When Your Agent Misbehaves, Do You Know Which One Did It?
An agent deletes a record it should not touch. It sends a message to the wrong tenant. It calls an API in a loop and spikes your bill.
Ten minutes into an incident, you ask one question: which agent did this?
If you do not know, you cannot fix it. You cannot stop the build. You cannot audit the error. You cannot learn from the mistake.
This is an identity problem.
Most teams face three patterns that hide agent actions:
- Shared service accounts: Ten agents use one set of credentials. Every action looks the same in your logs.
- Human credentials: The agent uses your login. The logs show your name, not the agent's name. This creates a massive security risk.
- Silent drift: Two different builds use the same name. One uses a new model or a new prompt, but the logs show the same identity.
To fix this, follow these steps:
Give every agent its own identity. Do not use human credentials. Do not use shared accounts. The agent must authenticate as itself.
Stamp six specific fields on every action:
- Accountable party: Who is responsible for this agent?
- Operational owner: Who maintains it daily?
- Tenant: Which customer is this for?
- Agent-type-id: Which specific build is this?
- Agent-instance-id: Which specific run is this?
- Trace context: Where is this in the call chain?
Use hashes for versioning. Do not name your agent "support-agent-v2." If you change the system prompt, the name stays the same, but the behavior changes. Instead, use a content hash. Create a hash based on the container image, the prompt, the model, and the config. If you change one line of code, the ID changes. This makes silent drift visible.
Record lineage. Agents spawn sub-agents. You must record which parent agent started the sub-agent. You must also record the prompt the parent gave to the sub-agent. This is the only way to find injected instructions or poisoned data.
Identity is your recovery surface. It allows you to use a kill switch and build an audit trail. You must set this up before an incident happens. Adding identity during a crisis is too late.
Check your logs right now. Look at an action from an hour ago. Can you name the specific build that took that action? If you cannot, you have a gap to close.
Source: https://dev.to/brennhill/when-your-agent-does-something-bad-can-you-tell-which-agent-did-it-37a2
Optional learning community: https://t.me/GyaanSetuAi
