gen-ai: add security guardian (apply_guardrail) span + finding event

[nagkumar91]

Motivation

GenAI semantic conventions cover model, agent, and tool operations, but they don’t provide a vendor-neutral way to observe security guardian/
guardrail evaluations (allow/deny/modify decisions) and the specific security findings produced during those evaluations. This limits
auditability, incident investigation, and cross-provider correlation for systems using guardrails across different vendors and frameworks.

What this PR adds

• Adds apply_guardrail to the gen_ai.operation.name enum for guardrail/guardian evaluations.
• Adds new attributes under gen_ai.guardian.* and gen_ai.security.* to describe:
  • Guardian identity (gen_ai.guardian.*)
  • Decision outcomes (gen_ai.security.decision.*)
  • Target being evaluated (gen_ai.security.target.*)
  • Findings and policy context (gen_ai.security.risk.*, gen_ai.security.policy.*)
  • Opt-in content capture (gen_ai.security.content.*)
• Note: gen_ai.security.risk.category is a free-form string with suggested values aligned with OWASP LLM Top 10 2025.
• Adds a new span: span.gen_ai.apply_guardrail.internal (guardian evaluation).
• Adds a new event: gen_ai.security.finding (individual findings under a guardian evaluation).
• Adds documentation: docs/gen-ai/gen-ai-security.md (linked from docs/gen-ai/README.md).

References

• OTel GenAI semantic conventions: https://opentelemetry.io/docs/specs/semconv/gen-ai/
• OWASP Agent Observability Standard (decision events / allow-deny-modify model): https://aos.owasp.org/spec/trace/events/
• OWASP Agent Observability Standard (mapping guidance to OpenTelemetry): https://aos.owasp.org/spec/trace/extend_opentelemetry/
• OWASP LLM Top 10 (2025): https://genai.owasp.org/llm-top-10/

Prototypes / instrumentation links

• Prototype overview + run instructions: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/README.md
• Run-all script (real chat + sample tool calls): https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/run_all_demos.py
• OTEL bootstrap + exporter wiring: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/otel_bootstrap.py
• Guardian span + event helpers: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/otel_guardian_utils.py
• OpenAI Agents SDK demo: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/openai_agents/openai_agents_guardian.py
• LangChain demo: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/langchain/langchain_guardian_agent.py
• LangGraph demo: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/langgraph/langgraph_guardian_agent.py
• Google ADK demo: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/google_adk/adk_guardian_agent.py
• Semantic Kernel demo: https://github.com/open-telemetry/semantic-conventions/blob/261dbb83529f6fa5f3cf1ab5b80135dd989f1cd2/prototype/semantic_kernel/semantic_kernel_guardian_agent.py

Tests

• make table-generation registry-generation
• make markdown-toc
• make SED=sed check-policies (macOS note: the repo defaults to gsed)

Changelog

This is user-facing (new conventions). Add a .chloggen/*.yaml entry with component: gen-ai, or apply the “Skip Changelog” label if
maintainers agree it’s not required for this proposal stage.