Threat Alerts

Highflame Threat Alerts provide real-time visibility into security events across your AI systems, allowing teams to quickly detect, understand, and respond to threats as they occur. Rather than surfacing raw signals or isolated logs, Threat Alerts translate guardrail detections into clear, actionable security events that reflect what is happening in production.

Whenever a guardrail detects a policy violation, Highflame generates a detailed threat alert alongside any enforcement action taken, such as blocking or modifying a request. Over time, these alerts give teams a clear picture of which threats are occurring, how frequently they appear, and which applications, routes, or agents are being targeted. This makes Threat Alerts the primary way to understand your AI traffic's security posture and how it evolves.

Centralized Threat Dashboard

All threat alerts are collected in a centralized dashboard within Highflame, giving security and platform teams a single place to monitor and investigate AI security events. The dashboard provides a real-time feed of alerts, allowing teams to observe incidents as they happen and quickly assess their impact.

From the dashboard, alerts can be filtered and searched by threat type, application, route, timeframe, or other contextual metadata. This makes it easy to isolate specific issues, investigate recurring patterns, or focus on high-risk areas. Teams can also analyze alert trends over time to identify shifts in attack behavior or emerging risks, helping them strengthen defenses where it matters most.

Each alert can be drilled into for full context. This includes the request or response that triggered the alert, the specific guardrail involved, and the enforcement action that was taken. Having this information in one place removes ambiguity and allows teams to move from detection to remediation quickly.

• Viewing a real-time feed of alerts so you can see security events as they happen

• Filtering and searching so you can easily find alerts by threat type, application, route, timeframe, or other criteria

• Analyzing trends so you can spot patterns in attack types or resources targeted and strengthen your defenses where it's needed most

• Drilling down for details so you can understand the full context of requests, including the prompt or response that caused the issue, the guardrail that was triggered, and the action that occurred

Guardrail Failure Intelligence

Threat Alerts also surface issues with the health of your security controls. A guardrail failure occurs when a security policy cannot be evaluated correctly due to issues such as misconfiguration, internal processing errors, network failures, missing dependencies, or downstream endpoint outages.

These failures represent potential unseen risks to your security. Highflame automatically looks for Guardrail failures and organizes them in a dedicated view within Threat Alerts > Requests with Guardrail Failure so that your security and platform teams can:

• Quickly identify and triage misconfigured guardrails, with details about which policy is failing and why, plus error codes and messages

• Keep track of gaps in policy enforcement by understanding where your security may need attention due to technical issues

• Remediate issues, so you can take proactive steps before they lead to a security incident

Alert Categories

Highflame Threat Alerts are categorized by the detected risk type, making it easier to triage and prioritize incidents. Categories include sensitive data handling events, prompt injection and jailbreak attempts, unsafe or restricted content, phishing and malicious URLs, anomalous or obfuscated inputs, secrets leakage, and violations detected by custom guardrails. Alerts related to guardrail execution failures are surfaced separately to distinguish policy issues from operational ones.

These categories provide a consistent vocabulary for understanding AI security risks and allow teams to track trends across different threat classes over time.

• Sensitive Data (Reject, Masked, Replaced, Redacted)

• Restricted Keywords

• Prompt Injections

• Jailbreak Attempts

• Sexual Content

• Profanity

• Violence

• Hate Speech

• Crime

• Weapons

• Markdown/Code

• Non-ASCII Character

• Invisible Characters

• Phishing URLs

• Non-English Language

• High Entropy

• Custom Guardrails

• Requests With Guardrail Failure

• Command Injection

• SQL Injection

• Path Traversal

• Secrets Leakage

Proactive Alerting and Notifications

In addition to the in-product dashboard, Highflame supports proactive alerting through integrations with tools such as Slack and Splunk. Teams can configure real-time notifications for specific alert types, ensuring critical security events are surfaced to the right responders immediately.

This allows organizations to integrate AI security events directly into existing incident response and monitoring workflows, reducing response times and improving operational awareness.