AI Development Audit Logging Design Guide¶
Purpose¶
Design a minimal audit log set that balances three axes: query reproduction, compliance evidence trail, and security incident investigation.
Minimal Log Element Set¶
| Field | Description | Contains PII | Retention Period |
|---|---|---|---|
| request_id | Trace ID | No | 1y |
| user_role | Caller role | Low | 180d |
| model_name | Model used | No | 180d |
| prompt_hash | Hash after masking | No | 1y |
| safety_flags | Filter judgment result | No | 180d |
| latency_ms | Processing time | No | 90d |
| token_in/out | Token count | No | 90d |
| decision_reason | Routing/rejection reason | No | 180d |
Masking Guidelines¶
1. Replace secrets/credentials with <SECRET_x> via regex + dictionary matching
2. Obscure low-confidence token sequences using Bloom Filter to increase re-identification cost
3. Hashing: prompt -> SHA256(salt+normalized_prompt)
Observability Integration¶
- Set prompt_hash/latency/token as OpenTelemetry span attributes
- Anomaly alerts: error rate + safety_flag ratio deviation detection
Back to: index.md