If you cannot reproduce what the agent did, you cannot audit it

Record enough of each run to reconstruct it exactly, and debugging, auditing, and compliance all become possible. Keep only the output and a regulator's question has no answer.

B

Balagei G Nagarajan

3 MIN READ


An agent run being reconstructed from a complete recorded trail for an audit
EU AI Act Article 12 says high-risk AI logs automatically.
— from “If you cannot reproduce what the agent did, you cannot audit it”

Key facts.

  • The EU AI Act requires high-risk AI systems to keep automatic logs and records (Article 12). That makes a reconstructable trail legal obligation, not an option.source
  • The NIST AI Risk Management Framework expects AI behavior to be measured and documented, the basis for auditable reproducibility.source
  • Agent behavior is path-dependent, as multi-turn escalation work like Crescendo shows, so a run cannot be reproduced by re-running and must be reconstructed from a record.source

Why is reproducibility so hard for agents?

Agent behavior is path-dependent, the escalation Crescendo exploits, so a rerun cannot audit it; a newer model is as random, so the trail or the rework. (arXiv:2404.01833)

Deterministic software: rerun it and you get the same path. Agents don't work that way. Step 3 depends on steps 1 and 2. Different session, different path. Crescendo showed how this plays out with multi-turn escalation. Each run goes somewhere different. There's no rerun that recreates what happened. What you have is the original run, or you have nothing. For a post-incident debugging session, "we can't reproduce it" is a headache. For an audit, it's a blocked inquiry. For a regulator asking why the system made that decision, it's a compliance failure. Keeping the final output without the trail is like a verdict with no hearing on record.

EU AI Act Article 12 says high-risk AI logs automatically. Not optional. NIST AI RMF says behavior gets measured and documented. Both land in the same place: you need a trail for every run. Inputs, context retrieved, tool calls and their outputs, reasoning. The chain from start to outcome. Without it, you can't debug, can't audit, can't answer for what the agent did.

A complete recorded trail of an agent run enabling exact reconstruction for audit

What has to be recorded?

ElementOutput onlyReconstructable record
InputsDiscardedCaptured
Retrieved contextLostRecorded
Tool calls and resultsNot keptLogged in order
ReasoningGoneCaptured for replay

A pile of raw logs isn't a reconstructable trail. Recording what matters means knowing which decisions drove the outcome. VibeModel's Pattern Intelligence Layer ties behavior to decision patterns, so the recorded trail captures reasoning against expected patterns, not just raw events. An auditor, a debugger, or a regulator can actually follow the run from that record.

Frequently asked questions

Why not just re-run to reproduce?
Agent behavior is non-deterministic and path-dependent, so re-running yields a different run. Only a recorded trail of the original can answer what happened.

Is reproducibility legally needed?
For high-risk AI, yes. The EU AI Act mandates automatic logging so runs can be reconstructed and examined.

What must the record contain?
Inputs, retrieved context, every tool call and result and the reasoning, enough to replay and inspect the run without re-executing it.


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.