// GLOSSARY -- POLICY ENFORCEMENT

What is an Immutable Audit?

2 min read Updated

An immutable audit is an audit log that cannot be modified or deleted after creation. This tamper-evidence is essential for compliance and forensic investigations — ensuring the historical record of agent actions is trustworthy and complete.

WHY IT MATTERS

An audit log is only valuable if it can be trusted. If an attacker who compromises an AI agent can also modify or delete the logs of what that agent did, the audit trail is worthless. If an insider can alter records to hide a policy violation, the compliance control is theatre. Immutability is what makes an audit log a source of truth rather than a suggestion.

For AI agent operations, immutable audit is particularly important because agents operate at machine speed. A compromised agent could make hundreds of malicious tool calls in seconds. If the logs are mutable, evidence of those calls could be erased before anyone notices. Immutable logs ensure that even if the agent or its environment is compromised, the record of what happened survives.

Immutability can be achieved through several mechanisms: write-once-read-many (WORM) storage, cryptographic hash chains where each log entry includes the hash of the previous entry, append-only databases, or external log services that the agent has no write access to. The key property is separation of concerns — the system that generates the log should not be able to alter it after the fact.

HOW POLICYLAYER USES THIS

Intercept generates structured decision logs for every tool call evaluation. These logs are designed to be forwarded to external immutable storage — S3 buckets with object lock, append-only logging services, or SIEM systems with tamper-evident storage. Because Intercept emits logs as structured events, they can be cryptographically signed or hash-chained at the destination. The proxy itself does not store long-term logs, following the principle that the enforcement point and the audit store should be separate systems.

FREQUENTLY ASKED QUESTIONS

How is immutability enforced technically?
Common approaches include WORM storage (S3 Object Lock, Azure Immutable Blob Storage), append-only databases, cryptographic hash chains (each entry hashes the previous one, making tampering detectable), and external logging services with strong access controls. The best approach depends on your compliance requirements and infrastructure.
Can immutable logs be deleted for GDPR right-to-erasure requests?
This is a genuine tension. GDPR Article 17 grants a right to erasure, but Article 17(3)(e) exempts data needed for legal claims. Audit logs typically fall under this exemption. Best practice: minimise personal data in audit logs (log agent IDs and tool names, not the full data processed) so erasure requests don't conflict with retention requirements.
Is immutable audit required for SOC 2?
SOC 2 requires that audit logs be protected from unauthorised modification (CC7.2). Immutability is the strongest way to satisfy this requirement, though other approaches like strict access controls and integrity monitoring can also be used.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.