Real-Time AI Security Alerts: Setting Up Webhook Notifications
Your AI firewall is scanning every request for PII, blocking prompt injections, and enforcing budgets. But if nobody knows when a security event happens, the protection is only half complete.
Webhook notifications close the loop. When AISG blocks a request containing a credit card number, catches a jailbreak attempt, or detects an agent stuck in an infinite loop — your team knows immediately. Not in the next morning's log review. In real time.
What You Can Monitor
AISG sends webhook notifications for five event types:
| Event | When it fires | Severity |
|---|---|---|
| dlp.pii_blocked | Request blocked due to PII | High |
| dlp.injection_blocked | Prompt injection caught | High |
| dlp.pii_redacted | PII detected and redacted | Medium |
| budget.exhausted | Project balance depleted | Medium |
| loop.detected | Agent retry loop blocked | Medium |
Setup in 2 Minutes
Navigate to your project in the AISG dashboard, click Webhooks in the sidebar, and add an endpoint:
- Enter your HTTPS endpoint URL
- Select which events to subscribe to (or select all)
- Click Add Webhook
- Copy the signing secret that's generated
- Click Test to verify delivery
That's it. You can add up to 5 webhook endpoints per project.
Security: HMAC-SHA256 Signatures
Every webhook payload includes an X-AISG-Signature header containing an HMAC-SHA256 digest of the request body, signed with your webhook secret. Always verify this server-side before processing the event.
import hmac, hashlib
from flask import request, abort, jsonify
WEBHOOK_SECRET = "whsec_your_secret_here"
@app.route("/webhooks/aisg", methods=["POST"])
def handle_aisg_webhook():
# 1. Verify signature
payload = request.get_data()
signature = request.headers.get("X-AISG-Signature", "")
expected = "sha256=" + hmac.new(
WEBHOOK_SECRET.encode(), payload, hashlib.sha256
).hexdigest()
if not hmac.compare_digest(expected, signature):
abort(401)
# 2. Route by event type
event = request.json
event_type = event["event"]
if event_type == "dlp.pii_blocked":
# Alert security team — someone tried to send PII
slack_alert(
channel="#ai-security",
text=f"🚨 PII blocked: {event['data']['entity_types']}"
)
elif event_type == "budget.exhausted":
# Notify billing — project needs a top-up
slack_alert(
channel="#billing",
text=f"💰 Budget exhausted for project {event['project_id']}"
)
elif event_type == "loop.detected":
# Kill the agent — it's stuck
kill_agent_process(event["data"]["fingerprint"])
return jsonify({"status": "ok"}), 200Routing to Slack
The simplest integration is a direct Slack webhook. Create an Incoming Webhook in your Slack workspace, then use it as your AISG webhook endpoint. For more control, route through a lightweight function (AWS Lambda, Cloudflare Worker) that formats the message before posting to Slack.
import json, hmac, hashlib, urllib3
AISG_SECRET = "whsec_..."
SLACK_URL = "https://hooks.slack.com/services/T.../B.../..."
SEVERITY = {
"dlp.pii_blocked": "🔴",
"dlp.injection_blocked": "🔴",
"dlp.pii_redacted": "🟡",
"budget.exhausted": "🟠",
"loop.detected": "🟠",
}
def handler(event, context):
body = event["body"]
sig = event["headers"].get("x-aisg-signature", "")
expected = "sha256=" + hmac.new(
AISG_SECRET.encode(), body.encode(), hashlib.sha256
).hexdigest()
if not hmac.compare_digest(expected, sig):
return {"statusCode": 401}
data = json.loads(body)
icon = SEVERITY.get(data["event"], "ℹ️")
text = f"{icon} *{data['event']}* — project `{data['project_id']}`"
http = urllib3.PoolManager()
http.request("POST", SLACK_URL, body=json.dumps({"text": text}),
headers={"Content-Type": "application/json"})
return {"statusCode": 200}Delivery Reliability
AISG retries failed deliveries up to 2 times with 1-second backoff (3 total attempts). The timeout per attempt is 10 seconds. Webhook delivery runs as a background task — it never adds latency to your API response.
Best Practices
- Always verify signatures — never trust a webhook payload without checking the HMAC
- Return 200 quickly — do heavy processing asynchronously after acknowledging receipt
- Deduplicate by webhook_id — retries may deliver the same event twice
- Subscribe selectively — high-frequency events (pii_redacted) can generate volume; only subscribe if you need them
- Use separate endpoints for different severities — route critical blocks to PagerDuty and informational events to a logging pipeline
Webhook notifications are included in all AISG plans — free tier included. Configure up to 5 endpoints per project, select your event types, and start receiving real-time alerts. Start free or read the docs.
Join the Community