AI Pilot — Advanced AI Audit
Audience: Compliance, security architects, audit owners Time: ~8 min read
AI Pilot ships the deepest audit trail in the industry for AI traffic: every request carries decision lineage, prompt and response hashes, redaction history, and tool-call chains. Events flow through Control Core's existing SIEM outbox to Splunk, Elastic, QRadar, Sentinel, or Grafana Loki.
What is captured
| Event | When | Key fields |
|---|---|---|
AI_TRAFFIC_LOG | Every AI request | route, provider, model, decision, status, tokens_in, tokens_out, cost_usd |
AI_DECISION_LINEAGE | Every decision | rule chain, OPA policy IDs, principal, tenant, environment |
AI_PII_REDACTION | Redaction event | detector, count, hashed location, action |
AI_POLICY_VIOLATION | Deny | rule that denied, principal, requested target |
AI_MCP_TOOL_CALL | MCP tool invocation | tool, args_hash, server, decision, cache_hit |
AI_PROVIDER_TOKEN_ROTATED | Upstream auth rotation | provider, old/new token id, reason |
AI_BREAKER_TRIPPED | Circuit breaker | signal, value, threshold, fallback used |
AI_FALLBACK_USED | Fallback fired | from, to, reason |
AI_CACHE_HIT / AI_CACHE_MISS | Cache lookup | key fingerprint, semantic match, ttl |
Every event includes a stable correlation_id so you can stitch the chain end-to-end in your SIEM.
Configure
Open Settings -> AI Pilot -> Advanced Audit:
| Field | Description |
|---|---|
| Enabled | Master toggle |
| Sampling | 100% / 50% / 10% / 1% for high-volume environments |
| Capture prompt hash | SHA-256 of the prompt body — never the raw text |
| Capture response hash | SHA-256 of the response body |
| Capture tool-call chain | Full JSON-RPC tool chain for MCP traffic |
| Redaction log | Per-detector counts and locations |
| SIEM target | Reuses the platform-wide SIEM target from Settings -> Audit logs -> SIEM |
| Retention (days) | How long to keep events in the AuditLog table before TTL |
Sampling cuts log volume; lineage and policy events always sample at 100% regardless of the body sampling rate.
Decision lineage
Every AI decision records the rule chain that produced it:
{
"event": "AI_DECISION_LINEAGE",
"correlation_id": "8c7e...",
"principal": {"sub": "u_123", "role": "finance_manager", "mfa": true},
"target": {"type": "llm", "provider": "openai", "model": "gpt-4o"},
"decision": "allow",
"rule_chain": [
{"package": "controlcore.ai.access", "rule": "allow_finance_managers", "matched": true},
{"package": "controlcore.ai.cost", "rule": "under_daily_cap", "matched": true},
{"package": "controlcore.ai.safety", "rule": "no_pii_in_prompt", "matched": true}
],
"redaction_count": 2,
"tokens_in": 412,
"tokens_out": 893,
"cost_usd": 0.024
}
This lets compliance reviewers reconstruct why a request was allowed/denied, not just what.
Prompt and response hashing
The bouncer stores SHA-256 hashes of the request and response bodies (and optionally a redacted preview, configurable). Hashes let you:
- Verify whether two requests had identical content without storing the content
- Cross-reference cache hits with audit rows
- Build dedupe metrics for prompt engineering work
Raw prompt/response bodies are never captured by default. Enable previews only in Sandbox or with explicit DPO sign-off.
SSE live audit stream
The /pilot -> Audit tab opens an SSE connection to GET /pep-config/pilot/bouncer/{id}/audit-stream and renders a live trace. You can:
- Pause / resume the stream
- Drill into any row to see the full lineage
- Deep-link any event to
/audit?correlation_id=...for SIEM-equivalent forensics
SIEM wiring
Audit events flow through the existing SIEMOutboxEntry durable outbox. Configure the destination once at Settings -> Audit logs -> SIEM; every AI event gets the same delivery guarantee as the rest of Control Core's audit traffic.
The Pilot dashboard's "SIEM outbox (AI)" card shows pending / delivered / failed counts and the last delivery timestamp.
Compliance use cases
| Standard | What this enables |
|---|---|
| GDPR Article 22 | Show the rule chain that produced each automated decision |
| HIPAA | Prove PHI redaction happened before any provider call |
| SOC 2 / ISO 27001 | Continuous evidence of policy enforcement on AI traffic |
| FINTRAC / FinCEN | Tie AI-assisted decisions to a deterministic, audited rule chain |
| EU AI Act | Records of automated decisions with traceability |