AI Agent Audits ?

Reddit r/AI_Agents News

Summary

A practitioner shares concerns about an upcoming audit revealing undocumented AI agents in production, highlighting governance gaps and risks with customer PII access.

We have an audit ~90 days out, and yesterday my peer tried to compile a comprehensive list of every AI agent running in our production environment. Three different teams are shipping agents on LangGraph, plus one guy in growth who built a support-triage agent in Retool that nobody in engineering ever approved. We counted 9 agents total. Our internal inventory doc, last touched in February, lists 4. Two of the undocumented ones have write access to the same Postgres instance that holds customer PII, and if you asked me right now which one modified a specific record last Tuesday, I'd have to ping three engineers and hope one of them remembers. Last cycle, our auditor didn't ask a single question about AI systems. This is the first year I am seeing this. Is anyone else finding similar concerns during your audits?
Original Article

Similar Articles

AI agents are fun until they start touching real data

Reddit r/AI_Agents

The article discusses the governance challenges that arise when AI agents interact with real company data and tools, highlighting the need for policy enforcement and audit trails, and mentions Trust3 AI as a potential solution.