Connect your AI agent in 5 minutes.

Point any OpenTelemetry GenAI instrumentation at 24observe and your agent reports token usage, cost, latency, and errors — and the AI-agent security detections (prompt injection, token/cost abuse, runaway tool loops, sensitive tool use, MCP injection-via-tool-result) start watching from the first span. They're auto-enabled on every account, so there's nothing to turn on.

The dashboard has a guided version of this with a live "connected" check: AI Agents → “+ Connect an agent.” The steps below are the same.

1. Get an ingest token

In the dashboard, AI Agents → “+ Connect an agent” → “Generate ingest token,” or Settings → API tokens with scope logs:write. The token is ingest-only — it can ship telemetry, nothing else. Shown once; revoke anytime.

2. Set the OTLP env

Any OTel GenAI instrumentation reads these:

OTEL_EXPORTER_OTLP_ENDPOINT=https://api.24observe.com/api/v1/otlp
OTEL_EXPORTER_OTLP_HEADERS=Authorization=Bearer <YOUR_INGEST_TOKEN>
OTEL_SERVICE_NAME=my-agent

Already running OpenLLMetry, OpenLIT, or the official OTel GenAI instrumentations? You're done — just set the env and they export to us. No SDK swap.

3. Instrument (if you aren't already)

Python — the most common agent runtime:

# OpenLLMetry (works the same with OpenLIT / the official OTel GenAI instrumentations)
pip install traceloop-sdk

from traceloop.sdk import Traceloop
Traceloop.init(app_name="my-agent")   # reads the OTEL_* env above

# Your OpenAI / Anthropic / LangChain / LlamaIndex calls now emit gen_ai.* spans
# automatically — no per-call changes.

Node — a tiny, dependency-light wrapper with opt-in tool-result capture:

npm install @observe24/genai

import { instrument, recordChat, wrapTool } from '@observe24/genai';
const h = instrument({
  endpoint: 'https://api.24observe.com/api/v1/otlp',
  token: process.env.OBSERVE_TOKEN!,   // the ingest token from step 1
  serviceName: 'my-agent',
  captureContent: false,               // see Content & privacy
});
recordChat({ system: 'openai', model: 'gpt-4o-mini', inputTokens: 42, outputTokens: 128 });
const out = await wrapTool('read_file', () => readFile(path), { type: 'function' });
await h.shutdown();   // flush on exit

4. Verify

Spans carrying gen_ai.* attributes land in AI Agents within seconds, with cost + per-model / per-agent / per-operation breakdowns. The connect panel flips to “✓ Receiving agent telemetry.” If a span trips a rule (e.g. a prompt-injection marker, or an oversized output), an incident opens automatically with the MITRE technique attached — same incident timeline + alert routing as the rest of the platform.

Content & privacy

captureContent is off by default — only metadata (model, token counts, tool names, operation, finish reason) is sent, never prompt/completion text. Turning it on unlocks the highest-signal detections (prompt-injection and the MCP tool-result injection that is the dominant agent attack vector), because they scan content. When on, edge redaction runs at ingest — bearer tokens, JWTs, AWS/LLM/GitHub keys are stripped before storage. Decide per your threat model; you can capture content for tool results only.

What gets detected

• Prompt injection / jailbreak — known markers in prompt/completion content.
• Token / cost blowout — oversized outputs (unbounded generation).
• Runaway tool loops — excessive tool-call volume in a window.
• Sensitive tool use — shell / exec / payment / SQL / delete tool names.
• MCP tool-result injection & secret exfil — injection or keys inside a tool result returned to the model (needs tool-result capture).

See also the API for Agents and the OTel Collector docs.