TL;DR: Agentic systems cannot pass production review on logs alone because auditors need authority, intent, and delegation context to explain why an action happened, according to Strata Identity. Without that narrative, standing privileges and fragmented traces leave security, compliance, and regulators unable to defend agent behaviour, which blocks deployment.
NHIMG editorial — based on content published by Strata Identity: If You Can't Explain an Agent's Actions, You Can't Defend Them
Questions worth separating out
Q: How should security teams audit agentic AI systems before production?
A: Audit agentic AI systems by requiring evidence that ties the initiating subject, the executing agent, the intent, and the outcome into one record.
Q: Why do standing privileges create problems for agent governance?
A: Standing privileges create problems because they sever the connection between the task and the authority used to perform it.
Q: What do security teams get wrong about audit logs for AI agents?
A: They often treat audit as a record-keeping exercise when it is actually an accountability control.
Practitioner guidance
- Capture subject, actor, intent, and outcome for every agent action Define an audit record that preserves who initiated the request, which agent executed it, what the task objective was, and what changed downstream.
- Eliminate standing privilege from agent execution paths Move agents toward task-scoped authority so access can be justified at execution time.
- Centralize traces across identity and tool boundaries Correlate identity decisions, policy evaluations, and service interactions in one trace stream so auditors can follow the delegation chain end to end.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- The article expands on the four-part audit record model, including how subject, actor, intent, and outcome are captured.
- It shows why OpenTelemetry-style traces help correlate identity decisions across distributed agent workflows.
- It explains how an AI Identity Gateway preserves delegation chains and propagates context through MCP-connected tools.
- It describes the Sandbox approach for proving auditability before production approval.
👉 Read Strata Identity's analysis of why agentic auditability depends on authority and intent →
Agentic auditability: what breaks when intent is not captured?
Explore further
Agentic audit fails because authority without context is not defensible. The article’s core point is that a valid token is not enough when the actor is an agent operating across tools and time. Existing IAM audit models were designed for discrete human requests, not for systems that can act before a reviewer can reconstruct the why. The implication is that evidence models for agentic identity have to be judged on explainability, not event count.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: Who is accountable when an AI agent acts outside expectations?
A: Accountability depends on whether the organisation can show who authorized the agent, under what context, and with what constraints. If those elements were never captured, responsibility becomes hard to prove even if the action was technically permitted. That is why audit design must start before production.
👉 Read our full editorial: Agentic audit fails when authority and intent are missing