The Problem
AI agents are everywhere. They’re writing code, browsing the web, executing tools. But how do you know what’s actually happening?- What API calls are being made? Your agent might be making dozens of calls you don’t see.
- How much are you spending? Token costs add up across multiple models and providers.
- What data is being sent? Sensitive information might be going to AI providers.
- What tools are being invoked? Agents can execute code, access files, make network requests.
The Solution
OISP Sensor captures AI activity at the operating system level. It watches network traffic to AI providers and extracts structured events—no code changes needed.What Gets Captured
| Category | Events |
|---|---|
| AI Requests | OpenAI, Anthropic, Google, Mistral, Cohere, Ollama |
| AI Responses | Completions, streaming chunks, embeddings |
| Tool Calls | Function calls, MCP tools, results |
| Process Info | Which application made each call |
| Network | Connection details, timing |
How It Works
On Linux, OISP Sensor uses eBPF (Extended Berkeley Packet Filter) to capture SSL/TLS traffic at the kernel level.- No proxies — Traffic isn’t redirected, just observed
- All languages — Python, Node.js, Go, Rust—anything using OpenSSL
- Encrypted traffic — Captures plaintext before/after SSL encryption
- Low overhead — eBPF runs in kernel space efficiently
Export Options
Captured events can go to:- Web UI — Real-time dashboard at
http://localhost:7777 - JSONL files — For offline analysis
- WebSocket — For real-time streaming
- OTLP — To any OpenTelemetry backend
- Kafka — For high-throughput streaming
Privacy
OISP includes automatic redaction:Use Cases
- Debug AI agents — See exactly what your agent is doing step by step
- Track costs — Monitor token usage across all applications
- Security audits — Log every AI interaction for compliance
- Development — Understand how AI SDKs behave
Next Steps
- Installation — Get OISP Sensor running
- Quick Start — Capture your first events
- What Works Today — Current capabilities