TL;DR: Agentic AI systems need a persistent reasoning trace because state alone cannot explain how a decision was reached, what tool changed context, or where drift began, according to Kong. A commit-log model turns observability, governance, and replay into architectural properties, not after-the-fact instrumentation, and that changes how teams should build production AI.
NHIMG editorial — based on content published by Kong: Your AI Agent Knows What. It Doesn't Know Why
Questions worth separating out
Q: How should teams govern agentic AI when the model can act across multiple tools and services?
A: Teams should govern the full execution path, not just the model endpoint.
Q: Why is a reasoning trace more useful than a state snapshot for AI agents?
A: A state snapshot shows what the agent knows at a moment in time, but it does not show how it got there.
Q: What breaks when agent memory is built only from retrieval and vector storage?
A: You lose provenance. Retrieval systems can return relevant context, but they cannot prove which source changed the decision, in what order actions occurred, or whether the agent drifted after a tool call. That makes governance, replay, and audit far weaker than they appear.
Practitioner guidance
- Adopt an event-log-first memory model Record every context update, tool invocation, and decision as ordered events so the agent's path can be replayed without relying on ephemeral state stores.
- Define provenance as a governance requirement Require immutable traces for regulated or customer-facing workflows, and make the trace available to security, compliance, and engineering teams as the review artefact.
- Extend controls to the full connectivity surface Apply authentication, policy enforcement, schema checks, and logging to APIs, event streams, and downstream consumers, not only to the model endpoint.
What's in the full article
Kong's full article covers the operational detail this post intentionally leaves for the source:
- How Kong Event Gateway is positioned to govern Kafka topics, AsyncAPI-described streams, and real-time event flows.
- The article's reasoning-trace architecture for replay, forking, and counterfactual debugging across agent sessions.
- The way Kong AI Gateway and Event Gateway are described as spanning synchronous API traffic and asynchronous event paths.
- The article's discussion of schema enforcement, retention, and redaction for governed agent event streams.
👉 Read Kong's analysis of event-sourced memory for agentic AI governance →
Event-sourced agent memory: what IAM and security teams should know?
Explore further
Event-sourced memory is the right architectural model for agentic identity because state snapshots cannot satisfy provenance requirements. Agentic systems change context over time through tool use, retrieval, and delegated actions, so the governing question is not what the agent knows now but what changed its state and why. A commit log captures that sequence in a way snapshots never can. Practitioners should treat the log as the evidence layer for agent identity behaviour.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to the same report.
A question worth separating out:
Q: How do security teams know if their agent governance is actually working?
A: They should test whether they can replay a real session and identify the exact decision point where behaviour changed. If the organisation cannot answer what the agent saw, which tool it called, and why the output shifted, then the governance model is incomplete.
👉 Read our full editorial: Agentic AI needs a reasoning trace, not just state