diff --git a/web-log-monitor.py b/web-log-monitor.py
index c30bc15..a45d3de 100644
--- a/web-log-monitor.py
+++ b/web-log-monitor.py
@@ -619,7 +619,8 @@ def process_batch(logs, args):
                                 )
                             except Exception as e:
                                 print(f"  Failed to record LLM finding to DB: {e}")
-                            log_abuse(ip, f.get("type", "unknown"))
+                            if f.get("severity") in ("high", "critical"):
+                                log_abuse(ip, f.get("type", "unknown"))
                 all_findings.extend(findings)
                 print(f"  LLM found suspicious activity: {result.get('summary')}")