diff --git a/content/en/security/_index.md b/content/en/security/_index.md index 0d632341964..711b4cee93c 100644 --- a/content/en/security/_index.md +++ b/content/en/security/_index.md @@ -109,6 +109,7 @@ Datadog Security includes: - [Code Security](#code-security) - [Cloud Security](#cloud-security) - [App and API Protection](#app-and-api-protection) +- [AI Guard](#ai-guard) - [Workload Protection](#workload-protection) - [Sensitive Data Scanner](#sensitive-data-scanner) @@ -152,6 +153,12 @@ Datadog [App and API Protection (AAP)][1] provides observability into applicatio {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}} +## AI Guard + +[AI Guard][35] inspects, blocks, and governs AI behavior in real time. It sits inline with your AI app or agent to protect against prompt injection, jailbreaking, and sensitive data exfiltration attacks, using Prompt Protection, Tool Protection, and Sensitive Data Protection. These protections work for any target AI model, including OpenAI, Anthropic, Bedrock, VertexAI, and Azure. + +{{< img src="security/ai_guard/ai_guard_detection_rules_1.png" alt="AI Guard Detection Rules Explorer" width="100%">}} + ## Workload Protection [Workload Protection][26] monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads. @@ -205,3 +212,4 @@ After you [set up Sensitive Data Scanner][25], use the {{< ui >}}Findings{{< /ui [32]: /security/workload_protection/workload_security_rules [33]: /security/notifications/ [34]: /security/workload_protection/security_signals +[35]: /security/ai_guard/ diff --git a/content/en/security/ai_guard/onboarding.md b/content/en/security/ai_guard/onboarding.md index 2878b3ca50a..af212b5ab5d 100644 --- a/content/en/security/ai_guard/onboarding.md +++ b/content/en/security/ai_guard/onboarding.md @@ -70,6 +70,7 @@ Use the Playground to: - Verify that AI Guard correctly detects prompt injection, jailbreaking, or unsafe tool calls. - Tweak the evaluation sensitivity threshold and see how it affects detection results. You can then adjust the threshold in AI Guard's [evaluation sensitivity][20] settings. - Test sensitive data scanning on your conversations. +- Add [evaluation context][22] to a conversation to see how it affects false positives, before applying that context to a service's policy. - Share evaluation results with your team during development. ## Further reading @@ -86,3 +87,4 @@ Use the Playground to: [19]: https://app.datadoghq.com/security/ai-guard/playground [20]: /security/ai_guard/setup/#evaluation-sensitivity [21]: /security/ai_guard/setup/sdk/ +[22]: /security/ai_guard/setup/#evaluation-context diff --git a/content/en/security/ai_guard/setup/_index.md b/content/en/security/ai_guard/setup/_index.md index abdd3039292..3a02deeb9c9 100644 --- a/content/en/security/ai_guard/setup/_index.md +++ b/content/en/security/ai_guard/setup/_index.md @@ -85,6 +85,7 @@ AI Guard provides settings to control how evaluations are enforced, how sensitiv On the {{< ui >}}Security{{< /ui >}} > {{< ui >}}AI Guard{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > [{{< ui >}}Services{{< /ui >}}][6] page, you can configure policies that determine what actions AI Guard should take when it detects unsafe content. For each policy, you determine: - [{{< ui >}}Enforcement mode{{< /ui >}}](#blocking-policy): Monitor only, or block unsafe requests - [{{< ui >}}Sensitive data detection{{< /ui >}}](#sensitive-data-scanning): Whether AI Guard should flag sensitive data when it detects it +- [{{< ui >}}Evaluation context{{< /ui >}}](#evaluation-context): Additional information about the service that AI Guard uses during evaluation to reduce false positives Beside {{< ui >}}Default policy{{< /ui >}}, click {{< ui >}}Edit{{< /ui >}} to set AI Guard's default behavior. To override the default behavior, click {{< ui >}}Add Service Policy{{< /ui >}}, select the service and environment you want your override to apply to, then configure the more specialized policy. @@ -104,6 +105,8 @@ AI Guard can detect personally identifiable information (PII) such as email addr When enabled, AI Guard scans the last message in each evaluation call, including user prompts, assistant responses, tool call arguments, and tool call results. Findings appear on APM traces for visibility. Sensitive data scanning is detection-only; findings do not independently trigger blocking. +By default, AI Guard scans for a standard set of secrets, such as AWS keys and Datadog API keys. To customize which [scanning rules][14] AI Guard uses, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}Sensitive Data Scanner{{< /ui >}} > {{< ui >}}Configuration{{< /ui >}} > [{{< ui >}}AI Guard{{< /ui >}}][15], where you can enable or disable individual rules, and create scanning groups with custom rules, scoped specifically to AI Guard evaluations. + ### Block specific