How to set up an audit trail for AI agents

Steps

1. 1

   Log at the action boundary, not the model boundary

   Capture events where the agent touches the world: every tool call that writes, sends, or moves something. Model-call logs tell you what the agent considered; action logs tell you what it did. Auditors ask the second question.

2. 2

   Fix the event schema early

   Each event needs: timestamp, agent identity and version, the human or trigger it acted on behalf of, the action and its parameters, the policy decision that allowed it (including which approvals), the outcome, and a trace ID linking back to the full task. Schema changes later mean two eras of evidence that don't join.

3. 3

   Redact at write time

   Tool inputs and outputs carry customer data. Decide field by field what is stored raw, what is masked, and what is hashed for matching without disclosure. Redaction at query time means the sensitive data was retained all along — which is its own finding.

4. 4

   Make the store append-only and the retention deliberate

   Write to storage that nobody — including the agent platform's own admins — can quietly edit. Set retention to match the longest obligation that applies to you (financial-services and healthcare rules commonly run five to seven years), and document why.

5. 5

   Rehearse retrieval

   Pick a real past incident or invent one: "show every action agent X took against customer Y in March." Time how long the answer takes. If it is days, the trail exists but the capability does not. The rehearsal also surfaces the joins you forgot — usually between approvals and actions.