AI Security Gateway
SHIPPED

Webhook Notifications

Share

Webhooks turn AISG from a dashboard you check into security infrastructure that feeds your existing SOC workflow. Real-time HTTPS notifications when security events occur — HMAC-SHA256 signed.

PII blocked, prompt injections caught, budgets exhausted, or agent loops detected — your team knows immediately, not in the next morning's log review.

Event Types

dlp.pii_blocked

A request was blocked because PII was detected and the policy action is "block"

Payload data: entity_types, violation_count, model

dlp.injection_blocked

A prompt injection attempt was detected and blocked

Payload data: entity_types, violation_count, has_injection, model

dlp.pii_redacted

PII was detected and redacted — the request continued with sanitized content

Payload data: entity_types, violation_count, model

budget.exhausted

A request was rejected because the project balance is below the minimum threshold

Payload data: balance_usd, model

loop.detected

A recursive agent loop was detected and blocked

Payload data: fingerprint, hit_count, model, cooldown_seconds

Setup

1

Navigate to your project

Open the project dashboard and click "Webhooks" in the sidebar.

2

Add an endpoint

Enter your HTTPS URL and select which events to subscribe to. You can subscribe to all events or pick specific ones.

3

Copy your signing secret

A unique HMAC signing secret is generated for each webhook. Store it securely — you'll need it to verify payloads.

4

Test the webhook

Click "Test" to send a sample payload. Verify your endpoint receives it and returns a 2xx response.

Payload Format

Webhook POST payload
{
  "webhook_id": "wh_a1b2c3d4e5f6",
  "event": "dlp.pii_blocked",
  "timestamp": "2026-05-22T14:30:00Z",
  "project_id": "proj_abc123",
  "request_id": "req_def456",
  "data": {
    "action": "block",
    "entity_types": ["CREDIT_CARD", "EMAIL_ADDRESS"],
    "violation_count": 3,
    "model": "oah/llama-4-maverick"
  }
}

Headers

HeaderValue
Content-Typeapplication/json
X-AISG-Signaturesha256=<HMAC-SHA256 hex digest of the request body>
X-AISG-EventThe event type (e.g., dlp.pii_blocked)
User-AgentAISG-Webhook/1.0

Signature Verification

Always verify the X-AISG-Signature header to confirm the payload was sent by AISG and hasn't been tampered with.

Python — Verify signature
import hmac
import hashlib
from flask import request, abort

WEBHOOK_SECRET = "whsec_your_signing_secret"

@app.route("/webhooks/aisg", methods=["POST"])
def handle_webhook():
    payload = request.get_data()
    signature = request.headers.get("X-AISG-Signature", "")

    expected = "sha256=" + hmac.new(
        WEBHOOK_SECRET.encode(),
        payload,
        hashlib.sha256,
    ).hexdigest()

    if not hmac.compare_digest(expected, signature):
        abort(401)

    event = request.json
    match event["event"]:
        case "dlp.pii_blocked":
            alert_security_team(event)
        case "budget.exhausted":
            notify_billing(event)
        case "loop.detected":
            kill_agent(event)

    return "", 200
Node.js — Verify signature
const crypto = require("crypto");

app.post("/webhooks/aisg", (req, res) => {
  const payload = JSON.stringify(req.body);
  const signature = req.headers["x-aisg-signature"];
  const expected = "sha256=" + crypto
    .createHmac("sha256", process.env.WEBHOOK_SECRET)
    .update(payload)
    .digest("hex");

  if (!crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  )) {
    return res.status(401).send("Invalid signature");
  }

  // Process event...
  res.status(200).send("OK");
});

Delivery & Retries

PropertyValue
Timeout10 seconds per attempt
RetriesUp to 2 retries on failure (3 total attempts)
Backoff1 second between retries
Success criteriaAny 2xx response
Max endpoints5 per project
ProtocolHTTPS only (HTTP endpoints are rejected)
Delivery IPsFixed NAT gateway range — contact us for the current IP list for firewall allowlisting

For critical security event delivery, configure your endpoint to return 200 immediately and process events asynchronously. The 3-attempt retry window is short by design to keep webhook dispatch non-blocking. For enterprise SIEM integrations that require guaranteed delivery, we recommend an intermediate queue (SQS, Pub/Sub) between your webhook receiver and your SIEM pipeline.

Common Integrations

Slack

Post to a #ai-security channel when PII is blocked or injections are caught

PagerDuty

Create incidents on budget exhaustion or repeated loop detections

Splunk / SIEM

Forward all events to your security information and event management system

Custom dashboard

Build a real-time security status board with event counts and trends

Related Documentation

Recursive Loop Protection

Auto-kill agent retry loops

EU AI Act Compliance Logging

Tamper-evident audit trails

LLM Budget Enforcement

Per-project spend caps with HTTP 402

AI Gateway with PII Redaction

28+ entity types, text and image

Join the Community

GitHubLinkedInX (Twitter)YouTube