AI agents and automation Plan the rollout

Access Rights, Auditing, and Security for AI Agent

An AI agent isn’t just a “smart bot”—it’s an autonomous system with rights and consequences. Without proper security architecture, it could make decisions that violate regulations, leak data, or damage reputation.

What are access rights and auditing in the context of an AI agent?

Access Rights — a set of policies defining which actions an agent can perform on behalf of a user or system (e.g., “read email,” “create tasks,” “pay bills”).
Audit — logging system for all agent actions: inputs, tool calls, decisions, errors, and outputs. Auditing ensures transparency, traceability, and recovery after failure.

Important: Rights and audit are not an “add-on” but part of the agent’s architecture. Without them, the agent cannot be deployed in corporate business production environments.

Architectural Contour: How Rights, Auditing, and Security Interrelate

flowchart TD  
    A[User / System] -->|Request| B[Router / Auth Gateway]  
    B --> C{Authorized?}  
    C -->|Yes| D[Agent Core]  
    C -->|No| E[Reject + Log]  
    D --> F[Tool Executor]  
    F --> G[Audit Logger]  
    G --> H[Log Storage]  
    D --> I[Fallback / Human Review]  
    I --> G  
    H --> J[Compliance / Review UI]

Example: Access rights in the accounting agent

The agent processes invoices. His rights:

  • read:invoices — read incoming invoices
  • approve:invoices — confirm payment (with limit ≤ 100,000 ₽)
  • create:payment_order — create a payment in SBP
  • No delete:invoices — deletion is prohibited
  • No approve:invoices:amount:gt:100k — for amounts >100,000, human-in-the-loop is required

Rights are set in agent_manifest.json and are verified at the level runtime policy engine before calling tools.

Pseudocode: Permission check before calling the tool

function executeTool(agent, toolName, params) {
  // 1. Get current agent rights
  const agentRights = getAgentRights(agent.id);

  // 2. Check if the agent has permission to use the tool and parameters
  if (!canUseTool(agentRights, toolName, params)) {
    auditLog({
      type: 'RIGHTS_VIOLATION',
      agentId: agent.id,
      tool: toolName,
      params: redact(params),
      reason: 'missing_permission'
    });
    throw new PermissionError(`Tool ${toolName} not allowed`);
  }

  // 3. Execute the tool
  const result = callTool(toolName, params);

  // 4. Log the result
  auditLog({
    type: 'TOOL_EXECUTED',
    agentId: agent.id,
    tool: toolName,
    status: 'success',
    resultHash: hash(result)
  });

  return result;
}

What to Log in an Audit: Example Event Structure

FieldDescriptionExample
event_idUnique event ID"evt_7f3a2b1c"
agent_idAgent ID"agent_acme_buh"
timestampISO 8601"2025-04-10T14:32:11Z"
actionAction type"tool_call"
toolTool Name"create_payment_order"
input_hashHash of input data (excluding PII)"sha256:9a8b..."
output_hashResult hash"sha256:c3d4..."
decisionAgent’s solution (optional)"approve_invoice_#4421"
review_statusHuman review status"pending" | "approved" | "rejected"

Typical Errors and Risks

  • Default rights: “everything allowed” — the agent can accidentally delete data or execute a payment without restrictions.
  • Logging PII data in plain text — GDPR/152-FZ violations, fines, and data breaches.
  • Absence of solution audit — It’s impossible to prove the agent acted correctly during the dispute.
  • No fallback logic on audit failure — If the logger is unavailable, the agent continues working → risk of losing evidence.
  • Rights are not tied to context — The agent can use the “right to create an account” in an unexpected scenario (e.g., creating a fake account for themselves).

Agent Security Checklist

  • [ ] Each agent has a unique set of permissions (not “everything”).
  • [ ] Rights are checked at runtime (not only in config)
  • [ ] Audit logs: actions, decisions, errors, fallback status
  • [ ] PII and sensitive data are hashed or removed from logs
  • [ ] Agent cannot disable auditing or modify permissions
  • [ ] For critical actions—Human-in-the-loop with decision recording
  • [ ] Audit logs are stored in an immutable storage (e.g., S3 + WORM)
  • [ ] UI/API for viewing audit logs and filtering by agent/date/action