AI Violations
AI Violations is the results view for your AI Guardrails — every sensitive-data and safety detection found in your AI traffic, in one searchable list. It answers "what did we detect, in which agent, and in which trace?"
ℹ
Enterprise feature. Open it from AI Governance → AI Violations. What appears here is governed by your AI Guardrails configuration — enable a category there for it to show up here.
What a violation is
A violation is a single detection raised by a guardrail against a trace. Each one records:
- The detection type (PII / PCI / PHI / Ethics & Bias / Safety)
- The detected entities — the specific values found (e.g. an email, a card number, a jailbreak phrase)
- A severity
- The agent and the trace it came from
- A timestamp
Detection types
| Type | What it flags |
|---|---|
| PII | Personally identifiable information — names, emails, phones, SSNs, addresses |
| PCI | Payment card information — card numbers, expiry, CVV |
| PHI | Protected health information (HIPAA) — medical records, diagnoses, medications |
| Ethics & Bias | Discriminatory or biased language and stereotyping |
| Safety | Jailbreak / prompt-injection attempts and unsafe content (categories S1–S14) |
Reviewing violations
- Filter by detection type — view one category or several at once (PII + PCI + PHI + Ethics + Safety).
- Filter by agent and time range.
- Search by entity value — find every violation containing a specific value.
- Drill in — open a violation to see the detected entities, their severity, and the source.
- Trace back — jump from a violation to the full trace in Observability to see the surrounding agent execution.
Acting on violations
- Export the violation log (with entities, timestamps, agent, and trace IDs) for your audit trail.
- Route high-severity detections to PagerDuty so your on-call/security team is paged automatically — configured in AI Guardrails.
- Tune detection — if you see false positives, raise the confidence threshold for that category in Guardrails; if you're missing detections, lower it.
⚠
Violations can contain the actual sensitive values that were detected (that's what makes them actionable). Treat this view as sensitive: restrict it via Roles & Access and handle exports accordingly.
Next steps
- AI Guardrails — configure which detections run and how sensitively.
- Risk Dashboard — detections feed each agent's risk score.
- Compliance — detection coverage is part of your governance evidence.