AI agents and automation Plan the rollout
Access Rights, Auditing, and Security for AI Agent
An AI agent isn’t just a “smart bot”—it’s an autonomous system with rights and consequences. Without proper security architecture, it could make decisions that violate regulations, leak data, or damage reputation.
What are access rights and auditing in the context of an AI agent?
Access Rights — a set of policies defining which actions an agent can perform on behalf of a user or system (e.g., “read email,” “create tasks,” “pay bills”).
Audit — logging system for all agent actions: inputs, tool calls, decisions, errors, and outputs. Auditing ensures transparency, traceability, and recovery after failure.
Important: Rights and audit are not an “add-on” but part of the agent’s architecture. Without them, the agent cannot be deployed in corporate business production environments.
Architectural Contour: How Rights, Auditing, and Security Interrelate
flowchart TD
A[User / System] -->|Request| B[Router / Auth Gateway]
B --> C{Authorized?}
C -->|Yes| D[Agent Core]
C -->|No| E[Reject + Log]
D --> F[Tool Executor]
F --> G[Audit Logger]
G --> H[Log Storage]
D --> I[Fallback / Human Review]
I --> G
H --> J[Compliance / Review UI]
Example: Access rights in the accounting agent
The agent processes invoices. His rights:
read:invoices— read incoming invoicesapprove:invoices— confirm payment (with limit ≤ 100,000 ₽)create:payment_order— create a payment in SBP- No
delete:invoices— deletion is prohibited - No
approve:invoices:amount:gt:100k— for amounts >100,000, human-in-the-loop is required
Rights are set in agent_manifest.json and are verified at the level runtime policy engine before calling tools.
Pseudocode: Permission check before calling the tool
function executeTool(agent, toolName, params) {
// 1. Get current agent rights
const agentRights = getAgentRights(agent.id);
// 2. Check if the agent has permission to use the tool and parameters
if (!canUseTool(agentRights, toolName, params)) {
auditLog({
type: 'RIGHTS_VIOLATION',
agentId: agent.id,
tool: toolName,
params: redact(params),
reason: 'missing_permission'
});
throw new PermissionError(`Tool ${toolName} not allowed`);
}
// 3. Execute the tool
const result = callTool(toolName, params);
// 4. Log the result
auditLog({
type: 'TOOL_EXECUTED',
agentId: agent.id,
tool: toolName,
status: 'success',
resultHash: hash(result)
});
return result;
}
What to Log in an Audit: Example Event Structure
| Field | Description | Example |
|---|---|---|
event_id | Unique event ID | "evt_7f3a2b1c" |
agent_id | Agent ID | "agent_acme_buh" |
timestamp | ISO 8601 | "2025-04-10T14:32:11Z" |
action | Action type | "tool_call" |
tool | Tool Name | "create_payment_order" |
input_hash | Hash of input data (excluding PII) | "sha256:9a8b..." |
output_hash | Result hash | "sha256:c3d4..." |
decision | Agent’s solution (optional) | "approve_invoice_#4421" |
review_status | Human review status | "pending" | "approved" | "rejected" |
Typical Errors and Risks
- Default rights: “everything allowed” — the agent can accidentally delete data or execute a payment without restrictions.
- Logging PII data in plain text — GDPR/152-FZ violations, fines, and data breaches.
- Absence of solution audit — It’s impossible to prove the agent acted correctly during the dispute.
- No fallback logic on audit failure — If the logger is unavailable, the agent continues working → risk of losing evidence.
- Rights are not tied to context — The agent can use the “right to create an account” in an unexpected scenario (e.g., creating a fake account for themselves).
Agent Security Checklist
- [ ] Each agent has a unique set of permissions (not “everything”).
- [ ] Rights are checked at runtime (not only in config)
- [ ] Audit logs: actions, decisions, errors, fallback status
- [ ] PII and sensitive data are hashed or removed from logs
- [ ] Agent cannot disable auditing or modify permissions
- [ ] For critical actions—Human-in-the-loop with decision recording
- [ ] Audit logs are stored in an immutable storage (e.g., S3 + WORM)
- [ ] UI/API for viewing audit logs and filtering by agent/date/action