Cyscale

Back to controls

AI endpoint access logging should be enabled

AI inference endpoints should produce enough telemetry to investigate abuse, prompt injection attempts, anomalous invocation volume, data leakage, and unauthorized access. Missing endpoint logging makes AI incidents difficult to detect and reconstruct.

Category

Controls

Medium

Applies to

Google Cloud

Coverage

1 queries

Asset types

3 covered

Overview

AI inference endpoints should produce enough telemetry to investigate abuse, prompt injection attempts, anomalous invocation volume, data leakage, and unauthorized access. Missing endpoint logging makes AI incidents difficult to detect and reconstruct.

Remediation guidance

Remediation

Enable access logging and container logging for AI endpoints. Route logs to the approved SIEM or monitoring pipeline with retention aligned to incident response requirements.

Enable endpoint access logging.
Avoid disabling deployed model container logs unless approved.
Add monitoring for spikes, failures, unusual callers, and denied requests.

Query logic

These are the stored checks tied to this control.

AI endpoint access logging should be enabled

Connectors

Google Cloud

Covered asset types

AI ServicesEndpointLogging

Expected check: eq []

{
  vertexAIEndpoints(where: { deployedModels_SOME: { OR: [ { enableAccessLogging: { eq: false } } { disableContainerLogging: { eq: true } } ] } }) { ...AssetFragment }
}

Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

Platform

Cloud Native Application Protection (CNAPP)Cloud Security Posture Management (CSPM)Cloud Infrastructure Entitlement Management (CIEM)Kubernetes Security Posture Management (KSPM)Cloud Compliance Cloud Security for MSSPs Cloud Vulnerability Management ASPM + Code Scanning Secrets + Outdated Software AI-SPM Platform Book a Demo Start a Trial Pricing

Use Cases

Cloud Misconfigurations Vulnerability Management Code Vulnerability Scanning AI Security Operational Security IAM Cloud Security Cloud Data Security Cloud Compliance NIS 2 Compliance DORA Compliance Kubernetes Security Microsoft Entra ID Security Google Workspace Security

Industries

Managed Security (MSSPs)FinTech Banks HealthTech Telecom Legal Tech HRTech M&A Due Diligence Mobile Apps

Compare

Cyscale vs Wiz Cyscale vs Lacework Cyscale vs Zscaler Cyscale vs Orca Security Cyscale vs AWS Cyscale vs Google Cloud Cyscale vs Microsoft Azure

Resources

Blog Security Wiki Product Tours Case Studies Documentation Data Sheet FAQ + Support Cloud Security Buyer’s Guide SaaS CTO Cloud Security Handbook Top 10 Cloud Security Challenges

Company

About Us Cloud Security Made in Europe Careers Contact Us

+44 7401 208466

[email protected]

ISO 27001Compliant

SOC 2In progress

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of use Security Policy Privacy Policy Status Sitemap

Terms of use Security Policy Privacy Policy

crunch base icon