
Key facts.
- 53% of organizations reported agent scope violations and nearly half reported an agent security incident in the past year (CSA, 2025).
- Security signals for agents include anomalous tool use, unexpected resource access, permission-check failures, and behavior shifts after ingesting untrusted content.
- Performance metrics (latency, cost, success) do not detect an attack, so security telemetry has to be a separate, deliberate stream.
What does an attack look like in the telemetry?
It looks like the agent doing something out of character: calling a tool it never calls, accessing a resource outside its pattern, or taking a burst of actions right after it read an external document. None of that shows up as a latency spike or a failed task. You have to watch for the behavioral deviation specifically. The same way security operations centers watch for anomalous logins, agent monitoring has to watch for anomalous agent behavior, with the agent's own normal pattern as the baseline.

Performance-only vs. security-aware monitoring
| Performance-only | Security-aware |
|---|---|
| Latency, cost, success rate | Plus anomalous tool use and access |
| Attack looks normal | Attack shows as a behavior deviation |
| Incident found after the damage | Incident flagged as it unfolds |
VibeModel's Pattern Intelligence Layer is behavioral by nature, so security monitoring is built in: we learn the agent's normal pattern and flag the deviations that signal an attack, the unexpected tool call, the post-ingestion action burst. You keep your performance dashboards; we add the stream that catches the incident half your peers already had.
Frequently asked questions
If the underlying model improves, can we just rely on our existing monitoring?
Latency dashboards miss the attack 53% already hit, and a stronger model won't surface it: Crescendo builds across ordinary turns on GPT-4 and Gemini, a slow signal to watch. (CSA, 2025)
Can my existing observability do this?
Partly. It captures traces, but it is tuned for performance. You need agent behavioral baselines to turn those traces into security signals.
What is the highest-value signal?
A behavior shift right after the agent ingests untrusted content. That is the fingerprint of a working injection.

