View AI usage in Explorer
Northstar can detect when your applications call AI and machine learning (AI/ML) libraries or external AI services. When agents instrument these calls, Explorer displays a visual indicator on the application node so you can immediately see which applications in your organization are using AI/ML functionality.
This visibility helps you:
Identify applications that may be sending sensitive data to external AI services such as OpenAI or Anthropic
Assess exposure to AI-specific attack vectors such as prompt injection
Address shadow AI by maintaining a centralized inventory of all applications using AI/ML frameworks
Support data governance and compliance requirements for AI usage across your organization
What Northstar captures for AI observations
When an agent detects an AI call, it reports an observation with the action type ai-ml-usage. Each observation includes:
Field | Description |
|---|---|
| The name of the AI/ML library is called, for example, |
| The specific function or method invoked, for example, |
| The network address of the AI service endpoint, if the call is a network call to a known external service. For local library calls, this field is empty. |
Before you begin
The entities you see in Explorer depend on the permissions defined in your access control settings. See Actions and permissions for the permissions required to view Explorer data.
View AI usage for an application
In the left navigation, select Explorer.
Look for application nodes that display the AI/ML indicator icon. The icon appears on any application node where Northstar has observed AI/ML activity.
To filter the Explorer view to show only applications that use AI/ML, select the Filter icon and choose one of the following options under the AI filter:
Uses AI: Show only applications where Contrast has detected AI/ML activity
Does not use AI: Show only applications where no AI/ML activity has been detected
Select an application node to open the details panel.
In the details panel, review the AI usage section, which shows a summary count of AI/ML observations for the application.
Select the link in the AI usage section to open a filtered Observations view that lists all AI/ML observations for that application. See View observations for details about the observation data.
Understand the AI node indicator
When Explorer detects AI usage for an application, it displays a dedicated icon on the application node in the graph view. The Explorer legend identifies this icon as representing AI usage.
The indicator does not represent a vulnerability or an active threat. It signals that the application has been observed calling AI functionality, which you can investigate further through the observations view.