Every agent session, on the record.
Guardbase records every session live: the prompt, every tool call, and the decision behind every action. So when someone asks what an agent did, you show them.
You can't explain what you didn't record.
Hundreds of actions, zero witnesses
An agent chains dozens of actions in minutes. Nobody watches them happen, and nobody remembers them afterwards.
Logs stop at the human
Existing audit logs show the account, not the agent acting behind it. What prompted an action is recorded nowhere.
Incidents become guesswork
When something goes wrong, reconstruction starts from memory and scattered logs across a dozen systems.
The whole session, decision by decision.
Not a log line per API call. A readable record of what the agent was asked, what it did, and what Guardbase decided.
What started the work
The actual prompt behind the session, word for word.
What the agent did
Every tool call the agent made, with its parameters.
What Guardbase decided
Every allow, block, redact, and ask, with the reason behind it.
What deserves attention
Risky actions surfaced on top: blocked, redacted, or sent to the user for approval.
Who and how long
Who ran the session, with which agent, and for how long.
As it happens
Sessions appear while they run, not after the fact.
From alert to answer.
No piecing together timelines from five systems. The answer is one session log away.
Get alerted
A policy fires and the alert lands in your inbox. SIEM sync is on the roadmap.
Find the session
Filter sessions by who ran them or by how actions were decided: blocked, redacted, asked.
Read the whole story
Walk the session start to finish: the prompt, every tool call, every decision. One record, in order.
The record your auditors ask for.
When someone asks how coding agents are controlled, you show them instead of describing it. Timestamped sessions with the decision behind every action.
SOC 2
Evidence for logging and monitoring controls, per session and per action.
ISO 27001
Supports the logging and monitoring activities in A.8.15 and A.8.16.
EU AI Act
A traceable record of what AI systems did on whose behalf.
The record comes with the control.
Audit Trail records through the same native hooks as Runtime Control. If actions route through Guardbase, the evidence is already there.
Common questions.
It comes with Runtime Control. The same native hooks that enforce your policies also produce the record, so there is nothing extra to deploy.
The user prompt, every tool call with its parameters, and every Guardbase decision with the reason behind it. Tool outputs are not stored.
Fully in your environment. Your security team accesses it through Guardbase.
It is an audit log, like every security tool keeps. Sessions record what the agent did: the prompt, the tool calls, and the decisions. Nothing outside the agent session is touched.
Live. Sessions appear while they are still running.
Alerts are sent by email today. SIEM sync is on the roadmap.
See the full story of a session.
Book a demo and walk through a real agent session, decision by decision.