entire workflow with sufficient detail for debugging. Semantic failures represent a category of errors invisible to traditional monitoring. An AI system might return a well-formed JSON response with 200ms latency and no exceptions, yet contain a hallucinated CVE that doesn’t exist or a severity rating that contradicts the evidence. Observability must assess semantic correctness, not just technical success.

Performance Monitoring

Performance monitoring for AI systems extends beyond traditional latency and throughput metrics to capture the unique characteristics of LLM inference. Security operations have specific performance requirements—real-time alert triage demands low latency, while batch threat analysis can tolerate longer processing times. Understanding these metrics enables capacity planning, SLA management, and performance optimization.

Latency Metrics

Latency in AI systems has multiple components that traditional monitoring often conflates. Decomposing latency into its constituent parts enables targeted optimization and accurate SLA tracking. Time to first token (TTFT) measures how quickly the model begins generating output after receiving a request. For streaming applications where analysts see responses as they’re generated, TTFT directly impacts perceived responsiveness. Security dashboards displaying AI-generated summaries benefit from low TTFT even if total generation time is longer. Typical targets range from 200-500ms for interactive applications. Total response time captures the complete duration from request submission to final token generation. This metric matters for synchronous workflows where downstream processing waits for complete responses. Alert enrichment pipelines, for example, need complete AI outputs before proceeding. Simple queries should complete in under 5 seconds, while complex analysis may require 30 seconds or more. Token generation rate indicates how quickly the model produces output tokens after the first token. This metric varies significantly by model, provider, and current load. Monitoring generation rate helps identify provider degradation or capacity constraints before they impact user experience. Chain latency measures end-to-end time for multi-step AI workflows. An agentic system might make multiple LLM calls, retrieve context, and invoke tools—chain latency captures this complete workflow. For security applications, chain latency often matters more than individual call latency because it reflects actual analyst wait time.

Throughput and Capacity Planning

Throughput monitoring ensures AI systems can handle expected query volumes while maintaining performance. Security operations often experience variable load—quiet periods punctuated by incident-driven spikes that can overwhelm under-provisioned systems. Requests per second tracks query volume over time, enabling trend analysis and capacity planning. Security teams should correlate AI query volume with security events to understand demand patterns. A major incident might increase AI-assisted investigation queries by 10x or more. Concurrent request limits vary by provider and tier. OpenAI, Anthropic, and other providers impose rate limits that can throttle high-volume applications. Monitoring concurrent requests against limits prevents unexpected throttling during critical operations. Queue depth and wait time indicate when demand exceeds capacity. Growing queues suggest the need for additional capacity, request prioritization, or load shedding. For security applications, queue monitoring should trigger alerts before backlogs impact incident response timelines.

Quality Monitoring

Quality monitoring addresses the fundamental challenge of AI observability—determining whether outputs are correct, not just whether the system is running. For security applications, quality failures can have serious consequences: missed threats, false positive floods, or dangerous automated actions. Continuous quality monitoring enables early detection of degradation before it impacts operations.

Understanding Quality Dimensions

Quality in AI systems is multidimensional, and different applications prioritize different dimensions. Security teams must define quality metrics aligned with their specific use cases and establish baselines against which to measure ongoing performance. Relevance measures whether outputs address the actual query. An AI system asked to analyze a phishing email should discuss that specific email, not provide generic phishing guidance. Relevance failures often indicate prompt issues or context retrieval problems in RAG systems. Accuracy assesses factual correctness of AI outputs. For security applications, this includes verifying that referenced CVEs exist, IOCs are valid, and MITRE ATT&CK mappings are correct. Accuracy monitoring requires ground truth data or external validation against authoritative sources. Completeness evaluates whether outputs include all required elements. A threat analysis should include IOC extraction, severity assessment, and recommended actions. Incomplete outputs may indicate prompt issues, context limitations, or model capability gaps. Consistency measures whether similar inputs produce similar outputs. While some variation is expected due to model non-determinism, wildly inconsistent responses to similar queries indicate instability that undermines analyst trust. Safety ensures outputs don’t contain harmful content, policy violations, or dangerous recommendations. Safety monitoring is particularly critical for AI systems that can trigger automated containment actions or influence security decisions.

Quality Evaluation Approaches

Evaluating AI quality at scale requires automated approaches that can assess large volumes of outputs without manual review of every response. Multiple evaluation strategies provide complementary perspectives on quality. LLM-as-judge uses a separate LLM to evaluate outputs against defined criteria. This approach scales well and can assess subjective quality dimensions like helpfulness and clarity. The evaluator model should typically be as capable as or more capable than the model being evaluated. OpenAI’s evaluation guidance provides implementation patterns. Human feedback integration captures analyst assessments of AI outputs during normal workflows. Simple thumbs up/down ratings, correction tracking, and explicit feedback forms provide ground truth quality signals. This feedback should flow into quality dashboards and inform prompt improvements. Regression testing compares current outputs against historical baselines. When prompts, models, or configurations change, regression tests verify that quality hasn’t degraded. Maintaining a golden dataset of representative queries with expected outputs enables systematic regression detection. A/B testing compares quality across prompt variations, model versions, or configuration changes. Before deploying changes to production, A/B tests quantify quality impact. For security applications, A/B testing should include safety-critical scenarios to catch potential regressions.

