Security and Safety

Audit Logging

Audit logging creates a tamper-resistant record of every action an agent takes, including tool calls, file modifications, API requests, data access, and decision points, giving you the forensic trail needed for security investigations, compliance audits, and post-incident analysis. Unlike standard application logging, agent audit logs must capture the full reasoning context: not just what the agent did, but what information it had access to and what triggered each decision, because agent behavior is non-deterministic and you cannot reproduce an incident by simply re-running the same input. Organizations evaluating agentic coding tools for enterprise use treat audit logging as a prerequisite rather than a nice-to-have, because without it you cannot prove accountability for AI-initiated changes to regulators, auditors, or your own security team.

subtopics

Audit Trail Design

Log Analysis for Agents

connected to

Observability Platforms Compliance

resources

Claude Code: Activity Logsdocs.anthropic.comHow Claude Code logs agent actions for audit and review (docs.anthropic.com)OWASP: Insufficient Loggingowasp.orgWhy insufficient logging is a top security risk (owasp.org)OpenTelemetry: AI Observabilityopentelemetry.ioExtending observability standards to capture AI agent telemetry (opentelemetry.io)SOC 2 Complianceaicpa-cima.comAudit and compliance requirements relevant to AI system logging (aicpa-cima.com)

view in track