Observability

Anomaly & Abuse Detection

Anomaly and abuse detection: spot deviant behavior of users, agents and models.

Plane

Observability

Flow steps

Frameworks

NIST 800-53 · OWASP LLM10 · NIST AI 600-1

Technology

Why use it

Detect what static rules miss: abnormal usage, abuse, agent behavior drift.

Why it matters to security

Catches unknown attacks and slow abuse (quiet exfiltration, abnormal consumption) no signature covers.

Implementations UEBAML anomaly detectioncost/consumption analyticsFalco

Novel attacks match no signature: you must detect the anomaly, not only the known.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline

Monitoring of key indicators (throughput, errors, cost).
NIST 800-53 SI-4

Basic metrics already reveal a lot of abuse.
Alert thresholds on abnormal consumption.
NIST 800-53 SI-4OWASP LLM10:2025

Out-of-norm consumption signals abuse or runaway loops.
Regular log review.
NIST 800-53 AU-6

Human analysis complements automated detection.

Enterprise

Enterprise standard

Behavioral baselines.
NIST 800-53 SI-4

Compare current behavior to a learned norm.
AI-specific abuse detection (repeated jailbreak).
NIST AI 600-1 MS-2.7-009

Repeated bypass attempts are spotted.
Risk scoring feeding the PIP.
NIST 800-53 RA-3

The anomaly score becomes a decision signal for the PDP.

Advanced

High-assurance / regulated

Adaptive behavioral detection (UEBA).
NIST 800-53 SI-4

The detection model continuously learns new usage.
Multi-signal identity/data/agent correlation.
NIST 800-53 SI-4 · AU-6

A cluster of weak signals reveals a sophisticated attack.
Remediation loop wired to SOAR.
NIST AI 600-1 MG-4.1-002

A confirmed anomaly triggers an automated response.

Architecture notes

Watch cost as a security signal.details ▸

A consumption drift often betrays abuse or an agent loop.

Feed cost/token metrics into anomaly detection, not just financial reporting.

References

NIST SP 800-53 Rev5

SI-4 (System Monitoring), AU-6 (Analysis), RA-3 (Risk Assessment).

OWASP LLM10:2025

Unbounded Consumption — abuse detection is a key facet.

NIST AI 600-1

MS-2.7-009 (attack tracking), MG-4.1 (remediation).

Abbreviations

PDP

Policy Decision Point

PEP

Policy Enforcement Point

PIP

Policy Information Point

PAP

Policy Administration Point

IdP

Identity Provider

TSS

Token Service

NHI

Non-Human Identity

RBAC

Role-Based Access Control

ABAC

Attribute-Based Access Control

MFA

Multi-Factor Authentication

HITL

Human-in-the-loop

JIT

Just-In-Time

CAE

Continuous Access Evaluation

CAEP

Continuous Access Evaluation Profile

DPoP

Demonstrating Proof-of-Possession

mTLS

mutual TLS

PII

Personally Identifiable Information

KMS

Key Management Service

CI/CD

Continuous Integration / Continuous Delivery

SIEM

Security Information and Event Management

SOAR

Security Orchestration, Automation and Response

SCIM

System for Cross-domain Identity Management

XACML

eXtensible Access Control Markup Language

OPA

Open Policy Agent

OWASP

Open Worldwide Application Security Project

NIST

National Institute of Standards and Technology

ATLAS

Adversarial Threat Landscape for Artificial-Intelligence Systems

LLM

Large Language Model

WAF

Web Application Firewall

CDN

Content Delivery Network

DDoS

Distributed Denial of Service

DLP

Data Loss Prevention

JWT

JSON Web Token

API

Application Programming Interface

CRS

Core Rule Set (OWASP)

RAG

Retrieval-Augmented Generation

MCP

Model Context Protocol

PBAC

Permission-Based Access Control

HSM

Hardware Security Module

UEBA

User and Entity Behavior Analytics

SBOM

Software Bill of Materials

SLSA

Supply-chain Levels for Software Artifacts

WORM

Write Once, Read Many

SPIFFE

Secure Production Identity Framework For Everyone