Query Details

Agent - Trace-level interaction-path anomalies

Agent Trace Level Anomalies

Query

let window = 1d;
AppDependencies
| where TimeGenerated > ago(window)
| where isnotempty(Properties["gen_ai.conversation.id"])
| extend
    Agent    = tostring(Properties["gen_ai.agent.name"]),
    ConvId   = tostring(Properties["gen_ai.conversation.id"]),
    ToolName = tostring(Properties["gen_ai.tool.name"])
| summarize
    Spans       = count(),
    ToolCalls   = countif(isnotempty(ToolName)),
    DistinctTools = dcount(ToolName),
    TopTool     = take_any(ToolName),
    Tools       = make_set(ToolName, 16),
    FirstSeen   = min(TimeGenerated),
    LastSeen    = max(TimeGenerated)
    by Agent, ConvId
| extend DurationMin = datetime_diff('minute', LastSeen, FirstSeen)
| extend SpansPerMin = iff(DurationMin > 0, todouble(Spans) / DurationMin, todouble(Spans))
| extend ToolLoopRatio = iff(DistinctTools > 0, todouble(ToolCalls) / DistinctTools, todouble(ToolCalls))
| where (Spans > 100)
    or (ToolCalls > 50 and DistinctTools <= 2)
    or (SpansPerMin > 5 and DurationMin >= 5)
| extend AccountName = iff(isempty(Agent), "unknown-agent", Agent)
| project LastSeen, AccountName, Agent, ConvId, Spans, ToolCalls,
          DistinctTools, ToolLoopRatio, SpansPerMin, DurationMin, Tools, FirstSeen
| order by Spans desc, SpansPerMin desc

Explanation

This query is designed to identify unusual patterns in the execution traces of conversations involving an AI agent service, specifically within the Foundry environment. It looks for anomalies such as:

  1. Excessive Span Count: A high number of spans (individual segments of a trace) which could indicate abnormal activity.
  2. Tight Tool-call Loops: Situations where the same tool is called repeatedly in a short period, suggesting potential issues like loops caused by prompt injections or exploitation attempts.
  3. High Span Rate: A sustained high rate of spans over time, which might indicate runaway processes or stuck states.

The query analyzes data from the last day (1d) and focuses on conversations with a non-empty conversation ID. It extracts relevant details such as the agent name, conversation ID, and tool name, and then summarizes the data to calculate metrics like the total number of spans, tool calls, distinct tools used, and the duration of the conversation.

The query flags conversations that meet certain criteria, such as having more than 100 spans, more than 50 tool calls with two or fewer distinct tools, or a span rate of more than 5 spans per minute over at least 5 minutes. These flagged conversations are then listed with details like the last seen time, agent name, conversation ID, and various calculated metrics.

The results are sorted by the number of spans and span rate, helping to prioritize the most significant anomalies for further investigation. This query is part of a broader effort to detect and differentiate between legitimate heavy workloads and potential misbehavior in AI agent interactions.

Details

David Alonso profile picture

David Alonso

Released: June 8, 2026

Tables

AppDependencies

Keywords

AppDependenciesPropertiesAgentConvIdToolNameSpansToolCallsDistinctToolsTopToolToolsFirstSeenLastSeenDurationMinSpansPerMinToolLoopRatioAccountName

Operators

let|whereisnotemptyextendtostringsummarizecountcountifdcounttake_anymake_setminmaxbydatetime_diffifftodoubleorisemptyprojectorder bydesc

Tactics

ImpactExecution

MITRE Techniques

Actions

GitHub