DORA evidence for agentic AI demands identity-traceable audit trails

At a glance

What this is: Teleport argues that DORA compliance evidence must move from policy snapshots to identity-traceable, continuously generated audit trails, especially where agentic AI introduces non-deterministic actions.

Why it matters: For IAM and NHI teams, the article shows why human-centric logging, permanent privileges, and fragmented audit trails are increasingly inadequate for regulated AI operations.

By the numbers:

• The Digital Operational Resilience Act began enforcement on January 17, 2025, and supervisors are now in active supervision.
• The four-hour initial notification rule in Article 19 requires proof that the reporting clock starts immediately upon classification.

👉 Read Teleport's guide to DORA compliance evidence for agentic AI

Context

DORA compliance is about proving operational resilience, not just writing policies that look complete on paper. For financial institutions, that means the evidence problem is now an identity problem too, because every high-risk action must be traceable to a specific human or non-human identity, and agentic AI complicates that requirement by acting autonomously at machine speed.

The article frames a common failure pattern: controls may exist, but assessors cannot verify they worked when the event occurred. That is especially relevant for NHI governance because service accounts, shared credentials, and AI agents can blur attribution, weaken auditability, and create gaps between approved access and actual execution.

This is a typical pressure point for regulated environments. The challenge is not new, but agentic AI makes it harder to rely on manual evidence collection, periodic screenshots, or vague access reviews as proof of control effectiveness.

Key questions

Q: How should security teams prove DORA compliance for AI agents that act autonomously?

A: They should require identity-traceable evidence for every high-risk agent action, including the initiating prompt, approval path, tool use, execution window, and revocation record. The goal is not to prove that an agent produced output, but to prove who authorised it, what scope it had, and whether its activity stayed inside that scope.

Q: When does just-in-time access help most in DORA evidence collection?

A: JIT access helps most when teams need to prove that elevated privileges existed only long enough for a specific task and were then removed. It is especially useful for regulated workflows because it creates a cleaner audit trail than standing admin rights and reduces the time an identity can be misused.

Q: What is the difference between design effectiveness and operating effectiveness in compliance audits?

A: Design effectiveness asks whether a control should satisfy the requirement on paper. Operating effectiveness asks whether that control actually works in practice and produces evidence over time. In DORA contexts, both matter, because a documented control that cannot generate proof is still a compliance gap.

Q: Why do AI agents create more audit risk than traditional service accounts?

A: AI agents can choose actions dynamically, call tools unexpectedly, and chain multiple steps without direct human intervention. That makes it harder to explain intent, scope, and authorization from ordinary logs alone. Auditors need a reconstruction of decisions, not just a record that an action happened.

Technical breakdown

Design effectiveness vs. operating effectiveness in DORA audits

DORA assessors distinguish between a control that is documented and a control that actually works over time. Design effectiveness asks whether the control architecture meets the requirement in theory, such as whether an ICT risk management framework exists and is approved. Operating effectiveness asks whether the control consistently produces verifiable evidence in real conditions, such as logs, timestamps, approvals, and versioned updates. This distinction matters because a policy without runtime proof does not establish resilience. In identity terms, the issue is not only who had access, but whether the system can prove how that access was used and whether it was revoked when required.

Practical implication: Treat every policy as incomplete until it produces audit-ready evidence from real systems.

Why agentic AI breaks traditional identity attribution

Agentic AI does not behave like static software. It plans, iterates, calls tools, and can take different paths to reach the same goal, which makes simple event logs insufficient. Traditional IAM and PAM were built to attribute actions to humans or to stable service identities, not to explain why an agent selected a tool or executed a step outside a narrow script. When agents share credentials or run under service accounts, audit trails can show activity without showing intent, authorization context, or decision lineage. That creates a governance gap that DORA exposes immediately because assessors need reconstructable evidence, not just output records.

Practical implication: Add agent-specific telemetry that links prompts, approvals, tool use, and execution outcomes.

Identity-traceable audit trails and JIT access as evidence controls

The article’s core technical prescription is to make every elevated action identity-traceable and time-bound. JIT access reduces persistent privilege exposure by granting access only for the task window, while session recordings and immutable logs provide the context needed to prove what happened. For agents, this must extend beyond access tokens to include the initiating prompt, the authorization path, the plan generated before execution, and the exact tools invoked. Without that chain, a regulator sees a black box. With it, the organisation can show least privilege, integrity-protected monitoring, and traceable operational control across both human and machine activity.

Practical implication: Build evidence pipelines that capture approval, elevation, execution, and revocation as one continuous record.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity traceability is now a DORA control objective, not just an IAM preference. The article is correct to frame evidence as more than recordkeeping because regulators need to see how an action maps back to a specific identity and approved scope. That is especially true when agents operate under service accounts or shared credentials, where attribution can disappear unless the organisation deliberately engineers it back in. Practitioners should treat identity traceability as part of resilience evidence, not an after-the-fact reporting exercise.

Ephemeral privilege is becoming the default evidence pattern for regulated automation. Permanent administrative access produces noisy logs and weak justifications, which is exactly the kind of evidence gap DORA exposes. JIT access gives assessors a cleaner chain: request, approval, elevation, action, and revocation. That does not solve every agentic AI risk, but it sharply reduces the gap between policy and proof. Practitioners should shift high-risk workflows toward time-bound access as a baseline control.

