AI applications consist of multiple architectural components, such as models, tools, agents, MCP servers, and memory systems that interact with other services through APIs and MCP tools. An AI interaction involves multiple stages:
A user prompt triggers reasoning in an agent
The agent invokes tools through MCP servers
The above tools call APIs or data sources directly
The system returns a response
Because the above interactions involve multiple services and integrations, they expand the attack surface for your application.
Security issues and risks may arise at different points in this workflow. For example, prompts may manipulate model behavior, tools may access sensitive data through APIs, or responses may expose unintended information. These risks require visibility into AI assets, monitoring of runtime activity, and validation of AI endpoint behavior.
AI Security in Traceable provides capabilities to help you manage these risks. It enables you to discover AI assets in your environment, monitor threats targeting AI endpoints, and test AI APIs for potential issues (vulnerabilities). These capabilities extend the existing API security practices to AI-enabled application security and provide visibility into how AI services interact with APIs, tools, and data sources.
Traceable categorizes the AI Security capabilities across modules:
AI Security Dashboard, which helps you view AI assets, monitor associated issues, and analyze overall AI security posture from a centralized view.
AI Discovery (Discovery), which helps you identify AI assets and investigate issues associated with them.
AI Firewall (Protection), which helps you monitor threats targeting AI endpoints during runtime.
AI Testing (API Testing), which helps you test AI APIs and applications for vulnerabilities.
Each module provides visibility into different aspects of your AI application security posture.
What will you learn in this topic?
By the end of this topic, you will understand:
The discovery of AI APIs and MCP assets, such as tools, servers, resources, and prompts.
The investigation of security issues related to AI assets.
Monitoring threats targeting your AI applications.
Testing AI APIs for issues, such as prompt injection and sensitive data exposure.
Analysis of AI attack conversations and evidence.
AI Discovery (Discovery)
The Discovery module helps you identify AI assets in your application environment.
Traceable discovers AI APIs and MCP assets, including MCP servers, tools, resources, and prompts. These assets appear in the All Assets inventory, where you can apply filters to focus on AI-related components. For more information, see All Assets and AI Asset Details.
All Assets
From the All Assets inventory, you can open asset detail pages to review activity, related services, and associated security findings. AI-related findings are also displayed in the Issues page, where you can filter issues that affect AI endpoints. For more information, see Issues Overview and Issue Management.
AI Asset-related Issues
Using Discovery, you can identify AI assets in your environment and understand how they interact with APIs and other services. This helps you maintain visibility into AI components and investigate issues associated with them.
Traceable enables the above features while allowing you to maintain control over the risk score assigned to assets and the policies that drive issue detection in assets. For more information, see Issue Policies and Risk Score.
AI Firewall (Protection) (Beta)
After identifying AI assets, you can monitor them for threats during run time.
The Protection module provides visibility into attacks targeting AI endpoints. The AI Firewall dashboard displays threat activity associated with AI APIs and helps you analyze suspicious behavior. For more information, see Dashboard.
AI Firewall Dashboard
You can also configure AI Firewall policies to detect suspicious or malicious patterns in AI traffic. These policies evaluate runtime interactions between prompts, tools, and APIs to identify abnormal behavior or potential data exposure.
AI Firewall Policies
Protection helps you monitor AI endpoints and investigate threat activity affecting your AI applications.
AI Testing (API Testing) (Beta)
The API Testing module allows you to test AI APIs and applications for issues (vulnerabilities).
AI security tests use vulnerability-detection Plugins categorized under AI. These plugins test endpoints for common AI-related risks, including prompt injection, sensitive information disclosure, and improper output handling. For more information, see AI Security Testing.
AI Security Plugins
When Traceable detects issues during testing, they appear in scan results and on the Issues page. You can filter these issues by the AI category to review AI-specific findings. For more information, see AST Issues Overview and AST Issue Management.
Each issue includes evidence from test execution, including the prompt and response interaction that triggered it. This helps you understand how the AI endpoint responded to malicious or unexpected input and determine the appropriate remediation steps.
AI Testing-related Issues