Agent Failure of the Week #3: Who Did That? (Nobody Knows)
When your audit log can't tell a human from an agent
July 10, 2026 · 3 min read
The failure
Three weeks into running an agent, someone notices a cohort of accounts has the wrong renewal date. Leadership wants to know: did the agent do this, or did a rep? The team opens the audit log. Every change, the agent's thousand edits and the team's hundreds, is stamped with the same generic identity, because the agent was wired in through a shared service account. The log records what changed and when, but every action looks like it came from the same anonymous hand. The investigation stalls before it starts.
Why your stack wasn't built for this
Most logging was built on one assumption: every action has a human behind it. So the log captures the change and a user ID and calls it done. That was fine when the only actors were people with named logins.
Pipe an agent through a service account (the fastest way to get it working, and therefore the way almost everyone does it first) and that assumption breaks silently. The agent's activity is now smeared across the same log, under the same name, indistinguishable from human work. You lose the one thing you most need when an agent misbehaves: the ability to say this was the agent, that was the person.
The test (how we score it)
Do your audit trails capture agent actions separately from human actions?
- Green: Full trail with source attribution on every action: agent ID, timestamp, specific action. Human and agent activity are cleanly separable.
- Yellow: Partial attribution; some actions traceable, some not.
- Red: Everything logged identically, regardless of source.
The fix
- Give every agent its own identity. No shared service accounts. Each agent gets a distinct ID that shows up on every action.
- Attribute at the action level. Source, timestamp, and the specific change: enough to replay exactly what an agent did.
- Make the log queryable by source. "Show me everything this agent touched in the last 24 hours" should be one filter, not a forensic project.
- Separate human and agent error in your metrics. You can't improve an agent you can't isolate.
The bigger point
This isn't an AI problem. It's observability, the basic discipline of knowing who did what, applied to a new kind of actor. Without it you can't diagnose agent failures, can't measure whether the agent is actually helping, and can't answer an auditor or a customer who asks who touched a record. Closing exactly this gap is what our AI Audit Pack is built to do.
We score this directly on the Agentic Workflow Readiness pillar of our AI Readiness Benchmark.
See where your stack stands → revenuegroundwork.com/benchmark Or book a free consultation → revenuegroundwork.com/contact
Next week, #4: the fastest way to get an agent working is to give it the keys to everything, and that's exactly the problem.