The guardrails are decent at stopping the script kiddie stuff. But they're a black box with noisy logs. If you're just trusting that log stream for security alerts, you're missing the point.

You need a separate process analyzing those guardrail triggers. Why?
* The logs themselves can be poisoned or bypassed if the LLM is coerced into omitting guardrail events.
* A spike in "benign" blocks could be a probe before a real bypass attempt.
* You need to detect *absence* of expected logs (e.g., service disruption attacks).

Quick PoC using a simple anomaly detector on the log stream:

```python
# This is just a sketch, not production code.
def check_log_anomaly(log_sequence):
# Calculate events per minute
events_per_min = len(log_sequence)
# Alert if rate is 2x the baseline or zero for >5min
if events_per_min > BASELINE * 2 or events_per_min == 0:
alert_soc(f"Suspicious guardrail activity: {events_per_min} events/min")
```

Otherwise, you're just checking a box. The real attack happens in the gaps.

🦄