See exactly how employees use AI, without becoming a second leakage risk.

LogosGuard records every detection, redaction, and block as a structured event with user, AI tool, policy fired, data classes detected, and action taken. The audit log preserves event metadata, not the underlying prompt content, so visibility does not become a second exposure surface.

Visibility into AI usage matters. So does the audit log not becoming the next exposure surface. LogosGuard records the policy decision and event metadata, never the underlying prompt content.

What the audit log captures.

Every event recorded by LogosGuard includes a fixed set of fields:

Fields on every event.

User: sourced from your SSO, so the audit trail aligns to identity-management of record.
AI tool: the destination AI service (chatgpt.com, claude.ai, gemini.google.com, etc.).
Policy: the policy ID that fired, with a version stamp so changes are reconstructible.
Data classes detected: labeled categories like "PII", "PHI", "credentials", "source code".
Action taken: warn, redact, block, or allow.
Timestamp: to the second, in the customer's timezone for display.

The underlying prompt content is not retained. The audit log is the event-metadata record, not a content archive.

What you can answer from the audit log.

Which AI tools are getting the most usage across the company.
Which data classes are showing up most often, and on which tools.
Which teams generate the most blocks vs warns vs redactions.
When policy fired correctly (block prevented an egress) vs when it was too tight (warn was overridden frequently).
Which teams or roles need additional training based on patterns.
How AI usage volume is trending over time.

Tuning policy from the audit log.

The first month of audit data is usually the most useful month. Where are warns being overridden constantly? That rule is too tight; relax it. Where are blocks firing repeatedly on the same workflow? That team needs a policy carve-out or a private LLM scope. Where is one team accounting for an outsized share of detections? They probably need different rules, or different training, than the rest of the company.

LogosGuard turns this loop into a few-minutes-per-week job rather than a quarterly project.

Export to your existing pipeline.

Audit logs export in formats compatible with common SIEM and surveillance platforms. For financial-services organizations with surveillance obligations, the same logs feed your existing review tooling. For security operations teams, the logs feed your existing incident response pipeline. The LogosGuard console is a starting point; the data is yours.

See the audit log against your stack.

Frequently asked questions

Does the audit log retain prompt content?

No. Audit logs preserve event metadata, user, tool, policy, data classes detected, action taken, but not the underlying prompt content. This is intentional: the audit log should not become a second exposure surface.

Can we export logs to our SIEM?

Yes. Audit logs export in formats compatible with common SIEM and surveillance platforms. Per-deployment integration details are part of the security conversation.

Who can see the audit log?

Access is gated by role. Admins configure who can view audit data and at what granularity. The console supports SSO so identity is sourced from your IdP.

Can we get fuller logs for specific workflows?

Yes. Customers who need fuller logging, for example, surveillance-obligated financial-services workflows, can opt into expanded audit modes scoped to specific teams. This is opt-in and disclosed; it is not the default.

How long are logs retained?

Retention is configurable per contract. Defaults are suited to typical security-team review cycles. Specific retention requirements should be specified in the order form.