Fragmented logging is now a governance failure, not a tooling inconvenience. DORA requires incident reconstruction across systems, and agentic workflows make cross-domain correlation unavoidable. If network, identity, application, and third-party logs cannot be stitched together, the organisation cannot explain what happened or when. That weakens both incident reporting and third-party oversight. Practitioners should design unified audit trails before expanding agentic automation into regulated workflows.

Identity blast radius is the right concept for AI agent governance. The article points to a familiar problem in a new form: once an autonomous actor holds credentials, the organisation must understand how far that actor can move and what it can affect. The issue is not only least privilege, but also how quickly a misrouted action can cascade into reporting, resilience, and third-party exposure. Practitioners should measure and reduce the blast radius of every agent identity.

DORA is pushing AI governance toward verifiable runtime controls. The regulation is forcing organisations to move beyond documentation and toward evidence that can be produced on demand. That aligns with broader NHI governance patterns in zero-trust environments, where continuous verification matters more than static trust. Practitioners should expect audits to increasingly test runtime proof, not just policy existence.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
• Only 20% of organisations have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• That gap makes DORA evidence work harder, because runtime proof is only credible when access lifecycle controls and audit trails move together.

What this signals

Ephemeral credential trust debt is becoming a practical governance issue for regulated AI programmes. When autonomous systems rely on short-lived access but the organisation cannot show why access was granted, what it touched, and when it ended, the evidence burden simply moves downstream into audit and incident response. Teams should align evidence retention with privileged access lifecycle controls and the NIST AI Risk Management Framework rather than treating agent logs as an isolated technical issue.

With 91.6% of secrets still valid five days after notification, according to the Ultimate Guide to NHIs, delayed revocation remains one of the clearest signs that identity lifecycle and evidence lifecycle are out of sync. That matters in DORA environments because a control that cannot show timely revocation is difficult to defend as operating effectively. Practitioners should monitor revocation latency as a board-level resilience metric.

The next phase of DORA implementation will reward organisations that can correlate identity, agent, and system telemetry into one audit narrative. That is not just a logging upgrade, it is a governance design choice that determines whether AI-driven operations remain explainable under regulatory scrutiny. Teams should expect evidence collection to converge with Zero Trust Architecture and stricter runtime verification norms.

For practitioners

• Map every high-risk workflow to an identity and an evidence owner Define which human, service account, or agent identity is responsible for each regulated action, then assign one owner for the audit trail, approval record, and retention requirements.
• Replace standing admin access with task-scoped JIT elevation Use just-in-time access for privileged human and non-human users, and require automatic revocation at the end of the approved window so the log shows a clean request-to-revoke chain.
• Capture agent decision context, not just system events Record the initiating prompt, the plan generated before execution, the tools invoked, and the approval path for any autonomous action that could affect regulated systems.
• Unify identity, application, and infrastructure logs Centralise logs across internal systems and third-party interfaces so incident reconstruction can follow one chain from access to execution to containment without manual correlation.
• Test whether evidence can survive an audit challenge Run a tabletop exercise that asks teams to prove one privileged action, one agent action, and one incident classification using only the logs and records the organisation actually retains.

Key takeaways

• DORA raises the bar from documenting controls to proving that human and agent actions stayed inside approved scope.
• Agentic AI makes identity attribution, log correlation, and revocation timing central to audit defensibility.
• The strongest response is to combine JIT access, immutable audit trails, and agent-specific telemetry into one evidence chain.

Key terms

• Operating Effectiveness: Operating effectiveness is the proof that a control works in real conditions, not just on paper. In DORA contexts, assessors look for logs, timestamps, approvals, and repeatable execution that show the control kept functioning over time.
• Just-in-Time Access: Just-in-time access is temporary privilege granted only for a defined task and then removed automatically. For NHI governance, it reduces standing privilege, narrows exposure windows, and creates a clearer audit trail for regulated actions.
• Identity Traceability: Identity traceability is the ability to link each action back to a specific identity, authorisation path, and time window. It is essential when humans, service accounts, and AI agents all operate in the same environment and auditors need a defensible record.
• Agent-Specific Telemetry: Agent-specific telemetry is logging that captures an AI agent's prompt, plan, tool selection, execution, and outcome. It goes beyond standard system logs by preserving the decision context needed to explain autonomous behaviour under audit or incident review.

What's in the full article

Teleport's full guide covers the operational detail this post intentionally leaves for the source:

• Article-by-article mapping of DORA pillars to evidence artifacts for ICT risk, incident response, and third-party oversight
• Examples of audit records that prove operating effectiveness, including timestamps, meeting minutes, and version-controlled control updates
• Step-by-step guidance for proving agent decision lineage with prompts, approvals, and contextual logs
• Implementation detail on unified logging, immutable storage, and continuous monitoring evidence for regulated environments

👉 Teleport's full guide covers the evidence artifacts, logging patterns, and agent-specific telemetry in more detail.

Deepen your knowledge

DORA evidence for agentic AI is covered in the NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is building audit-ready identity controls for regulated automation, it is worth exploring.