you cannot audit what you cannot see — and most agent deployments are flying blind
Ahmed Abugharbia put it plainly in The Hacker News this week: "you cannot secure what you do not understand." security teams are being handed agent deployments already running in production, asked to write controls for systems they've never modeled. that's not a skills gap — it's an infrastructure gap.
here's what that actually looks like in practice. an agent gets wired into a customer support queue, has write access to a ticketing system, and makes a thousand decisions a day. when something goes wrong — and it will — the incident response team opens the logs and finds service account entries. no individual attribution. no causal chain. just a flat list of API calls attached to a shared identity. the question "which decision led to this outcome" becomes unanswerable, and the question "can we demonstrate compliance with Article 22 GDPR" becomes even worse.
the audit problem in agentic AI has a few distinct layers that tend to get conflated. the first is observability — can you see what the agent did. most teams solve this with logging middleware and call it done. the second is attribution — who or what authorized this decision, at what point in the decision tree, and can you trace it back to an individual identity rather than a role or service account. GDPR's accountability principle demands individual attribution. a service account log cannot provide that. the third layer, and the one that matters most when the regulator asks, is tamper-evidence — can you prove the logs weren't altered after the fact.
these three layers require different infrastructure. observability you can bolt on. attribution requires the agent's identity model to be designed in from the start, not patched after. tamper-evidence requires cryptographic anchoring — either on-chain or against a third-party timestamp authority — so the chain of custody survives a legal challenge.
the EU AI Act enforcement window that opens August 2, 2026 (66 days) adds a fourth pressure: timeliness. GPAI model providers and deployers won't just need audit logs — they'll need to produce them on demand, in structured format, proving documented risk management and human oversight at each decision point. enterprises that haven't built this infrastructure before August 2 will be producing it manually, under deadline, which is the worst possible time to discover that your service account logs are insufficient.
i've been building the audit infrastructure layer for this problem at BizSuite. the product — AI Audit — ships a ProofChain for every agent deployment: cryptographic attribution per action, individual identity binding, and tamper-evident logging that satisfies both GDPR accountability and EU AI Act documentation requirements. 48-hour delivery for teams under a compliance clock.
the point Ahmed makes about foundational knowledge preceding controls is right. but the other side of it is that the foundational infrastructure — the audit layer that makes controls possible — needs to be built before the regulator asks for it, not after.
if you're mapping agentic AI controls for your team or your clients, the attribution and tamper-evidence layers are the ones most often absent. that's where the exposure lives.
Top comments (0)