A generative AI model that provides financial advice has been deployed and is operating normally. Suddenly, the security team is alerted to an abnormally high volume of requests to the model's API endpoint, all originating from a single, unfamiliar IP address. This could indicate a malicious actor attempting a denial-of-service or model inversion attack. Which type of tool is primarily responsible for detecting such anomalous operational behavior?