Log / audit trail
The immutable, attributable record of every agent action — allowed and denied — recorded in the path as it happens.
A log, or audit trail, is the record of everything your agents do. For agents to be governable, the trail must have four properties: recorded in the path (as a precondition of the action, not reconstructed later), immutable (append-only and tamper-evident), attributable (tracing each action to the human who owns the agent), and exportable (streamed to the systems your auditors and responders already use).
Because a control plane sits between the agent and every resource, it records each action as it happens — allowed and denied. A denial is often the most valuable entry you have: it’s the proof a guard worked. A complete record answers who (agent and owner), what (action and arguments, secrets redacted), when (a trustworthy timestamp), under what authority (role and policy), and the verdict.
Immutability matters because an audit trail you can edit isn’t an audit trail. Records are typically append-only and hash-chained, so any deletion or edit breaks the chain visibly, and streamed to a destination the agents’ operators don’t control.
The payoff: questions that used to take a weekend of grepping — what did this agent do last month? who’s accountable for this transfer? — become a single query against one immutable source.
Related terms
Attribution
Tracing every agent action back through the agent identity to the accountable human who owns it.
SIEM (security information & event management)
The system your security team uses to collect, correlate, and alert on logs — including your agent audit trail.
Agent control plane
The layer in the path of every agent action that decides, enforces, and records what each agent can do.
Blast radius
The total damage an agent could do if it's compromised, prompt-injected, or simply wrong.
Put every agent your company runs under one policy.
Watch HiveKey scope, guard, and block a live action on your own agents — 30 minutes, no slides, no commitment.