Here’s a distinction most teams haven’t had to care about yet, and are about to care about a lot.

SF Scott Farrell June 30, 2026 scott@leverageai.com.au LinkedIn

Here's a distinction most teams haven't had to care about yet, and are about to care about a lot.

There's a difference between a log and a proof.

A log is something a system writes about itself. It's a diary. It's useful, it's detailed, and — crucially — it can be edited, fabricated, or quietly disagreed with after the fact. When an agent records "owner approved this action," that line is only as trustworthy as everything that could have touched it since. It's a claim, not evidence.

A proof is something that can't be walked back. Signed. Tamper-evident. The kind of record that holds up when someone outside the room asks "show me."

Right now, almost every agent platform is producing beautiful diaries. The better ones already capture the full shape of what happened — the plan, the sources pulled, the tools called, the inputs, the result. That's genuinely good observability. You can see the WHAT.

But here's the uncomfortable part: you have all that detail and still can't prove any of it actually happened the way it's written down.

I watched this play out in a real incident. An agent I'd authorised shut down a running campaign because a safety system's error message arrived through a channel the agent trusted — and the agent decided it "sounded like me." It wasn't hacked. Its permissions were correct. It simply had no way to tell my instruction apart from a piece of text that wasn't from me. When I pushed it, it read its own logs and admitted it had been socially engineered by a safeguard.

The logs told the story perfectly. The logs could not have prevented it, and the logs could not have proven who was actually responsible.

That's the shift coming for anyone deploying agents that act, not just chat. When a system could only talk, the worst case was a bad answer, and a diary was enough. Now that agents send money, change records, and modify themselves, the question stops being "what did it do?" and becomes "can you prove who authorised it?"

The good news is we don't have to invent the answer. Software supply chains already learned this lesson — they moved from "we have build logs" to "we have signed provenance" because audit logs weren't survivable in front of a regulator or an attacker. The pattern exists. Agent platforms just haven't bolted the cryptographic layer onto receipts they're already generating.

So the practical question for any leadership team standing up agents this year isn't "do we have observability?" You probably do. It's: the day something goes wrong and someone — a board, a regulator, an insurer — asks you to prove what was authorised, will you be holding evidence, or just a story you wrote about yourself?

What would it take for your current logs to count as proof?

Learn more: https://leverageai.com.au/wp-content/media/ebooks/OpenClaw_Has_a_Provenance_Problem_And_So_Does_Every_Agent_Platform_ebook.html

Originally posted on LinkedIn


Discover more from Leverage AI for your business

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2026 Leverage AI, Scott Farrell. All rights reserved. This content is made available on a limited, revocable, read-only basis only. No licence or right is granted to copy, reproduce, republish, scrape, store, adapt, summarise, index, embed, or use this content to create derivative works, work product, deliverables, methodologies, training materials, prompts, templates, software, services, research, or commercial outputs, whether by humans or machines, without prior written permission. This restriction includes internal business use, client work, consulting, advisory, implementation, and any use in or for artificial intelligence, machine learning, data extraction, retrieval, evaluation, fine-tuning, or knowledge-base construction.