Audit trails for AI agents: what auditors ask for
When an agent changes a record, can you say who, what, and who approved it — months later? An audit trail for agents, and what a compliance review will ask.
ReadCategory
7 posts on security. Explore the security pillar.
When an agent changes a record, can you say who, what, and who approved it — months later? An audit trail for agents, and what a compliance review will ask.
ReadNIST AI RMF and ISO 42001 say what good AI governance looks like. Here is how to run it for agents that act — mapped to controls a platform can enforce.
ReadNotion turned its workspace into a hub that orchestrates outside agents, governed by admin gatekeeping and per-agent credit limits. Planoda governs the other way — per-action propose-and-approve. Here's why the unit of control matters more than the orchestration layer.
ReadAn AI agent that can change your data needs more than a kill switch. Here's the propose-and-approve broker model — per-action review, immutable audit, and a cost ledger — that lets agents do real work while a human stays accountable for every consequential change.
ReadAs AI agents move from suggesting to acting inside your work platform, 'who approved this?' stops being a nice-to-have and becomes a compliance question. A practical look at why propose-and-approve, immutable audit trails, and per-workspace cost control are becoming table stakes.
ReadEvery team rushing AI into their product has reopened a class of vulnerability we thought we'd solved. Most AI tools are wide open. The defense is old, boring, and entirely ignored.
ReadRow-level security, SSO/SAML, SCIM, and an immutable audit log — the controls that turn a multi-week security review into a one-day sign-off.
ReadTry it