Agent - Trace-level interaction-path anomalies
Agent Trace Level Anomalies
Query
let window = 1d;
AppDependencies
| where TimeGenerated > ago(window)
| where isnotempty(Properties["gen_ai.conversation.id"])
| extend
Agent = tostring(Properties["gen_ai.agent.name"]),
ConvId = tostring(Properties["gen_ai.conversation.id"]),
ToolName = tostring(Properties["gen_ai.tool.name"])
| summarize
Spans = count(),
ToolCalls = countif(isnotempty(ToolName)),
DistinctTools = dcount(ToolName),
TopTool = take_any(ToolName),
Tools = make_set(ToolName, 16),
FirstSeen = min(TimeGenerated),
LastSeen = max(TimeGenerated)
by Agent, ConvId
| extend DurationMin = datetime_diff('minute', LastSeen, FirstSeen)
| extend SpansPerMin = iff(DurationMin > 0, todouble(Spans) / DurationMin, todouble(Spans))
| extend ToolLoopRatio = iff(DistinctTools > 0, todouble(ToolCalls) / DistinctTools, todouble(ToolCalls))
| where (Spans > 100)
or (ToolCalls > 50 and DistinctTools <= 2)
or (SpansPerMin > 5 and DurationMin >= 5)
| extend AccountName = iff(isempty(Agent), "unknown-agent", Agent)
| project LastSeen, AccountName, Agent, ConvId, Spans, ToolCalls,
DistinctTools, ToolLoopRatio, SpansPerMin, DurationMin, Tools, FirstSeen
| order by Spans desc, SpansPerMin descExplanation
This query is designed to identify unusual patterns in the execution traces of conversations involving an AI agent service, specifically within the Foundry environment. It looks for anomalies such as:
- Excessive Span Count: A high number of spans (individual segments of a trace) which could indicate abnormal activity.
- Tight Tool-call Loops: Situations where the same tool is called repeatedly in a short period, suggesting potential issues like loops caused by prompt injections or exploitation attempts.
- High Span Rate: A sustained high rate of spans over time, which might indicate runaway processes or stuck states.
The query analyzes data from the last day (1d) and focuses on conversations with a non-empty conversation ID. It extracts relevant details such as the agent name, conversation ID, and tool name, and then summarizes the data to calculate metrics like the total number of spans, tool calls, distinct tools used, and the duration of the conversation.
The query flags conversations that meet certain criteria, such as having more than 100 spans, more than 50 tool calls with two or fewer distinct tools, or a span rate of more than 5 spans per minute over at least 5 minutes. These flagged conversations are then listed with details like the last seen time, agent name, conversation ID, and various calculated metrics.
The results are sorted by the number of spans and span rate, helping to prioritize the most significant anomalies for further investigation. This query is part of a broader effort to detect and differentiate between legitimate heavy workloads and potential misbehavior in AI agent interactions.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Tactics