Drift Detection

Model and prompt drift can silently degrade AI quality over time. Provider model updates, changing data distributions, and evolving threat landscapes can all cause drift that observability must detect. Output distribution monitoring tracks statistical properties of outputs over time. Changes in average response length, confidence score distributions, or classification ratios may indicate drift. Significant deviations from baseline distributions should trigger investigation. Embedding drift monitors whether output embeddings shift over time. If outputs for similar queries cluster differently than historical baselines, semantic drift may be occurring. Tools like Arize Phoenix and Langfuse provide drift detection capabilities. Performance correlation identifies when quality metrics diverge from historical patterns. If accuracy scores decline while latency remains stable, something has changed in model behavior rather than infrastructure. Correlating quality metrics with operational metrics helps isolate root causes.

Cost Monitoring

Cost monitoring is uniquely important for AI systems due to token-based pricing models where costs scale with usage in ways traditional infrastructure doesn’t. A single complex security analysis might cost dollars rather than fractions of a cent, and costs can spike unexpectedly due to prompt changes, context expansion, or increased query volume. Effective cost monitoring enables budget management, optimization prioritization, and cost allocation across teams.

Understanding AI Cost Drivers

AI costs derive primarily from token consumption, with different models and providers offering vastly different price-to-capability ratios. Understanding cost drivers enables informed decisions about model selection, prompt optimization, and architecture choices. Input tokens include system prompts, user queries, and any context provided to the model. For RAG-based security applications, retrieved context often dominates input token counts. A threat analysis system pulling multiple threat intelligence reports might consume 10,000+ input tokens per query. Output tokens are typically more expensive than input tokens (often 2-4x) and vary based on response length requirements. Security applications requesting detailed analysis naturally generate more output tokens than those requesting simple classifications. Model selection dramatically impacts costs. Frontier models like GPT-4 and Claude Opus cost 10-50x more per token than capable smaller models. Many security tasks can use smaller models effectively, reserving expensive models for complex analysis. Caching can significantly reduce costs for repeated queries or shared context. OpenAI’s prompt caching and Anthropic’s caching reduce costs when prompts share common prefixes.

Cost Attribution and Governance

Tracking costs across multiple dimensions enables optimization targeting and budget accountability. Without granular cost attribution, teams cannot identify optimization opportunities or manage departmental budgets. By model attribution reveals which model choices drive costs and whether expensive models are necessary for specific use cases. If 80% of costs come from GPT-4 calls but most are simple classifications, model routing could reduce costs significantly. By workflow attribution identifies which AI-powered features consume the most resources. Investigation assistants might cost more per session than alert triage due to longer conversations and more context retrieval. By team or use case attribution enables cost allocation and budget management. Security operations, threat intelligence, and incident response may have separate budgets requiring distinct tracking. By query type attribution reveals cost patterns that inform optimization. Complex threat analyses might cost 100x simple lookups, suggesting different caching or model strategies for different query types.

Budget Controls

Proactive cost controls prevent unexpected spending while maintaining service availability for critical operations. Usage limits can cap spending at team, user, or application levels. Limits should be set with buffer for incident-driven spikes while preventing runaway costs from bugs or abuse. Alerting thresholds notify teams when spending approaches limits or anomalous patterns emerge. Early warning enables investigation before limits are reached. Tiered access reserves expensive models for use cases that require them, routing simpler queries to cost-effective alternatives. This maintains capability while optimizing spend.

Tracing and Debugging

Tracing captures the complete execution path of AI requests, enabling debugging, auditing, and optimization. Unlike traditional application tracing where request flow is deterministic, AI traces must capture non-deterministic model behavior, multi-step reasoning, and dynamic tool invocation.

What to Capture in AI Traces

Comprehensive traces enable both real-time debugging and post-hoc analysis. The value of tracing compounds over time as teams build understanding of system behavior patterns. Prompts and completions form the foundation of AI tracing. System prompts, user inputs, and model outputs should be captured with timestamps for every LLM call. For security applications, this creates an audit trail of AI reasoning. Chain execution steps reveal how multi-step workflows progress. Agent systems may make decisions, invoke tools, retrieve context, and iterate—traces should capture each step with inputs, outputs, and timing. Tool and function calls document external integrations. When AI systems query threat intelligence APIs, check asset databases, or invoke SOAR playbooks, traces should capture these interactions including parameters and responses. Retrieval operations are critical for RAG-based systems. Traces should capture what context was retrieved, relevance scores, and which documents influenced the response. This enables debugging of context quality issues. Decision points and reasoning capture agent logic. When AI systems make branching decisions, traces should document the choice made and the reasoning, enabling analysis of decision quality.

Debugging Workflows

Effective debugging workflows leverage comprehensive traces to quickly identify and resolve issues. Replay capability allows re-execution of queries with captured context to reproduce issues. This is essential for debugging intermittent problems or investigating reported failures. Step-through analysis examines each chain step to identify where issues originate. A trace might reveal that accurate retrieval produced irrelevant context, or that correct context led to incorrect conclusions. Comparison views enable side-by-side analysis of successful and failed executions. Comparing traces helps identify what differs between working and broken cases. Root cause identification traces failures back to their source. A quality issue might stem from prompt changes, context retrieval problems, or model behavior changes—traces provide the evidence to distinguish between causes.

