Your monitoring watches performance. It should also watch for an attack

Almost half of organizations running agents had a security incident last year. Most of their dashboards were not even looking for one.

B

Balagei G Nagarajan

3 MIN READ


A dashboard with green performance metrics next to a hidden panel of unmonitored security signals
None of that shows up as a latency spike or a failed task.
— from “Your monitoring watches performance. It should also watch for an attack”

Key facts.

  • 53% of organizations reported agent scope violations and nearly half reported an agent security incident in the past year (CSA, 2025).
  • Security signals for agents include anomalous tool use, unexpected resource access, permission-check failures, and behavior shifts after ingesting untrusted content.
  • Performance metrics (latency, cost, success) do not detect an attack, so security telemetry has to be a separate, deliberate stream.

What does an attack look like in the telemetry?

It looks like the agent doing something out of character: calling a tool it never calls, accessing a resource outside its pattern, or taking a burst of actions right after it read an external document. None of that shows up as a latency spike or a failed task. You have to watch for the behavioral deviation specifically. The same way security operations centers watch for anomalous logins, agent monitoring has to watch for anomalous agent behavior, with the agent's own normal pattern as the baseline.

Heatmap of agent behaviors over time with an anomalous tool-use spike highlighted as a security event

Performance-only vs. security-aware monitoring

Performance-onlySecurity-aware
Latency, cost, success ratePlus anomalous tool use and access
Attack looks normalAttack shows as a behavior deviation
Incident found after the damageIncident flagged as it unfolds

VibeModel's Pattern Intelligence Layer is behavioral by nature, so security monitoring is built in: we learn the agent's normal pattern and flag the deviations that signal an attack, the unexpected tool call, the post-ingestion action burst. You keep your performance dashboards; we add the stream that catches the incident half your peers already had.

Frequently asked questions

If the underlying model improves, can we just rely on our existing monitoring?
Latency dashboards miss the attack 53% already hit, and a stronger model won't surface it: Crescendo builds across ordinary turns on GPT-4 and Gemini, a slow signal to watch. (CSA, 2025)

Can my existing observability do this?
Partly. It captures traces, but it is tuned for performance. You need agent behavioral baselines to turn those traces into security signals.

What is the highest-value signal?
A behavior shift right after the agent ingests untrusted content. That is the fingerprint of a working injection.


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.