Can You See What Your AI Saw?: GenAI Endpoint Observability for Detection Engineers
Mika Ayenson
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 2
Your EDR sees a curl command. Was it your developer, or an AI agent manipulated by a poisoned README? Mika Ayenson of Elastic exposes the core crisis facing detection engineers in 2026: intent attribution is broken. With AI coding tools spawning shells, writing files, and making network calls indistinguishable from human-driven processes, the industry urgently needs OpenTelemetry-based observability standards to restore meaningful signal. ---
AI review
Ayenson walked into the room with real EDR data and a genuine problem nobody has solved yet. Intent attribution for AI-driven processes is broken, and he's got the telemetry to prove it — not hypotheticals. The OpenTelemetry prescription is right, and the ES|QL ancestry query is immediately deployable.