Who approved this AI action?

    When an AI agent issues a refund, changes a record, or sends a message, someone eventually asks the hard question: who approved that? If the honest answer is "no one — it just ran," you have a problem you can't explain after the fact.

    Most AI stacks can tell you that an action happened. Far fewer can tell you it was allowed to happen, under which rule, before it ran — and fewer still can prove it to someone who wasn't in the room.

    "We have logs" is not an answer

    Logs record what happened. They don't establish that an action was authorized, and they're written by the same system that took the action. The question "who approved this?" is really three questions:

    • What was this AI action allowed to do — before it executed?
    • Which policy or budget rule made that decision, and what was its state at that moment?
    • Can a third party confirm both — without trusting your word for it?

    How Keel answers it

    Keel puts a decision in front of every AI action. Before the request reaches the provider, Keel issues a permit — a fail-closed authorization decision that applies your policy and budget. If the action isn't allowed, it doesn't run. After execution, Keel records a tamper-evident evidence record bound to that permit.

    • Decide before — the permit is the approval, captured at decision time, not reconstructed later
    • Prove after — the evidence record binds what was authorized to what actually ran
    • Verify independently — a third party checks it with the open-source keel-verifier, with no Keel account and no need to trust Keel

    Frequently asked questions

    Who approves an AI agent's actions in Keel?

    Your policy does, at decision time. Keel evaluates each action against the rules and budgets you define and issues a permit — a fail-closed authorization decision — before the action runs. The permit is the approval record.

    Isn't an audit log enough to show who approved an AI action?

    A log shows an action occurred; it doesn't establish the action was authorized before it ran, and it's produced by the system under review. Keel separates the authorization decision from the record and makes the record independently verifiable.

    Can someone outside my company verify who approved an AI action?

    Yes. Keel's evidence records are tamper-evident and externally anchored, and can be verified with the open-source keel-verifier without a Keel account and without trusting Keel.

    Next