Agentic Observability
The unified monitoring, detection, and response layer — a SIEM pattern for agentic systems.
Agentic Observability is the unified monitoring, detection, and response layer for governed agentic systems. It serves three roles simultaneously: quality monitoring (Ring 3 intelligence), security detection and response, and governance compliance verification.
Where This Fits in AGF
AGF's observability story has three layers. They are not synonyms — they compose.
- Primitive #10 — Event-Driven Observability — fabric primitive. Every ring emits structured events through a canonical envelope. The emission mechanism. See the primitive →
- Agentic Observability (this page) — the unified correlation concept. One event stream, three detection perspectives (quality, security, governance).
- Observability Profile — role-based implementation guide for observability engineers and SREs.
Primitive #10 emits. Agentic Observability correlates. The Profile implements.
Why Unified?
The landscape separates security monitoring (SIEM), quality monitoring (LLM observability tools), and compliance monitoring (GRC platforms) into different tools with different event streams. But agentic threats traverse all three domains — a prompt injection is a security event that causes a quality degradation that creates a compliance violation.
AGF unifies them. One event stream, one correlation engine, three detection perspectives.
The SIEM Pattern for Agents
Event Architecture
Every ring emits structured events through Event-Driven Observability (#10). The canonical event envelope includes:
- Identity context — who (agent ID, version, configuration hash)
- Ring context — which ring, which stage in the pipeline
- Temporal context — timestamps, duration, sequence
- Semantic context — what happened, structured payload
- Governance context — policy evaluated, gate outcome, trust level
Built on OpenTelemetry GenAI Semantic Conventions with governance-specific extensions.
Correlation Engine
Three detection perspectives operate on the same event stream:
| Perspective | What It Detects | Time Horizon |
|---|---|---|
| Quality | Degraded output quality, validation failures, convergence issues | Real-time + trending |
| Security | Prompt injection, data exfiltration, privilege escalation, behavioral anomalies | Sub-second (sentinels) + hours (analysis) |
| Governance | Policy violations, unauthorized actions, missing approvals, trust level drift | Per-workflow + periodic audit |
Dual-Speed Detection
- Fast-path sentinels — sub-second pattern matching for known attack signatures. Triggers the Security Response Bus for immediate containment. The sub-second target is the architectural design point; achievable latency depends on detector implementation.
- Slow-path analysis — hours to days of behavioral pattern analysis. Detects drift, emerging threats, and systemic quality trends.
Operational Playbooks
The Observability Profile defines structured response procedures for:
- Quality incidents — output degradation, verification failures, convergence issues
- Security incidents — detected attacks, containment, forensic investigation
- Governance incidents — policy violations, unauthorized actions, evidence preservation
Each playbook maps to specific ring signals and event patterns.
Related
- Observability Profile — operational detail for SREs and detection engineers
- Security Profile — the Security Response Bus and threat detection patterns
- Event-Driven Observability (#10) — the primitive that powers this layer
For the complete observability specification, see the canonical source.
Decision Intelligence
Governed decision-making systems with structured persistence, belief revision, and multi-agent governance pipelines.
Relationship to Frameworks
How AGF relates to NIST, OWASP, CSA AICM/ATF/MAESTRO, Microsoft AGT, ISO, EU AI Act, FAIR, TOGAF, SABSA, and more — the seven-layer stack.