Auditing access
Knowing who and what can reach your AI and its data: the audit log as ground truth, catching privilege drift, and monitoring for abuse.
Least privilege is a moment-in-time state; auditing is how you keep it true over time and prove it to others. Access sprawls — new tools, new integrations, a 'temporary' broad permission that never got narrowed — and without auditing, a system that launched least-privileged drifts into excessive agency one convenient grant at a time.
The append-only audit log
Every security-relevant event gets recorded in a log nothing can edit or delete (append-only): every tool action the AI took (what, when, on whose behalf, with what result), every access to sensitive data, every auth event, every guardrail rejection, every config or prompt-version change. This log is your ground truth for three jobs:
- Incident response: 'what did the AI do, and can we undo it?' is answered by a query, not an investigation. When an agent misbehaves, the action log is the black box.
- Detection: abnormal patterns — a spike in refunds, an agent reading unusual volumes of customer data, a surge in guardrail rejections (someone's probing) — surface in the log before they surface in complaints.
- Compliance & proof: regulators and customers ask 'who can access what, and who did?' An append-only, queryable answer is the difference between a passed audit and a scramble.
Catching privilege drift
- Review access periodically — the tools, credentials, and data scopes the AI holds, checked against what its current function needs. Grants that were justified once and aren't now are the drift you're hunting (dormant permissions, over-broad roles).
- Alert on the high-signal events: privilege escalations, new tool grants, access to sensitive resources outside normal patterns, guardrail-rejection spikes.
- Segment and least-privilege the audit system itself — the log is sensitive (it contains what the AI touched); protect it and restrict who can read it.
Continuously auditing who and what can access which systems, flagging over-privileged and dormant access, detecting the risky patterns — done by hand here, at one system's scale — is exactly what Edova's Sentinel product automates across a whole company's cloud estate. The findings you'll generate in the lab (an over-privileged tool, a dormant credential, a missing audit trail) are the findings that product surfaces at scale. You're learning the manual craft behind the automated product.