The detection gap

Confirmed SQL injection in execute() — but what data was accessed?

Anomalous data access on users table — but why? Misconfigured query? Authorized report? Attack?

Confirmed: SQL injection in execute() caused unauthorized access to users table. Root cause + impact in one alert.

Can block the injection. Cannot assess breach scope.

Can flag the data access. Cannot identify the root cause.

Breach scope and root cause confirmed — you have what you need for incident response and notification.