diff --git a/backend/internal/service/ops_service.go b/backend/internal/service/ops_service.go
index abb8ae12..3b81258d 100644
--- a/backend/internal/service/ops_service.go
+++ b/backend/internal/service/ops_service.go
@@ -424,6 +424,16 @@ func isSensitiveKey(key string) bool {
 		return false
 	}
 
+	// Whitelist: known non-sensitive fields that contain sensitive substrings
+	// (e.g., "max_tokens" contains "token" but is just an API parameter).
+	switch k {
+	case "max_tokens", "max_completion_tokens", "max_output_tokens",
+		"completion_tokens", "prompt_tokens", "total_tokens",
+		"input_tokens", "output_tokens",
+		"cache_creation_input_tokens", "cache_read_input_tokens":
+		return false
+	}
+
 	// Exact matches (common credential fields).
 	switch k {
 	case "authorization",