I have more info and the answer to this question.
This is new for 12.1 RU5, is not a configurable alert as it is built-in, and cannot be disabled.
It encompases two checks:
- Request Authorization failed - Beginning with SEPM 12.1 RU5, the SEPM performs a server-side authorization check on each incoming request to ensure that the privileges needed for the operation in the request are assigned to the administrator in the session.
- Request Tampering detection - Included is a request signature with each incoming request and the server validates this signature.