AI-specific monitoring needs to capture more than standard request logs: the full prompt and response (or a privacy-conscious hash/summary of them), which tools were invoked and with what parameters, and flags from any input/output classifiers running in the pipeline. Without this, an incident investigation after the fact has almost nothing to work with — you'll know a bad output happened, but not what input caused it or which defense layer failed.
Good monitoring also means alerting, not just logging: automated flags for classifier hits, unusual tool-call patterns, or output that trips a content filter should reach a human quickly, not sit unreviewed in a log file that gets checked once a quarter.