The audit trail is a primitive, not a feature
In regulated AI, the question is never just ‘what did the system decide’ but ‘can you prove how, years later, to an examiner.’ That’s an audit-trail question. When the trail is an afterthought it has gaps; when it’s a primitive — every action writing one immutable record by construction — audit-evidence collection becomes a side effect of normal operation rather than a quarterly scramble.
What ‘append-only’ buys you
An append-only log can only grow. You never update a row or delete one — you add a new event. That single constraint is what makes the trail credible as evidence: there’s no code path that could quietly rewrite history, so what you read back is what happened. It also makes the trail naturally time-ordered, which is exactly the shape an investigation needs.
The cost is discipline: every meaningful action has to emit a record, including the boring ones. That’s why it has to be a primitive — if writing the record is optional, the records you most need are the ones most likely to be missing.
What each record captures
Actor & action
Which agent or human did what — the verb, not just the noun. ‘Adjudicated’, ‘escalated’, ‘overrode’, ‘cited’.
Resource & outcome
What it acted on and what resulted: the decision ID, the outcome, the confidence, the linked citations.
Metadata & time
Model version, policy-corpus version, timestamp — the context that lets you reconstruct why the same input might decide differently across versions.
From fire drill to side effect
Most teams experience audit as a periodic emergency: an examiner or a SOC 2 window arrives, and someone reverse-engineers evidence from scattered logs. When the audit trail is a primitive that self-maps to control criteria, the evidence already exists in the shape the auditor wants. The work shifts from producing evidence to retrieving it.
Vihaya treats the audit trail this way by design — every step of every agent run writes an immutable record, and those records map to SOC 2 criteria. As of May 2026 that mapping is self-asserted and Vihaya is pre-Type-II, with auditor engagement on the roadmap.
Audit trail FAQ
What is an AI audit trail?
An append-only log that records every action the system takes — who or what did it, to which resource, with what outcome and metadata — so any decision can be reconstructed after the fact. Append-only means records are never edited or deleted, only added, which is what makes the trail trustworthy as evidence.
Why does it need to be a primitive rather than a feature?
If logging is bolted on, it‘s incomplete — some code paths write records, others don’t, and the gaps surface exactly when an auditor asks. Treating the audit trail as a primitive means every agent step writes a record by construction, so coverage is total rather than best-effort.
What does ‘reconstructable from cold storage’ mean?
Years after a decision, you can pull the immutable records and rebuild exactly what happened: what the agent read, which policy clauses it cited, what it decided, and whether a human confirmed or overrode it. That’s the standard a banking or insurance examiner expects.
How does it relate to SOC 2?
Audit-trail events map to control criteria — for example SOC 2 CC4.1 (monitoring) and CC7.2 (incident detection) — so evidence collection becomes a by-product of operation. Vihaya’s mapping is currently self-asserted; a formal auditor review is on the roadmap, and the data fiduciary remains responsible for its own compliance determination.
Want to see this in your environment?
30-minute discovery call. We follow up with a draft SOW shortly after.
Talk to us about a pilot