How to prove what an AI agent did
There's a difference between knowing what your AI agent did and being able to prove it — to an auditor, a regulator, a customer, or a court — months later, when the system has changed. Proof has to stand on its own, without your help.
Why logs fall short as proof
A log is a claim made by the system that took the action. It can be edited, it can be incomplete, and it asks the reader to trust the party under review. That's fine for debugging. It's weak as evidence, precisely when evidence matters most.
Durable proof of an AI action needs three properties:
- Tamper-evidence — any change to the record is detectable.
- A binding — the record ties what the agent did to what it was authorized to do.
- Independent verification — someone who doesn't trust you, and has no account with your vendor, can still confirm it.
How Keel produces verifiable proof
Keel records each AI action as a tamper-evident evidence record, bound to the permit that authorized it before execution. The record is externally anchored, so its integrity doesn't depend on Keel's own storage.
To verify, a third party runs the open-source keel-verifier. It confirms — independently of Keel — that the recorded action matches what was authorized and that the record hasn't been altered. No Keel account. No trust in Keel required. The verifier runs even if Keel is gone.
What you can prove
- What the agent was authorized to do, before it ran.
- What it actually did, bound to that authorization.
- That the record is intact and hasn't been changed after the fact.
- All of the above, without anyone having to trust Keel.
Frequently asked questions
How do you prove what an AI agent did?
Record each action as a tamper-evident evidence record bound to the pre-execution permit that authorized it, anchored externally, and verifiable by a third party with an open-source verifier — so the proof doesn't depend on trusting the system that produced it.
Why aren't logs enough to prove what an AI agent did?
Logs are produced by the system under review and can be altered or incomplete. They show an action occurred but don't bind it to an authorization or let an outside party verify integrity. Keel's records are tamper-evident, bound to the permit, and independently verifiable.
Can I prove what my AI agent did six months later?
Yes. Keel's evidence records are durable, tamper-evident, and externally anchored, and remain independently verifiable with the keel-verifier well after the action — even if your stack has changed.