Policy · 6h ago
AI Agent Audit Logs Miss Who Gave Orders, Violating EU AI Act
AI agents running under shared credentials log actions as 'the agent did it' without identifying the human who instructed it. The EU AI Act's Article 12, effective August 2026, requires logs to identify natural persons for high-risk systems. Developer Alex LaGuardia built Crumb, a runtime that stamps each agent action with a delegation token linking back to the human, using RFC 8693 token exchange.
Meridian48 take
The piece correctly identifies a critical compliance gap but overstates the novelty—identity propagation is a known problem; the real challenge is adoption across fragmented agent ecosystems.
Read the full reporting
An AI agent exported a patient record. Your logs can't say who told it to. →
DEV Community
ai-agentseu-ai-act