Notifications
Clear all
Topic starter
22/06/2026 10:18 am
TL;DR: AI agent audit logs must capture user identity, agent identity, delegated scope, tool-level actions, and approval context because application logs alone cannot reconstruct who authorised what, according to WorkOS. Without session-level accountability, enterprises cannot verify agent behaviour, satisfy compliance, or investigate incidents with confidence.
NHIMG editorial — based on content published by WorkOS: Why AI agent audit logs are different from application logs
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.
Questions worth separating out
Q: How should security teams log AI agent actions for audit and compliance?
A: Security teams should log AI agent actions as identity events, not just application events.
Q: Why are application logs not enough for AI agent governance?
A: Application logs are built for operational troubleshooting, so they usually miss the approval chain, agent identity, and session scope that matter in agentic systems.
Q: What should an AI agent audit trail include?
A: An audit trail should include who initiated the session, which agent executed it, what the agent was authorised to do, the exact tool calls made, the results returned, and whether a human approved the action.
Practitioner guidance
- Separate operational logs from audit logs Keep application telemetry in the observability stack, but write agent actions to a dedicated audit store with immutable records, identity-centric indexing, and retention aligned to compliance needs.
- Record the full delegation chain Capture the human initiator, the agent identity, the approved scope, and the downstream tool invocation in one session record so investigators can reconstruct on-behalf-of activity.
- Make approval state searchable Store who approved an action, when approval happened, and when the session expires, so teams can verify whether a tool call was human-approved or autonomous.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- A concrete example of the minimum viable agent audit log schema and how each field supports accountability.
- A side-by-side comparison of application logs and audit logs for the same agent action, including record structure.
- Practical guidance on completeness, immutability, retention, and identity-based query design for audit systems.
- How on-behalf-of token exchange and approval state should appear in the record for compliance use.
👉 Read WorkOS's analysis of why AI agent audit logs differ from application logs →
AI agent audit logs: what do security teams need beyond app logs?
Explore further
22/06/2026 11:09 am
Agent audit logging is a governance control, not an observability enhancement. The article is right to separate operational logging from accountability logging because agentic behaviour creates a second identity layer that traditional app logs were never designed to prove. Application telemetry can tell you that a tool call succeeded, but not whether the action was inside an approved session or whether the agent was the true executor. Practitioners should treat this as a distinct control plane for non-human identity.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to GitGuardian & CyberArk.
A question worth separating out:
Q: Who is accountable when an AI agent acts on behalf of a user?
A: The human initiator usually remains accountable for the task, but the organisation must be able to show how the agent was authorised and what it actually did. Accountability fails when logs flatten the agent into the user account and erase the approval trail. Strong audit records keep both identities visible and searchable.
👉 Read our full editorial: AI agent audit logs need identity, scope, and delegation context
