AI Findings

The AI Findings feature in the FireTail platform extends traditional API security by identifying issues and risks arising from interactions with large language models (LLMs) . These findings help monitor the behavior of AI models and ensure outputs adhere to your organization’s safety, compliance, and data privacy standards.

FireTail’s AI Findings help detect threats such as:

• Leakage of sensitive or personally identifiable information (PII)
• Exposure of cloud secrets or API keys in AI-generated responses
• Toxic, harmful, or biased content generation
• Jailbreak attempts and prompt injection vulnerabilities
• Encoded payloads (e.g., Base64, hex) that may hide malicious data

Accessing AI Findings

To view AI-related security issues:

1. Navigate to Posture Management
2. Select the AI Findings tab

You’ll see a categorized view of all AI-related findings, including severity levels, status, tags, model metadata, and detection source.

Filters

Use the filter functionality to narrow down AI findings based on specific criteria:

Add Filter

Click Add Filter to view findings that match your conditions.

Select Field:
Choose from a variety of attributes:

• Finding App
• Finding Action
• Event
• Finding Code
• Finding Type
• Severity
• Status
• Framework
• Collection Version
• Resources
• CVE ID
• CWE ID
• CVSS Score
• Tags

Operator: Choose comparison logic
Value: Enter the matching value.
Click Submit to apply the filter.

Interval

Filter for findings generated within a selected time period.

Download

Click Download to export a CSV file of the AI Findings for further analysis or reporting. Learn more about how to download here.

Finding Severity

Each AI Finding is tagged with a severity level to help prioritize risk:

• Information
• Low
• Medium
• High
• Critical

Change Finding Severity

To update a severity:

1. Click the appropriate finding
2. Use the Severity dropdown to select a new level
3. Click Update on the confirmation screen

Finding Status

The default status of each finding is Open. You can change the status to reflect how the issue is being handled.

• Open – Active and requires review
• Remediated – Issue has been resolved
• Ignored – Deemed non-actionable
• Risk Accepted – Acknowledged but intentionally unaddressed
• False Positive – Incorrectly flagged by the system

Note:
If you mark a finding as Risk Accepted, Ignored, or False Positive, it will not be re-triggered if discovered again. If marked as Remediated, it will reappear if re-detected during future scans.

Change Finding Status

1. Click the Status dropdown
2. Select a new status
3. Click Update on the confirmation screen

Viewing Finding Details

Click on an individual finding to see more information, including:

• Tags
• Date of detection
• Model
• Related logs
• Remediation suggestion

Remediation

Review each finding carefully in the context of your business and security needs. Remediation steps may include:

• Restricting sensitive data in prompt inputs
• Updating model guardrails or safety filters
• Investigating prompt injection patterns
• Reviewing log data for broader impacts