Observability Platform Integration

Dedicated LLM observability platforms provide purpose-built tools for AI debugging and monitoring. These platforms offer trace visualization, quality evaluation, and cost tracking designed for AI systems. LangSmith from LangChain provides integrated tracing for LangChain applications, with playground features for prompt iteration and dataset management for evaluation. Langfuse offers open-source LLM observability with tracing, prompt management, and evaluation capabilities. Self-hosting options provide data control for sensitive security applications. Arize Phoenix focuses on ML observability including embeddings visualization, drift detection, and LLM tracing with enterprise features. Helicone operates as a proxy layer, providing observability without code changes while adding caching and rate limiting capabilities. OpenLLMetry brings OpenTelemetry standards to LLM observability, enabling integration with existing observability infrastructure.

Integration Approaches

Different integration approaches offer trade-offs between implementation complexity, coupling, and capability depth. SDK instrumentation through native library integration provides the richest data but couples applications to specific observability platforms. Frameworks like LangChain include built-in tracing that activates with configuration. Proxy-based approaches route LLM requests through an intermediary that captures traffic. This approach works with any LLM client but adds network latency and creates a potential single point of failure. OpenTelemetry integration leverages standard observability protocols for portability across platforms. OpenLLMetry and similar projects extend OTel for LLM-specific spans and attributes.

Alerting and Incident Response

Effective alerting transforms observability data into actionable notifications that enable rapid response to AI system issues. Alert design for AI systems requires balancing sensitivity with noise reduction—too many alerts desensitize responders, while too few miss critical issues.

Alert Categories

Different alert types serve different operational needs and require different response urgencies. Availability alerts trigger when AI systems become unavailable or unresponsive. Provider outages, rate limit exhaustion, and infrastructure failures manifest as availability issues requiring immediate attention. Performance alerts fire when latency or throughput degrade beyond acceptable thresholds. Slow responses may indicate provider issues, capacity constraints, or configuration problems. Quality alerts notify teams when output quality metrics decline. Accuracy drops, safety violations, or drift detection signals require investigation to prevent operational impact. Cost alerts warn when spending approaches limits or anomalous patterns emerge. Budget protection requires alerts with enough lead time for intervention.

Alert Configuration Best Practices

Alert configuration should reflect operational priorities and response capabilities. Severity tiering ensures critical issues receive immediate attention while minor issues await normal operations. Provider outages might page on-call responders, while quality drift opens tickets for next-business-day review. Alert aggregation reduces noise by grouping related alerts. Multiple quality failures from the same root cause should generate a single notification, not dozens. Runbook links in alerts accelerate response by providing immediate access to troubleshooting procedures. Each alert type should link to relevant diagnostic steps and escalation paths. Escalation paths ensure issues reach appropriate responders if initial contacts don’t respond. Critical AI system failures in security operations may require escalation to security leadership.

Implementation Checklist

Security teams implementing AI observability should address these areas systematically: Metrics Collection
  • Instrument latency tracking at multiple points (TTFT, total, chain)
  • Implement token usage tracking for cost visibility
  • Monitor error rates by type and provider
  • Track throughput against capacity limits
Quality Monitoring
  • Define quality dimensions relevant to your use cases
  • Implement automated evaluation (LLM-as-judge or rule-based)
  • Establish human feedback collection mechanisms
  • Create baseline metrics for drift detection
Tracing
  • Capture prompts and completions for all LLM calls
  • Trace chain execution steps for multi-step workflows
  • Log tool calls and external integrations
  • Record retrieval operations for RAG systems
Cost Governance
  • Implement cost attribution by model, workflow, and team
  • Configure budget alerts and usage limits
  • Establish approval processes for expensive operations
  • Monitor cost trends and optimization opportunities
Alerting
  • Configure availability and performance alerts
  • Establish quality degradation thresholds
  • Set up cost anomaly detection
  • Document response runbooks for each alert type

Common Pitfalls

Teams implementing AI observability frequently encounter these challenges: Over-instrumenting initial deployments creates overwhelming data volumes before teams know what matters. Start with essential metrics and expand based on operational learning. Ignoring quality monitoring because it’s harder than performance monitoring leaves teams blind to the most important dimension of AI behavior. Prioritize quality observability from the start. Treating AI like traditional applications misses the unique observability requirements. Traditional APM tools don’t capture quality, cost, or semantic correctness without extension. Alerting on every metric generates noise that desensitizes responders. Focus alerts on actionable issues with clear response procedures. Neglecting trace retention limits debugging capability for issues discovered after the fact. Establish retention policies that balance storage costs with investigation needs. Separating observability from evaluation creates blind spots. Observability platforms and evaluation frameworks should share data and provide integrated views.

References

LLM Provider Documentation

Observability Platforms

OpenTelemetry and Standards

Evaluation and Quality

Research and Best Practices