Skip to main content
Oso secures AI agents by evaluating their actions and behavior as they interact with tools and systems. To do this, the platform analyzes agent activity such as prompts, responses, and tool calls. This page explains what data Oso processes and why that data is necessary for the platform to function.

What Data Oso Processes

When integrated with AI agent tooling, Oso may process information associated with agent activity and the environment in which the agent operates. This can include:

Agent Interaction Data

Activity generated during interactions with language models or tools:
  • prompts sent to language models
  • model responses
  • tool invocation requests
  • tool responses

Session Metadata

Context associated with the interaction:
  • user identifiers (for example email addresses)
  • IP addresses
  • timestamps
  • session identifiers

Identity and Access Context

Information about users, permissions, and systems that helps evaluate whether an action is expected or risky. Examples may include:
  • identity provider (IdP) information about users
  • permissions or access scopes associated with users or systems
  • access information from connected tools or SaaS applications
This information allows Oso to understand what an agent attempted to do, who initiated it, and whether that behavior aligns with expected permissions and access patterns.

Why Oso Processes This Data

Security systems must observe behavior in order to detect misuse or unsafe actions. Analyzing activity and related context helps improve the accuracy of these detections. Oso processes agent activity data for several purposes.

Behavior Detection

Analyzing prompts, tool calls, and responses allows the platform to detect patterns associated with unsafe or unexpected agent behavior. Examples may include:
  • unexpected tool usage
  • potential data exfiltration attempts
  • abnormal agent behavior

Investigation and Alert Context

Security teams often need context when investigating alerts. Agent activity data helps provide information about:
  • what action the agent attempted
  • what data or tools were involved
  • the sequence of events surrounding the action

Product Improvement

Real-world usage helps improve detection accuracy. When improving detection capabilities, Oso may use aggregated or anonymized behavioral signals derived from agent activity. These signals capture patterns of behavior rather than specific customer content.

Data Privacy Considerations

AI agent activity may include sensitive information such as proprietary code, credentials, or customer data. Organizations evaluating security tooling for AI agents often need to understand what data the system analyzes and how that data may include sensitive information. Oso is designed with this reality in mind. The platform’s analysis focuses on identifying risky or unexpected behavior during agent activity so organizations can understand and manage how agents interact with their systems.

No-Content Mode

No-Content Mode is an option for organizations that need detection without content retention. When enabled:
  • Prompts, completions, and tool call parameters are not stored. Only tool names are retained from agent events.
  • IP addresses are not stored.
  • Alerts still fire when Oso detects policy violations, but alert details will not include message content.
  • Session metadata (user, device, agent, timing) is still captured.
This mode is useful if your organization has policies against storing LLM conversation content in third-party systems, or if agents regularly handle sensitive data you do not want retained. To enable No-Content Mode for your environment, contact your Oso account team.

Summary

AI agents can interact with internal tools, systems, and data sources. Monitoring that behavior is necessary to detect misuse and enforce security policies. Oso analyzes agent activity to identify risky behavior and provide visibility into how agents operate within an environment.