Agent Action Audit Trail
Log every tool call, decision step, memory read/write, and external interaction made by an AI agent so that the full action sequence can be reconstructed after the fact.
Objective
Enable post-hoc accountability and incident investigation for agent-driven workflows by maintaining a complete, tamper-evident action log.
Maturity Levels
Initial
Agent actions are not logged; only final outputs are available for review.
Developing
Some agent actions are logged but coverage is incomplete and logs are not structured for audit use.
Defined
All tool calls, decision points, and external interactions are logged with timestamps, inputs, outputs, and agent identity.
Managed
Logs are centralized, retained per policy, and queried regularly during incident investigations and governance reviews.
Optimizing
Logs are analyzed automatically for anomaly detection; structured log data feeds model improvement pipelines.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Log schema documentation specifying required fields, storage type (append-only), access controls, and retention period
- —Sample audit log entries confirming all required fields are present and populated for a representative set of agent workflows
- —Storage integrity configuration evidence confirming write-once, access-controlled storage with no modify or delete access for normal operations
- —Retention compliance report confirming logs are maintained for the required period
- —Cross-agent trace records demonstrating trace_id propagation across agent boundaries for at least one multi-agent workflow
Implementation Notes
Key steps
- Log at the tool boundary, not just the model response: capture the exact call made, the parameters passed, and the raw response returned — model summaries of tool results are unreliable.
- Include a session/trace ID that links all steps in a single agent workflow, enabling full reconstruction of multi-step sequences.
- Treat agent logs with the same integrity requirements as financial audit logs: write-once, tamper-evident storage, access-controlled.
- For multi-agent systems, propagate the originating trace ID across agent boundaries so cross-agent workflows can be traced end-to-end.
Example Implementation
Finance team using an AI agent to prepare and submit regulatory filings
Agent Audit Log Schema — Regulatory Filing Agent
Required fields per log entry:
| Field | Type | Description |
|---|---|---|
| trace_id | UUID | Links all steps in one filing workflow |
| step_seq | Integer | Step number within trace |
| agent_id | String | Agent version identifier |
| tool_name | String | Exact tool or API called |
| tool_input | JSON | Full parameters passed (PII hashed) |
| tool_output_hash | SHA-256 | Hash of raw tool response |
| tool_output_summary | String | Non-sensitive summary for review |
| timestamp | ISO-8601 | UTC timestamp of tool execution |
| outcome | Enum | SUCCESS / ERROR / REJECTED |
Storage: Append-only log store; no delete or modify access except to designated retention manager after documented hold period
Retention: 10 years (EU AI Act Art. 12 high-risk logging requirement)
Cross-agent: trace_id propagated to any sub-agent invocations to enable end-to-end reconstruction
Control Details
- Control ID
- AGT-006
- Domain
- Agentic AI
- Typical owner
- AI Engineering / CISO
- Implementation effort
- Medium effort
- Agent-relevant
- Yes