AI Security
API security
August 28, 2025

What You Don’t Log Will Hurt You

The Importance of Logging AI and API Activity for Real Security

What You Don’t Log Will Hurt You

APIs have become the most targeted attack surface in enterprise environments, and AI (particularly agentic AI) is making it even harder to protect those critical connections. But one of the most often overlooked and misunderstood aspects of a strong AI and API security posture is logging.

Last week, FireTail CEO Jeremy Snyder sat down with John Tobin of Virtual Guardian to discuss the issue in depth, using John’s extensive experience with API logging as a jumping off point. John Tobin has an API security and management background and now heads product and service innovation for the Virtual Guardian.

Drawing from his years of helping companies reduce risk and prevent breaches, John shared meaningful insights, case studies where logging both did and could have prevented breaches, and a breakdown of the 5 W’s of audit logging:

  • What: request details, identifiers, and identity type
  • When: timestamp of when the request occurred
  • Where: IP address, site landed on, and downstream details
  • Why: specifics about the response and what went wrong
  • Who: identity details and additional information

Jeremy layered in his knowledge of AI security, explaining the complications introduced by agentic AI and how to build on knowledge of API security and apply it to AI as well, unifying logging into a single detection workflow for full observability into an organization’s landscape. 

Watch their full discussion below for more details:

Key takeaways from the webinar include:

  • What to log at the API layer for optimal security
  • Lessons from the frontlines of API logging
  • How to identify AI-generated traffic on APIs
  • What patterns signal potential threats
  • Where AI and API observability converge
  • From logging to action: steps you can take today 

We’ve said it before and we’ll say it again- documentation is king. Without logging, you can’t observe or understand your cyber environment and if you can’t see it, you can’t secure it. Don’t be like the organizations in John’s counter-examples. Act today!

FireTail is a great tool for giving you full, centralized audit logs and the observability you need to take control of your AI and API logging. Book a demo now...

Lina Romero

Related posts

FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight
August 9, 2025

FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight

FireTail was one of four startups selected as a finalist in the Black Hat USA 2025 Startup Spotlight Competition. This week was unforgettable and reaffirmed the urgent demand for AI security solutions.

Read more
OWASP LLM Risk #5: Improper Output Handling
August 4, 2025

OWASP LLM Risk #5: Improper Output Handling

As AI attacks increase, it is more important than ever to be aware of risks. The OWASP Top 10 Risks for LLMs is a great jumping off point. In this blog, we’ll be deep-diving the 5th item on the list: Improper Output Handling.

Read more
Startup Spotlight at Blackhat USA 2025
July 8, 2025

Startup Spotlight at Blackhat USA 2025

FireTail has been selected as aone of just four finalists for the Blackhat USA 2025 Startup Spotlight Competition. We're delighted to be taking part and can't wait to showcase how FireTail helps enterprises discover, assess, and secure AI usage while preventing threats like shadow AI, data leaks, and AI-specific attacks.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!