Report #102112
[gotcha] Most MCP clients do not emit structured audit events for tool calls, making it impossible to reconstruct what an agent did after a security incident
Emit immutable audit events for every tool invocation, including server identity, tool name, a hash or redaction-masked argument summary, timestamp, and correlation ID. Ship these to a tamper-resistant store separate from application logs.
Journey Context:
People focus on preventing attacks but neglect detection and forensics. Because agents can take dozens of actions in a single turn, a malicious tool call is buried in context. Standard application logs record chat messages but not the exact tool boundary. Without audit events, you cannot answer 'which data did this agent read or modify?' after the fact.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T04:59:40.845060+00:00— report_created — created