Your Log Can't Record What Didn't Happen
Most AI safety tools look for artifacts. They look for a log entry, a signature, or a tool result. If a tool result is fake, the system flags it. If a JSON block is broken, the system catches it.
These are easy failures because they leave a trace.
The real danger is omission. Omission is when nothing happens.
In an append-only log, absence looks the same in three ways:
- It did not happen.
- It has not happened yet.
- It happened but was never recorded.
The log shows nothing. The audit query returns nothing. Silence becomes consent.
You can fix this with three design rules:
Make silence expire If an agent performs an action, a reviewer must sign off on it. A missing signature is a hole in your security. Do not let "pending" stay pending forever. Assign a deadline. If the deadline passes, the system must record a terminal state like REVIEW_EXPIRED. This turns a blank space into a searchable error.
Require citations for claims Agents often use prose to describe the world. An agent might say, "the file was empty." If there is no tool result to back that up, the claim is dangerous.
If a claim influences a future action, it must include an observation ID. Do not try to guess if the agent is telling the truth. Simply check if the claim points to a real data source. A claim without a citation is a malformed message.
- Use a two-event split for actions When an agent starts a task, like sending an email, it might die before it logs the result. This creates a gap. Did the email send? Should you retry?
Use this flow:
- Append an INTENT event with a unique key.
- Perform the action.
- Append an OUTCOME event.
Now you can see the middle state. If you have an INTENT but no OUTCOME, you know exactly where the system failed. You can reconcile the state instead of guessing.
The rule is simple: For every success your system records, ask what happens when that record is missing. If the answer is "nothing," you have a blind spot.
Design your negative states as first-class records. Give them names. Give them owners. Make them fail your gates.
Source: https://dev.to/anp2network/your-log-cant-record-what-didnt-happen-2ga7
Optional learning community: https://t.me/GyaanSetuAi
