DEV Community

Afridi Ibrahim
Afridi Ibrahim

Posted on

Layer 5 is Missing: AI Guardrails Need Evidence, Not Logs

#ai #devops #opensource #machinelearning

The standard guardrails stack

Most modern AI guardrails architectures follow a similar 5-layer structure:

  1. Input Screening — prompt filtering, injection detection
  2. Dialog Control — flow control, policy enforcement
  3. LLM Generation — model output
  4. Output Validation — structure, safety, correctness
  5. Audit Layer — logging, traceability, compliance

Layers 1–4 are well-defined and actively implemented across frameworks.

Layer 5 is where things break down.

The problem with Layer 5

Almost every architecture mentions audit logging as a requirement:

“log everything for compliance”

“ensure traceability”

“support forensic reconstruction”

But in practice, this usually means logs.

Logs are not designed for compliance-grade evidence:

  • not portable
  • not verifiable
  • not tamper-evident
  • difficult to share across systems

They are implementation details, not artifacts.

Why this matters

Regulations like the EU AI Act (Article 12) require:

  • traceability
  • auditability
  • documentation of system behavior

This is not satisfied by raw logs sitting inside an application.

Auditors, regulators, and external systems need portable evidence, not internal debug data.

The missing piece: portable evidence

What’s missing is a standardized artifact layer that sits on top of guardrails systems.

Instead of:
→ “we logged what happened”

We need:
→ “here is a verifiable record of what happened”

EPI as Layer 5

EPI Recorder is an open-source approach to this problem.

It produces .epi artifacts — portable, signed records of:

  • what input was processed
  • what policies were applied
  • what was allowed, blocked, or modified
  • what validations passed or failed

GitHub: https://github.com/mohdibrahimaiml/epi-recorder

PyPI: https://pypi.org/project/epi-recorder/

These artifacts can be:

  • stored
  • shared
  • independently verified
  • used in compliance workflows

How this fits into existing systems

This does not replace guardrails frameworks.

It complements them.

Any system (NeMo Guardrails, Guardrails AI, Agent Control, etc.) can add:

  • a post-execution hook
  • an export API
  • or a plugin

to produce portable evidence artifacts.

Rethinking Layer 5

The industry already agrees Layer 5 is required.

The mistake is treating it as “logging.”

Layer 5 should be:

→ a portable evidence layer

→ standardized artifacts

→ verifiable outputs

Not just logs.

Final thought

Guardrails control behavior.

Evidence proves it.

Without portable evidence, compliance remains incomplete.

Layer 5 is not logging.

Layer 5 is evidence.

Top comments (0)