TL;DR: AI agents are making millions of decisions across chained services, but without a cryptographically verifiable audit trail, organisations cannot reconstruct who did what, why, or when, according to Strata Identity. That turns observability into a governance, compliance, and litigation problem, not just an engineering one.
NHIMG editorial — based on content published by Strata Identity: The Black Box You Don’t Have Will Be the Lawsuit You Can’t Win
Questions worth separating out
Q: How should security teams prove what AI agents did in production?
A: Security teams should require a complete, cryptographically protected action trail that links the initiating request, every delegation step, the credential or token used, and the final system effect.
Q: Why do standard IAM logs fail for agentic workflows?
A: Standard IAM logs fail because they capture isolated events, not the full delegation chain that explains how one decision led to another.
Q: What makes an audit trail defensible for autonomous systems?
A: A defensible audit trail must be immutable, identity-bound, and replayable.
Practitioner guidance
- Map every delegation chain end to end Capture the full path from human request to final action, including agent handoffs, service account use, token exchange, and external API calls.
- Adopt cryptographically signed action records Use tamper-evident records for high-risk agent actions so identity, delegation, and timestamp integrity survive incident review and legal challenge.
- Define replay requirements for critical workflows Identify which agent transactions must be replayable after an incident, then preserve the state needed to reproduce the exact sequence, timing, and scope changes.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- The exact Agentic Sandbox workflow for capturing and replaying delegated actions across systems.
- The proposed Verifiable Action Attestations model for cryptographically signing agent activity.
- The compliance mapping for audit evidence, retention, and forensic reconstruction.
- The specific failure scenarios the sandbox is designed to reproduce in production-like conditions.
👉 Read Strata Identity's analysis of agent observability and black box evidence →
Agent observability: what IAM teams must prove before incidents?
Explore further
Agent observability is becoming a governance control, not a monitoring feature. The article correctly frames the absence of a black box as a legal and regulatory liability, because modern identity programmes need evidentiary proof, not just alerts. In practice, the control problem is not whether something was logged, but whether the full action chain can be reconstructed under audit, dispute, or breach review. Practitioners should treat observability as part of identity governance, not as an SRE add-on.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent causes a production incident?
A: Accountability stays with the organisation that granted the agent its authority, then with the teams that designed, approved, and monitored the workflow. That is why identity governance must preserve delegation lineage back to a named human or control owner, rather than treating the agent as an isolated actor.
👉 Read our full editorial: Agent observability is now a governance and legal exposure