Cribl Guard: AI to detect sensitive data in telemetry streams
The telemetry specialist Cribl is expanding its Guard product with continuous AI analysis to detect patterns of sensitive data in logs and events.
(Image: kung_tom / Shutterstock.com)
- Jens Söldner
US provider Cribl has introduced a new feature for the security module Guard of its telemetry platform Cribl Stream. Guard analyzes data during processing in the pipeline – and the new so-called Background Detection expands this with an AI model that continuously searches for previously unknown patterns of sensitive data. This includes personal information, secrets like API keys or passwords, and regulated data that is not captured by existing rule-based detection mechanisms.
Unlike traditional DLP (Data Loss Prevention) tools, which copy data streams out of the customer environment for analysis, the AI model runs directly on the so-called workers, according to Cribl. These are the processing nodes of the Cribl platform where the actual data processing takes place. Sensitive data therefore does not leave the customer's infrastructure. Detected patterns are displayed in the Cribl interface; security teams can review them there, discard them, or convert them into new protection rules with one click.
From static rules to continuous detection
Cribl positions the innovation as a paradigm shift: Instead of relying on static rule sets, which tend to become outdated quickly, companies are intended to continuously identify new risks with background detection. According to Cribl CPO Dritan Bitincka, the function captures sensitive information before it even reaches a data store. This facilitates the transition from reactive cleanup to proactive risk mitigation.
Videos by heise
According to Cribl, numerous companies worldwide use the platform, including half of the Fortune 100 companies. Cribl Stream acts as a kind of data hub that receives, filters, enriches, and forwards logs, metrics, and events from various sources to target systems such as SIEMs, observability platforms, or data lakes. Guard has been available as a security module of Cribl Stream since September 2025 and comes with over 200 pre-configured detection rules, which are now supplemented by AI-assisted search.
(wpl)