tools You can configure AI Guard to block requests for specific tools, for specific services and environments. To do so, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}AI Guard{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > [{{< ui >}}Tool Blocklist{{< /ui >}}][8]. Click {{< ui >}}Add Tool Blocking Configuration{{< /ui >}}, select the service, environment, and tool, and choose whether AI Guard should follow the default service policy or block all requests for the tool. @@ -116,10 +119,26 @@ Evaluation sensitivity is a value between 0.0 and 1.0, with a default of 0.5. - A **lower** value **increases** sensitivity: AI Guard flags threats even when the confidence is low, surfacing more potential attacks but also more false positives. - A **higher** value **decreases** sensitivity: AI Guard only flags threats when the confidence is high, reducing noise but potentially missing some attacks. +### Add evaluation context {#evaluation-context} + +You can give AI Guard additional context about a service, such as its purpose and the type of data it processes. AI Guard uses this context during evaluation to better distinguish legitimate agent behavior from genuine threats, which helps reduce false positives. + +To add evaluation context for a service, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}AI Guard{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > [{{< ui >}}Services{{< /ui >}}][6]. Click {{< ui >}}Edit{{< /ui >}} beside the default policy, or add or edit a service policy, then enter your context in the {{< ui >}}Evaluation context{{< /ui >}} field (up to 1,000 characters). For example: + +```text +This is a fintech app. Requests to query account balances or initiate transfers are expected and authorized. +``` + +As with the [blocking policy](#blocking-policy), evaluation context follows the same precedence, with more specific settings taking priority: organization-wide, per environment, per service, then per service and environment. + +Use the [AI Guard Playground][19] to test how evaluation context affects the outcome of an evaluation before applying it to a service. The Playground has its own {{< ui >}}Evaluation Context{{< /ui >}} field that applies only to the conversation you're testing, so you can experiment without changing any service policy. Import an existing payload into the Playground, then add evaluation context to see how it changes the evaluation result. + ### Add context with your system prompt {#system-prompt-context} AI Guard evaluates the full conversation, including your system prompt, when assessing threats. Adding context about your agent's purpose, the data it handles, and the tools it is authorized to use helps AI Guard distinguish legitimate operations from genuine threats—reducing false positives without reducing security coverage. +
To add this kind of context without modifying your application code, use the Evaluation context field in your service settings instead.
+ #### What to include In your system prompt, describe: @@ -173,3 +192,6 @@ To restrict access to AI Guard spans for specific users, you can use [Data Acces [11]: /security/ai_guard/setup/manual_integrations/ [12]: /security/ai_guard/setup/sdk/ [13]: /security/ai_guard/setup/http_api/ +[14]: /security/sensitive_data_scanner/scanning_rules/ +[15]: https://app.datadoghq.com/sensitive-data-scanner/configuration/ai-guard +[19]: https://app.datadoghq.com/security/ai-guard/playground diff --git a/content/en/security/sensitive_data_scanner/setup/_index.md b/content/en/security/sensitive_data_scanner/setup/_index.md index 4ff2e4c58fd..41f16afeb25 100644 --- a/content/en/security/sensitive_data_scanner/setup/_index.md +++ b/content/en/security/sensitive_data_scanner/setup/_index.md @@ -27,6 +27,7 @@ Set up Sensitive Data Scanner for each data source you want to scan. Each source - **Agent Observability data:** Scan LLM traces, prompts, and completions. Configure scanning from the [Agent Observability Settings page][3]. - **Cloud storage data:** Scan your Amazon S3 buckets and RDS instances. See [Cloud Storage][2] for setup instructions. - **Code repositories:** Detect exposed secrets in your source code. See [Secret Scanning][4] for setup instructions. +- **AI Guard evaluations:** Scan the conversations AI Guard evaluates for sensitive data such as credentials and PII. Configure scanning rules from the [AI Guard tab][6] of the Sensitive Data Scanner configuration page. ## Further reading @@ -37,3 +38,4 @@ Set up Sensitive Data Scanner for each data source you want to scan. Each source [3]: https://app.datadoghq.com/sensitive-data-scanner/configuration/llm-spans [4]: /security/code_security/secret_scanning/ [5]: /observability_pipelines/processors/sensitive_data_scanner +[6]: https://app.datadoghq.com/sensitive-data-scanner/configuration/ai-guard