(Beta) AI Asset Details

Upon clicking an AI asset, Traceable provides a detailed view that displays key insights about the asset. This helps you track inventory in detail, understand how the asset is integrated and its performance, and identify whether it is monitored or secured in your environment. Traceable organizes the detailed view page for each asset into tabs that let you gather deep-level insights and metrics. This ensures that your security teams can evaluate the health, performance, and risks (if any) associated with an AI asset.

What will you learn in this topic?

By the end of this topic, you will be able to:

• Identify AI assets on the All Assets page and navigate their detailed view.

• Understand the information displayed for different AI asset types, such as AI APIs, MCP tools, MCP prompts, MCP resources, and MCP servers.

• Understand how to use the insights to improve security, reliability, and maintain compliance.

Identifying AI assets

The All Assets page provides a comprehensive view of all assets in your application. While Traceable provides a list of filters on the page, you can apply various AI filters to identify AI assets according to your requirements. Traceable provides the following filters that you can use to view such assets:

• Is AI Asset — Filters assets whether they are AI-related, for example, AI APIs and MCP tools.

• AI Model Types — Filters assets by AI model type, for example, Google-gemini-pro and gpt-3.5-turbo.

• AI Vendors — Filters assets by the vendor providing the AI capability, for example, OpenAI and Google.

Once you have applied the necessary filters, Traceable displays the information on the page. You can click on an AI asset to view its details. The following sections highlight these details for each AI asset. You can use this information to gain insights and take actions based on your requirements.

AI APIs and their details

The AI API details page is similar to the Endpoint Details page but highlights insights based on AI traffic. It displays total requests, attack types, malicious behaviors, traces, and metrics, so you can track how AI endpoints are performing. You can view information such as API details, the API's risk score, requests, and other metrics.

This information helps you understand any unusual activity, such as sudden spikes or sensitive data flowing through requests. It also helps you validate the correct usage of API endpoints, troubleshoot performance issues, and prevent exposure of sensitive data. For more information on the details shown for an endpoint, see Endpoint Details.

MCP tools and their details

The MCP Tools details page provides information on how individual tools are operating within your MCP server. The following details are displayed for each MCP tool:

• The Overview tab provides information, such as the associated MCP server, host, and the time the tool was created and last updated. It also displays the schema associated with the tool.

• The Spans tab provides information on interactions with services, APIs, and backends, along with the request, response, and attributes in each span.

This information helps you understand whether the tool is reliable, working as expected, or adding errors, delays, or dependencies. Using this information, you can keep your MCP tools aligned with your business requirements.

MCP servers and their details

The MCP Server details page provides a server-level view of your MCP infrastructure. It displays the following information:

• The details associated with the MCP server, such as the creation, last call times, environment, and host.

• The MCP primitives highlight the underlying MCP tools, prompts, and resources.

• The list of MCP primitives hosted on the server, along with information such as the datatypes passing through each primitive and the associated risk score. You can click a primitive to open its detailed view.

• The spans associated with the MCP server and its primitives.

This hierarchy makes it easy for you to trace relationships between MCP tools, resources, prompts, and servers, manage distributed deployments, and quickly identify whether issues are originating in the tools on a given server.

MCP resources and their details

MCP resources are the data sources or external systems that provide contextual information to AI workflows. These resources are usually read-only or query-based, and AI clients use them to retrieve information without performing actions, such as internal APIs, databases, or document repositories.

Traceable automatically discovers MCP resources exposed by connected MCP servers and displays them as AI assets in the All Assets tab of the Inventory page. This enhances your visibility beyond executable tools to include the data context available to AI systems.

When you select an MCP resource, Traceable displays details that help you understand what data the resource exposes, how it is accessed, and the associated security posture:

• Resource identity, such as name and host, as defined by the MCP server

• Lifecycle information, such as the creation, update, and last read times

• The associated environment, such as production or staging

• Security context, such as encryption, authentication, and external exposure details

• Schema associated with the resource

• Spans, indicating how the resource is accessed during AI workflows

Traceable analyzes the MCP resource metadata to classify data sensitivity and identify potential exposure of sensitive or regulated data, such as personally identifiable information. This helps you understand which AI workflows have access to high-risk data sources and to assess governance and compliance impact.

MCP prompts and their details

MCP prompts are structured instruction templates that define how AI clients interact with MCP tools and resources. Prompts often include system instructions, variables, and contextual data used to create the conversation with the MCP server.

Traceable discovers MCP prompts exposed by these MCP servers and surfaces them as AI assets that improve visibility into the instruction layer of AI workflows.

When you select an MCP prompt, Traceable displays details that help you understand the prompt construction, where it is used, and whether it introduces security or compliance risk:

• Prompt identity, such as server name and host, as defined by the MCP server.

• Lifecycle information, such as the creation, update, and last accessed times

• The associated environment, such as production or staging

• External usage indicator, indicating whether the prompt is exposed outside the environment

• Schema associated with the prompt

• The spans associated with the prompt

Traceable analyzes the prompt metadata to identify potential references to sensitive data, risky context, or variables that may introduce unintended data exposure. This allows you to review prompts during AI governance and security assessments, and to detect changes or drifts in prompt definitions over time.

AI domains, services, backends, and their details

The detailed pages for AI backends, services, and domains are built on the existing infrastructure but display context tailored to AI-specific use cases. On these detailed pages, Traceable displays activity trends, traffic volumes, and response times for the assets processing AI requests. This provides you with a detailed view of how your application infrastructure supports AI workloads. The page also highlights anomalies, such as misconfigurations, unauthorized access, or traffic patterns.

This information helps you and your security teams ensure that your AI infrastructure stays reliable and compliant.

Leveraging the AI asset details

These detailed views provide information while helping you act on it. You can use them to monitor activity trends, troubleshoot issues with spans and traces, and identify risks where sensitive data is flowing into the AI services. You can also use the details for audits and governance reviews, demonstrating accountability for AI usage in your organization.

Example

Consider a scenario where your team is preparing for an AI governance review. From an AI API details page, you can confirm which APIs are associated with the AI services. The MCP tool's detailed view page displays whether tools are restricted to specific environments. Similarly, the detailed view pages for AI domains, services, and backends display whether any of these assets are serving production traffic in violation of compliance rules. These insights help you reduce security issues and ensure that AI adoption remains secure and compliant.