Jump to pattern

Detection Requires Knowing What to Look For

Why comprehensive logging enables forensics but requires analysis capability

The Conventional Framing

Audit logging records all significant actions and decisions in LLM systems— inputs, outputs, tool calls, decisions, and context. This enables detection of attacks and forensic analysis after incidents.

The pattern is foundational for security monitoring and incident response.

Why Logging Is Necessary but Not Defensive

Logs are passive. They record what happened; they don't prevent it. A comprehensive log of a successful attack is valuable for forensics but the attack still succeeded.

Real-time detection requires analysis capability—and analyzing LLM interactions for attacks is itself a challenging problem. You need to know what attacks look like to find them in logs.

The analysis challenge:

What does a prompt injection attack look like in logs? It's text that looks like other text. Distinguishing "user asking legitimate question" from "user injecting malicious instructions" requires sophisticated analysis.

Architecture

Components:

Input logging— record all inputs with context
Output logging— record all outputs
Decision logging— record model decisions and reasoning
Action logging— record tool calls and effects

Trust Boundaries

Log entry: { timestamp: "2024-01-15T10:30:00Z", user_id: "user_123", input: "Summarize this document: [document content...]", output: "Here's the summary...", tool_calls: [{name: "send_email", args: {...}}], tokens: 1500 } Question: Is this normal or an attack? The log doesn't tell you. Analysis does.

System → Log — what gets logged
Log → Storage — secure, immutable storage
Log → Analysis — turning data into detection

Threat Surface

Threat	Vector	Impact
Log injection	Include content that corrupts or manipulates logs	Logs become untrustworthy or misleading
Log overflow	Generate massive amounts of log data	Real attacks hidden in noise, storage exhaustion
Analysis gap	Attacks that don't match detection patterns	Logged but not detected
Log access	Logs may contain sensitive data	Log storage becomes exfiltration target

The ZIVIS Position

•
Log everything, but that's step one.Comprehensive logging enables detection and forensics. But logs without analysis are just storage costs.
•
Structure for analysis.Design log format for searchability and analysis. Unstructured logs are hard to query at scale.
•
Protect log integrity.Logs are useless if attackers can modify them. Write-once storage, separate credentials, integrity verification.
•
Build detection capability.Invest in analysis tooling and expertise. Logs are raw material; detection is the product.

What We Tell Clients

Audit logging is essential but doesn't provide real-time defense. It enables you to understand what happened—after it happened.

Invest equally in logging and analysis capability. Structured logs that nobody analyzes provide forensic value but not detection. Build both.

Related Patterns

Canary Tokens— active detection via embedded triggers
Human in the Loop— human review as real-time detection