Session Explorer
sess-001
Sales Assistant
C94%about 2 years ago
sess-002
Support Bot
E99%about 2 years ago
sess-003
Research Assistant
T78%about 2 years ago
sess-004
DevOps Assistant
C91%about 2 years ago
sess-005
Analytics Bot
S72%about 2 years ago
5 sessions3 with patterns
Session sess-001Suspicious
Sales Assistant15m 0s4 invocations
92Critical
Causal94%
User: mike.johnson@company.com
Trace ID: trace-abc-123
Started: 1/15/2024, 6:30:00 AM
1
about 2 years ago
6:30:15 AM
list_fileson filesystem-mcp
Directory enumeration for customer data files
EnumerationMEDIUM120ms
2
about 2 years ago
6:32:00 AM
uses file_path: customers.csv(from list_files)
read_fileon filesystem-mcp
Reading customer database file containing PII
Data AccessHIGHPII: emails, phone_numbers, names1450ms
3
about 2 years ago
6:35:00 AM
uses email: john@test.com(from read_file)
query_databaseon database-mcp
Cross-referencing customer emails with payment data
Data AccessCRITICALPII: emails, credit_cards, addresses1280ms
4
about 2 years ago
6:40:00 AM
uses customer_data: 847KB customer records(from query_database)
send_emailon email-mcp
Sending customer PII to external email address
ExternalCRITICALPII: emails, credit_cards11200ms
TRUST BOUNDARY: internal.company.comgmail.com(customer_pii, credit_card_data)
Detected Patterns
Data Exfiltration
94% confidenceSequential data collection and exfiltration to external email. Customer PII (847KB) extracted from internal systems and sent to external gmail address.
Involved invocations:
#1#2#3#4