Threat Detection
Threat Detection continuously scans incoming traces and threads against your project’s configured vulnerabilities. When a threat is found, a detection is attached to the trace or thread and surfaces in the Detections tab of the relevant detail view, so you can pinpoint exactly where a security compromise occurred.
The Threat Detection page has two tabs — Trace and Threads — each configured independently.
Enable threat detection
To enable threat detection for traces:
- Navigate to Project Settings → Threat Detection
- Select the Trace tab
- Toggle Enable trace detection on
- Set a Sample rate between
0.0and1.0— this is the probability that any given incoming trace is scanned - Click Save
To enable threat detection for threads:
- Navigate to Project Settings → Threat Detection
- Select the Threads tab
- Toggle Enable thread detection on
- Set a Sample rate between
0.0and1.0 - Set an Idle time limit — the number of seconds of inactivity before a thread is scanned; the scan runs once no new trace has arrived for this period
- Click Save
Threat detection runs on data your project has already ingested. No data leaves Confident AI to an external scanner — the underlying LLM evaluates your traces and threads directly.
Configuration reference
Viewing detections
When a threat is detected, it appears under the Detections tab on the trace or thread detail view. Each detection shows:
- Vulnerability — the vulnerability name and type (e.g.
Prompt Injection › Direct Attack) - Outcome — how the threat resolved
- Attack vector — the path or mechanism used in the attack, if identified
- Reason — a short explanation of why this was flagged as a threat