Skip to main content
Anomaly Detection scans your recent LLM events for statistical deviations and explains what it found in plain English. Select a time range, click Detect Anomalies, and the engine groups events by model, runs Z-score analysis against your baseline, and flags anything that falls outside normal range.
Anomaly Detection requires the Team plan or higher.
Looking for other AI features? ZespanPilot handles natural language queries and project actions. Cost Optimizer surfaces model-switching recommendations on the Costs page. Root Cause Analysis runs automatically on Incidents.

Running a scan

  1. Open AI Features from the left sidebar.
  2. Select a time range: Last 1 hour, Last 24 hours, or Last 7 days.
  3. Click Detect Anomalies.
The engine groups events by model before running detection so a spike in one model doesn’t mask healthy behavior in others.

What gets detected

Anomaly typeTrigger condition
LATENCY_SPIKEZ-score > 2.5 (high) or > 4.0 (critical) vs baseline
ERROR_SPIKEError rate > 10% with at least 3 errors in the window
COST_SPIKEPer-request cost increased > 1.5× from baseline

What anomaly cards show

Each detected anomaly produces a card with:
  • TypeLATENCY_SPIKE, ERROR_SPIKE, or COST_SPIKE
  • Severitycritical, high, medium, or low
  • Description — the specific metric values that triggered the detection
  • Affected models — which models are showing the deviation
  • AI recommendation — a plain-English suggested next step

Incident correlation

Anomalies at medium severity and above are automatically correlated with your Incidents feed. high and critical anomalies also fire your configured alert rules. You can also manually open an incident from any anomaly card using the Open incident button.
If the scan returns no anomalies, your metrics are within normal range for the selected window. This is the expected result most of the time.