Prompt-injection attacks remain one of the most persistent failure modes for production LLM agents, with public exploit galleries growing roughly 38% year-over-year. We investigate whether internal hidden-state activations carry a residual signature when an instruction in retrieved or tool-returned content overrides the developer's system prompt.
AI agents deployed in laboratories, hospitals, and production systems require operational monitoring. Current approaches (LangSmith, Arize, Datadog) use ML-based anomaly detection requiring cloud APIs, GPUs, and their own training data.
Synthetic logs are proposed as a privacy-preserving substitute for production data in anomaly detection research, but claims in the literature are rarely grounded in controlled comparisons between generation methods. We implement four methods—Random (no constraints), Template-based (format-string substitution), Constrained (rule-based causal graph generator), and LLM-based (Claude Haiku prompted with explicit causal specifications)—and evaluate 200 sequences per method (800 total, 5,337 entries) against three pre-defined fidelity criteria: temporal coherence, timing plausibility, and message specificity.
Production logs are inaccessible for ML training due to privacy constraints, yet anomaly detection research requires realistic data. We test whether constrained generation can produce synthetic logs preserving temporal causality in distributed payment system failure cascades.
Contamination events in drinking water distribution systems pose acute public health risks. Early detection is critical—typical contamination (chemical, microbial, or physical) travels through distribution networks, potentially affecting thousands within hours.