.svg)
.svg)
.png)
Enterprise AI adoption has outpaced enterprise AI security by a significant margin. As organizations race to deploy LLMs, agentic workflows, and coding assistants, the threat surface has expanded in ways most existing security tooling wasn't designed to handle. Prompt injection, sensitive data disclosure, supply-chain compromise, and AI-generated code are now operational risks. Datadog has moved deliberately into this space, and the platform’s answers to the AI security problem are worth a spotlight for where they fit into the defense-in-depth approach.
LLM Observability: Giving You Trace-Level Visibility
What Is It
Datadog's LLM Observability (LLMO) product provides end-to-end tracing of every LLM request, inputs, outputs, token usage, latency, and errors.
Where Does it Fit in the AI Security Stack
You may think LLMO is for DevOps personnel at first glance. But remember that robust observability enables robust security. It isn’t just the tracing; it's the managed evaluations that run on every trace in production: prompt injection detection, sensitive data scanning, toxicity scoring, hallucination flagging, and system prompt leakage detection.
For Security Professionals trying to communicate threats, risks, and controls, these evaluations map directly to industry standard frameworks like OWASP LLM Top 10. OWASP LLM01 (Prompt Injection) and LLM02 (Sensitive Information Disclosure) are the top two threats in the 2025 edition, and they're just two examples of what the built-in evaluators address in real time. The integration with APM means that skilled Threat Hunters and SOC Analysts can pivot seamlessly between LLMO, APM traces, and log data for the fine-grained details that make “just-okay” security operations into gold-standard security operations. Detection Engineers can use this data to build better detections (which we’ll talk about next with AI Guard). Datadog's Sensitive Data Scanner extends this real-time monitoring coverage too, catching PII, credentials, PHI, and other patterns before they travel further downstream.
AI Guard: Runtime Enforcement
What Is It
Where LLM Observability traces and tracks AI Guard, which has the power to alert and block. View them as two sides of a coin. AI Guard has three core capabilities: Prompt Protection, which evaluates and blocks prompt injection or jailbreak attempts in context, and Tool Protection, which analyzes every tool invocation in an agent workflow against the full chain of activity to catch misuse, unauthorized exfiltration, or destructive actions, and Sensitive Data Protection.
Where Does it Fit in the AI Security Stack
AI Guard is the runtime guardrail layer. Many are aware of the dangers of prompt injection, indirect and direct, or jailbreaking, and the requirement to safeguard sensitive data. But perhaps the lesser understood issue is about tool use, so let’s talk about Tool Protection.
A tool call is essentially the ability to interface with other systems via pre-configured extensions to take actions. The core value proposition of AI Guard’s Tool Protection is to detect and block unsafe or misaligned tool calls. Without enforcement at the tool-call level, successful upstream manipulation or hallucination in an agentic pipeline can cascade rapidly. For framework alignment, this feature is the layer that addresses portions of OWASP LLM06 - Excessive Agency - specifically the Functionality and Autonomy portions. AI Guard is not designed to minimize tool availability or restrict tool functionality, nor does it handle least privilege enforcement.
As for alerting, AI Guard comes with both Out-of-the-Box and options for custom detections. Remember above when I mentioned Detection Engineering? This is where they apply the wealth of data available across LLMO, APM, and threat research. Rules carry the same core structure as the other security features, so there is no learning curve for what makes a valid rule.
Code Security: Moving Left of Launch
What Is It
Code Security offers Static and Dynamic Analysis, Composition Analysis, Secrets Scanning, and Infrastructure-as-Code assessments to keep your code base secure and up to standard. Pair this with PR Gates and, soon, Malicious PR Protection, and you have a robust suite of options to monitor all code developed – human or AI.
For a deep dive on Code Security, check out “What’s So Important About Code Security” from Kenna Skoczen, one of RapDev’s SOC Analysts.
Where Does it Fit in the AI Security Stack
Code Security gets at a different but parallel issue: coding agents. The explosion of coding agents has hastened how quickly teams can develop, PR, and deploy. But the issues with AI-developed code are also widely known. Code Security isn’t about monitoring the agent itself – it is about ensuring everything produced meets your organization’s standards before it can be deployed anywhere.
This left of launch movement is not new, human code review pipelines have existed for years. But the explosion in coding velocity from coding agents requires broader and more robust code scanning and testing solutions. This is a must-have for all organizations.
Wrapping Up
Notice that I did not bring up Cloud SIEM. This was purposeful. Datadog security solutions have eclipsed merely talking about SIEM; not because a SIEM is useless – far from it actually, you do need a SIEM for a central correlation engine – but because Datadog has so much more to offer to address the AI Security issue. And that’s where RapDev comes in. We deal with building better security practices every day. We walk clients through AI monitoring strategies and work hand-in-hand to build AI-ready detection in our Managed Security Practice. If you are operating on a legacy security stack that you need off of or if you’re already a Datadog user looking for a partner to tackle the problems presented by AI, look no further. At RapDev, we know good engineering because all we do is good engineering. Contact us today!
