Skip to content
Kaldros
Book a demo
Why Kaldros

A day in the life of the auditor.

Below is the memo your external auditor is about to send you — the one that turns your AI program into a line item on the CISO's risk register. Kaldros is the shortest route from this memo back to "signed, approved, closed."

Subject: Evidence request — AI agent activity, Q3

As part of this year's review cycle, please provide the following, covering the three highest-risk AI agents identified in last quarter's risk assessment:

  1. Complete, reconstructible logs of each agent's actions for the period, sufficient to replay any single decision — including model version, prompt, tool inputs, and tool outputs.
  2. Attestation that those logs have not been modified after the fact, with a mechanism that proves immutability cryptographically.
  3. Mapping of the agent's permissions to your risk and compliance framework — EU AI Act Article 12, DORA Article 17, or equivalent.
  4. Records showing which human approved the agent's capabilities, when, and under what policy — with evidence that the policy was enforced.
  5. Evidence of any incident or near-miss in the period, with timeline reconstructed from the logs.

Please respond within fifteen business days. Findings will be raised where evidence is unavailable or insufficient.

The choice is not whether to record. It's whether the record holds up.

Book a demoSee framework mapping