The latest articles on DEV Community by Afridi Ibrahim (@afridi_ibrahim_575277d15d). https://dev.to/afridi_ibrahim_575277d15d https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3862217%2F0a9c7ac9-b5a2-44b8-8e7d-6e1ac14cddd5.jpg https://dev.to/afridi_ibrahim_575277d15d en Afridi Ibrahim Sat, 11 Apr 2026 13:06:40 +0000 https://dev.to/afridi_ibrahim_575277d15d/layer-5-is-missing-ai-guardrails-need-evidence-not-logs-3akd https://dev.to/afridi_ibrahim_575277d15d/layer-5-is-missing-ai-guardrails-need-evidence-not-logs-3akd <h2> The standard guardrails stack </h2> <p>Most modern AI guardrails architectures follow a similar 5-layer structure:</p> <ol> <li>Input Screening — prompt filtering, injection detection </li> <li>Dialog Control — flow control, policy enforcement </li> <li>LLM Generation — model output </li> <li>Output Validation — structure, safety, correctness </li> <li>Audit Layer — logging, traceability, compliance </li> </ol> <p>Layers 1–4 are well-defined and actively implemented across frameworks.</p> <p>Layer 5 is where things break down.</p> <h2> The problem with Layer 5 </h2> <p>Almost every architecture mentions audit logging as a requirement:</p> <p>“log everything for compliance”<br><br> “ensure traceability”<br><br> “support forensic reconstruction” </p> <p>But in practice, this usually means logs.</p> <p>Logs are not designed for compliance-grade evidence:</p> <ul> <li>not portable </li> <li>not verifiable </li> <li>not tamper-evident </li> <li>difficult to share across systems </li> </ul> <p>They are implementation details, not artifacts.</p> <h2> Why this matters </h2> <p>Regulations like the EU AI Act (Article 12) require:</p> <ul> <li>traceability </li> <li>auditability </li> <li>documentation of system behavior </li> </ul> <p>This is not satisfied by raw logs sitting inside an application.</p> <p>Auditors, regulators, and external systems need <strong>portable evidence</strong>, not internal debug data.</p> <h2> The missing piece: portable evidence </h2> <p>What’s missing is a standardized artifact layer that sits on top of guardrails systems.</p> <p>Instead of:<br> → “we logged what happened”</p> <p>We need:<br> → “here is a verifiable record of what happened”</p> <h2> EPI as Layer 5 </h2> <p>EPI Recorder is an open-source approach to this problem.</p> <p>It produces <code>.epi</code> artifacts — portable, signed records of:</p> <ul> <li>what input was processed </li> <li>what policies were applied </li> <li>what was allowed, blocked, or modified </li> <li>what validations passed or failed </li> </ul> <p>GitHub: <a href="https://github.com/mohdibrahimaiml/epi-recorder" rel="noopener noreferrer">https://github.com/mohdibrahimaiml/epi-recorder</a><br><br> PyPI: <a href="https://pypi.org/project/epi-recorder/" rel="noopener noreferrer">https://pypi.org/project/epi-recorder/</a></p> <p>These artifacts can be:</p> <ul> <li>stored </li> <li>shared </li> <li>independently verified </li> <li>used in compliance workflows </li> </ul> <h2> How this fits into existing systems </h2> <p>This does not replace guardrails frameworks.</p> <p>It complements them.</p> <p>Any system (NeMo Guardrails, Guardrails AI, Agent Control, etc.) can add:</p> <ul> <li>a post-execution hook </li> <li>an export API </li> <li>or a plugin </li> </ul> <p>to produce portable evidence artifacts.</p> <h2> Rethinking Layer 5 </h2> <p>The industry already agrees Layer 5 is required.</p> <p>The mistake is treating it as “logging.”</p> <p>Layer 5 should be:</p> <p>→ a portable evidence layer<br><br> → standardized artifacts<br><br> → verifiable outputs </p> <p>Not just logs.</p> <h2> Final thought </h2> <p>Guardrails control behavior.</p> <p>Evidence proves it.</p> <p>Without portable evidence, compliance remains incomplete.</p> <p>Layer 5 is not logging.</p> <p>Layer 5 is evidence.</p> ai machinelearning opensource devops