AI Security for End Users - Monitoring and Analytics with Session Explorer

The Session Explorer page lets you monitor how AI chat applications are used across your organization and assess the potential risk of data exposure through user prompts. After you enable AI Security, the page provides visibility into prompts sent to supported and enabled AI applications, helping you understand usage patterns and investigate potentially risky interactions.

Each interaction represents a single prompt and includes contextual information such as the AI application that received the prompt and the detected topic and intent.

Detections

When you define AI Security rules with a Monitor action, matching prompts appear on the AI Interactions page with a detection indicator. For these interactions:

  • The Detections column shows the monitoring profile that triggered the detection
  • You can quickly identify which monitoring rule matched the prompt

This information helps you validate rule coverage and tune your policies.

Interaction Details

When you drill down into a specific interaction, the level of detail available depends on your assigned permissions. Admins with the necessary permissions can request to view the actual prompt that was sent to the AI application. If the prompt contains problematic content, the relevant sections are flagged or highlighted. When the rule action also included Block, the interaction details show the block page that was presented to the user.

For information about the roles and permissions, see Managing Admin Roles Using RBAC.

Note: Operations, such as viewing the prompt, are recorded in the Audit Log.

Use Case - Understanding How Employees Use AI Chats

ABC Company enables AI Security to gain visibility into how employees use AI chat applications in their day-to-day work. By reviewing interactions on the AI Interactions page, the security team can see what types of questions and requests users submit to AI tools.

This insight helps your organization better understand employee activities, identify common knowledge gaps or recurring assistance needs, and determine where additional guidance, training, or enablement can improve productivity while reducing risk.

Analyzing an AI Interaction

Use the session details to analyze a specific AI interaction so you can understand the full context, validate detections, and identify issues that require feedback or follow-up.

Session_Audit.png

To analyze an AI interaction:

  1. From the navigation menu, click AI Security > Session Explorer.
  2. Select the interaction you want to investigate and click Reveal Session to view the session content.
  3. Review the prompt and response sequence to understand the full context of the interaction.
  4. To continue the investigation for a specific prompt, click View Analysis. The Engine Analysis Report opens.

Reviewing Analysis Report

The Engine Analysis Report provides a detailed view of how a specific prompt was evaluated by the AI Security engine at the time it was sent. It shows which rules, profiles, and detectors were active during execution, helping you understand how detections were determined. Each report includes an Analysis ID, which you can use for reference, searching in the Session Explorer, or when working with Support.

Within the report, detections are visually represented:

  • Yellow-colored profile indicates that a detection occurred. This means a rule with this profile was executed, and at least one detector produced a match.
  • Green-colored profile indicates that no detection occurred, even though the rule was executed.

To further investigate behavior, you can click on Open in Engine Playground and re-run the entire session. This allows you to examine how the current profiles behave and fine-tune configurations if the outcome differs from your expectations. 

When reviewing the Analysis Report, be aware that configurations may have been updated since the time of execution. As a result, the current definition might differ from what was applied when the prompt was originally evaluated.

Submitting Feedback

When the detector result for a prompt is inaccurate, you can submit feedback to help Cato evaluate the detection. For false positives, review the Triggered Detectors that incorrectly matched the prompt. If a detector should have triggered but did not, review All Detectors to identify which ones were actively running when this prompt was sent.

Add free-text comments to explain the expected result and provide any context that can help the investigation. Cato reviews this feedback and uses it to improve detector quality over time.

For critical issues, you can open a Support ticket in addition to the feedback.

Session_Audit.png

To submit feedback for an AI interaction:

  1. In Engine Analysis, click Submit Feedback.
  2. To report a false positive, use Triggered Detectors.
  3. To report a false negative, use All Detectors to review the detectors that were active in the profile for that prompt.
  4. Select the relevant detector or detectors.
  5. Add free-text comments to provide additional context.
  6. For urgent issues, select Open a support ticket.
  7. Click Submit.

Was this article helpful?

0 out of 0 found this helpful

0 comments