Why logs make 'The AI Did It' the perfect excuse
“The AI hallucinated. I never asked it to do that.”
That’s the defense. And here’s the problem: it’s often hard to refute with confidence.
A financial analyst uses an AI agent to “summarize quarterly reports.” Three months later, forensics discovers the M&A target list in a competitor’s inbox. The agent accessed the files. The agent sent the email. But the prompt history? Deleted. The original instruction? The analyst’s word against the logs.
Without a durable cryptographic proof binding the human to a scoped delegation, “the AI did it” becomes a convenient defense. The agent can’t testify. It can’t remember. It can’t defend itself.
Logs Aren’t Proof
“But we log everything. We have OAuth logs.”
Most production agent systems do log a lot, and that’s good practice. Logs give visibility into what happened, when, and which component did it:
2026-01-15T14:32:01Z agent=research-bot action=file_read path=/data/ma/target-corp.pdf 2026-01-15T14:32:03Z agent=research-bot action=email_send [email protected]
With the right setup (append-only storage, signed timestamps, retention controls), logs can be tamper-evident. They can be excellent evidence that an event occurred inside your system.
... continue reading