Observability / Distributed Tracing
FR EN

Observability

Distributed Tracing

Distributed tracing: follow a request end-to-end across agents, tools and models.

Plane
Observability
Flow steps
9
Frameworks
NIST 800-53

Technology

Why use it

Link the steps of one request across all components to understand the full path.

Why it matters to security

Essential to reconstruct an agentic attack: who called what, in which order, with which data.

Implementations OpenTelemetry tracesJaegerTempoLLM-specific tracing (Langfuse)

An agentic attack is understood in the trace, not in an isolated log.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Correlation ID propagated end-to-end.
    NIST 800-53 AU-3
    One ID follows the request across all hops.
  • Tracing of inter-component calls.
    NIST 800-53 AU-12
    Each hop (agent, tool, model) is recorded.
  • Trace retention.
    NIST 800-53 AU-11
    Traces are available for investigation.

Enterprise

Enterprise standard
  • Tracing of agent reasoning and tool calls.
    NIST 800-53 AU-3 · AU-2
    You see the agent’s chain of decisions and actions.
  • Trace ↔ PDP-decision correlation.
    NIST 800-53 AU-10
    Each action is tied to the verdict that allowed it.
  • Sampling that preserves security events.
    NIST 800-53 AU-12
    You never lose a trace tied to an incident.

Advanced

High-assurance / regulated
  • Anomaly detection on execution paths.
    NIST 800-53 SI-4
    An unusual agent path is spotted.
  • Full incident reconstruction from traces.
    NIST 800-53 AU-6
    Replay the exact sequence of an attack.
  • Protected, tamper-proof traces.
    NIST 800-53 AU-9
    An attacker cannot erase their tracks.

Architecture notes

  • Trace the agent’s reasoning, not just its network calls.details ▸
    The attack hides in the chain of decisions.
    Capture the plan, tools called and PDP decisions in a single correlated trace.

References

NIST SP 800-53 Rev5
AU-2, AU-3 (Content), AU-6 (Review), AU-9 (Protection), AU-10 (Non-repudiation), AU-11, AU-12, SI-4.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone