Foundry - Sensitive data / secrets in agent prompt
Foundry Secrets In Prompt
Query
AppDependencies
| where isnotempty(Properties["gen_ai.input.messages"])
| extend
Agent = tostring(Properties["gen_ai.agent.name"]),
Model = tostring(Properties["gen_ai.request.model"]),
ConvId = tostring(Properties["gen_ai.conversation.id"]),
ProjectId = tostring(Properties["microsoft.foundry.project.id"]),
Input = tostring(Properties["gen_ai.input.messages"])
| extend
HasAwsKey = Input matches regex @"AKIA[0-9A-Z]{16}",
HasPrivateKey = Input contains "-----BEGIN" and Input contains "PRIVATE KEY-----",
HasJwt = Input matches regex @"eyJ[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}",
HasCreditCard = Input matches regex @"\b(?:\d[ \-]?){13,16}\b",
EmailCount = array_length(extract_all(@"([A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,})", Input))
| where HasAwsKey or HasPrivateKey or HasJwt or HasCreditCard or EmailCount >= 10
| extend Signal = strcat(
iff(HasAwsKey, "AWSAccessKey;", ""),
iff(HasPrivateKey, "PrivateKey;", ""),
iff(HasJwt, "JWT;", ""),
iff(HasCreditCard, "CreditCardLike;", ""),
iff(EmailCount >= 10, strcat("BulkEmails(", tostring(EmailCount), ");"), ""))
| extend AccountName = iff(isempty(Agent), "unknown-agent", Agent)
| project
TimeGenerated, Signal, AccountName, Agent, Model, ProjectId,
ConvId, EmailCount
| order by TimeGenerated descExplanation
This query is designed to detect sensitive data or secrets being input into a Foundry or Agent Service request. It specifically looks for:
- AWS Access Keys: Identified by a specific pattern.
- PEM Private-Key Blocks: Recognized by the presence of "BEGIN" and "PRIVATE KEY" in the text.
- JWTs (JSON Web Tokens): Detected using a regex pattern.
- Credit Card-like Numbers: Identified by a pattern that matches sequences of 13 to 16 digits.
- Bulk Email Addresses: Flags if there are 10 or more distinct email addresses in the input.
The query checks the gen_ai.input.messages property from the AppDependencies data in Application Insights. If any of these sensitive data types are found, it generates a signal indicating which type(s) of sensitive data were detected. The query runs every hour and triggers an alert if any sensitive data is found.
The alert includes details such as the agent name, model, project ID, conversation ID, and the number of email addresses detected. It organizes alerts by account and creates incidents if necessary, grouping them by account for better management. The query is part of a scheduled detection rule and is tagged for use with Sentinel, Foundry, AI, and OWASP guidelines.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Severity
HighTactics
Frequency: PT1H
Period: PT1H