How do I build a tamper-evident audit trail for AI agents?

Answer

Use cryptographic hash chaining: each audit record includes a SHA-512 hash of its own content concatenated with the previous record's hash. This creates a blockchain-like chain where modifying any historical record breaks all subsequent hashes. Additionally, generate verification hashes over aggregated reports (scorecards, artifacts) so any tampering is detectable. Store hashes in a separate append-only table or external service so even database administrators cannot silently alter the trail. AgentCompliant implements this pattern across risk scorecards and compliance artifacts.