Skip to content

AI Security Posture Management

AI Security Posture Management (AI SPM) in AI Center offers CISOs and security teams a holistic view of AI usage within their organization, enabling them to identify risks and enforce security best practices. It supports AI application discovery, allowing teams to monitor where and by whom AI is being used. The dashboard highlights key security metrics, including identified security issues, insights into risky users, and an overall AI Security Posture Score.

Why you need AI SPM

Use AI SPM to:

  • Generate a detailed report on AI use in your repositories, empowering you to develop and execute effective mitigation strategies.
  • Get insights on high-risk users and activities, helping you prioritize your investigation efforts.
  • Visualize AI application usage across the organization to maintain compliance and ensure performance integrity.

How it works

  1. Use AI Discovery integration with GitHub to initiate a scan across all GitHub repositories within the organization to identify AI-related code and determine if the apps are being monitored by Coralogix. For integration details, see GitHub App for AI Discovery.
  2. Once the scan is complete, a summary of all AI projects within the organization is provided.
  3. The AI SPM dashboards are updated with key security and user data, including the total number of AI applications and any security violations. AI SPM also calculates an overall security posture score (ranging from 1 to 100), based on the number of apps monitored by Coralogix and whether they have security evaluations assigned to them.

Access AI SPM

  1. In the Coralogix UI, navigate to AI Center, then AI SPM.
  2. Use the time picker to select the desired time interval for metrics collection.

Discover new AI apps

Scan your GitHub repositories to identify all AI-related code.

  1. Ensure you have organization-wide GitHub access permissions. Only users with this level of access can initiate app discovery.

  2. In the AI App Discovery section of the AI SPM page, select Integrate GitHub.

  3. The system scans all GitHub repositories within your organization.

  4. Once the scan is complete, the list of discovered AI apps is displayed in the AI App Discovery section.

The following details are available for discovered apps:

  • Discovered AI Apps — Total number of AI apps identified during the scan.
  • Unmonitored AI Apps — The percentage of discovered AI apps not yet integrated for monitoring.
  • Monitored AI Apps — The percentage of discovered and monitored AI apps.
  • Total AI Calls — The total number of LLM calls made by each detected AI application.
  • Repository — The GitHub repository containing the discovered AI apps.
  • AI Libraries — The AI libraries utilized by the discovered AI apps.
  • Languages — The programming languages in which the discovered AI apps are written.
  • AI Calls — The total number of calls made by all monitored AI apps within the repository.
  • Monitored — Indicates whether the AI repository is currently monitored by Coralogix.

Totals

This section includes the following counters:

  • Total AI Applications — The total number of discovered AI apps (monitored and unmonitored).
  • Total Security Violations — The total number of security violations recorded across all monitored apps.
  • AI Security Posture Score — A calculated score based on two factors:
  • 50 points if all the user's applications, including those discovered in AI discovery, are monitored by Coralogix.
  • 50 points if all applications have at least one security policy.

For example, if 1 out of 7 applications lacks a security policy, the user's score is reduced proportionally, rather than losing the full 50 points.

Security issues over time

Visualize your application usage, displaying the total number of LLM calls (prompts and responses) and the call count flagged for security issues.

  • Total LLM Calls — The total LLM calls (prompts and responses) across all monitored applications.
  • Prompt Issues — The total number of prompts that contain issues.
  • Response Issues — The total number of responses that contain issues.

AI SPM showing security issues over time with LLM call volume and flagged prompt and response counts

The Security Issues chart overlays total LLM call volume with the number of flagged prompts and responses, making it easy to see whether security issues are growing relative to overall usage.

User insights

Gain a clear overview of user data and trends, making it easy to compare app users and identify high-cost, high-spend, and high-risk profiles.

  • High-Activity Users — Top 5 users who sent the most messages in the application, including the total number of messages sent.
  • High-Spending Users — The top 5 users with the highest spending, including their total spend.
  • Risky Users — The top 5 users with the most security-related issues detected in their messages.

Note

This capability is available only if the optional User ID parameter is provided during the AI Observability setup.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Code Agents Observability
Next Pricing