Security: No AI-Specific Security Event Logging or Anomaly Detection

[BenjaminMichaelis]

Summary

There is no structured security event logging for AI-agent-specific activity: tool calls made by the model, per-session token cost, injection attempt signals, or anomalous request patterns. Standard ASP.NET logging captures errors and rate-limit rejections, but there are no AI-specific audit trails or anomaly thresholds.

Affected Code

EssentialCSharp.Chat.Shared/Services/AIChatService.cs — tool calls execute without any log entries:

var toolResult = await mcpClient.CallToolAsync(
    functionCallItem.FunctionName,
    arguments: arguments,
    cancellationToken: cancellationToken);
// ← no log: which tool, which user, what arguments, what result status

EssentialCSharp.Web/Controllers/ChatController.cs — only error/cancellation paths are logged; successful completions are silent:

[LoggerMessage(Level = LogLevel.Debug, Message = "Chat stream cancelled for user {User}")]
private static partial void LogChatStreamCancelled(...);
// No log for: successful requests, tokens used, tools invoked

Risk

OWASP AI Agent Security — §6 Monitoring & Observability

Without structured AI activity logs:

• Prompt injection attacks succeed silently — no alert triggers when the model suddenly calls unexpected tools or generates out-of-scope content.
• Cost anomalies go undetected — a user triggering 10 tool-call iterations per request at 15 requests/min generates significant Azure OpenAI spend with no alerting.
• Forensics are impossible after a security incident — there is no record of what the model was asked or what it returned.
• Abuse patterns are invisible — users probing for jailbreaks generate no security signal.

Recommended Mitigations

1. Log every tool call with user ID, tool name (sanitized), result status, and depth:

   _Logger.LogInformation(
       "AI tool call: user={UserId} tool={ToolName} depth={Depth} status={Status}",
       userId, toolName, toolCallDepth, resultStatus);

2. Log prompt enrichment — note when vector search was used and how many chunks were injected (not the content itself).
3. Emit Application Insights custom events for AI interactions (already using Azure Monitor OpenTelemetry):

   _telemetryClient.TrackEvent("AIChatCompletion", new Dictionary<string, string> {
       ["UserId"] = userId,
       ["ToolCallCount"] = toolCallCount.ToString(),
       ["EnabledContextualSearch"] = enableContextualSearch.ToString()
   });

4. Set an alert in Azure Monitor when a single user exceeds N tool-call iterations in a rolling window.
5. Redact prompt content before logging (do not log raw user messages or AI responses — log metadata only).

References

• OWASP AI Agent Security Cheat Sheet — §6 Monitoring & Observability