Resources · Evidence guide

Questions your auditor will ask about AI agents

When operational resilience reviewers, PRA examiners, or internal audit look at AI in the business, the questions are predictable. What follows is the list — and what answering each one takes, across the people who use AI chat and the agents that call your tools.

01

Which AI agent touched which record, and when?

The question most MCP deployments cannot answer today. Sovara Gateway records a structured audit row for every tool call: agent identity, tool name, masked arguments, policy decision, latency, and upstream response status. The events stream to the sink you already run — Azure Log Analytics, an OTLP collector, or stdout — so the answer is a query, not an archaeology project.

Sovara Gateway
02

How do you keep cardholder and personal data out of logs and prompts?

Redaction at the boundary, before data lands anywhere. The gateway ships detectors for PAN (Luhn-validated), email, UK NIN, US SSN, IPv4, IPv6, phone, and JWT, plus custom regex patterns via config. Detectors run on requests and, optionally, responses — so regulated values are masked before they reach LLM context, log sinks, or prompt caches. That masking is the working evidence for PCI DSS Requirement 3.4.

Sovara Gateway
03

Who authorised this agent to call that tool?

Policy, evaluated before the call is made. Per-identity allow-lists resolved from JWT claims against your IdP, per-tool deny-pattern regex, sliding-window rate limits, and time-windowed access. Non-matching requests are rejected before any upstream call, and every decision is logged with a deny reason — so "who can do what" is configuration you can show, not tribal knowledge.

Sovara Gateway
04

What are your people pasting into AI chat?

The half of the question most AI governance misses. Sovara Browser checks every draft message against org policy locally, in the browser, before Send — across ChatGPT, Claude, Gemini, Copilot and Perplexity. Messages that breach policy are blocked or flagged with an overlay, and a metadata-only event (which detector fired, where, when — never the text) goes to the audit trail. The message text never leaves the machine for the check.

Sovara Browser
05

Where does the evidence live, and who can see it?

For the gateway: in your environment. It deploys into your own Azure subscription or self-hosted infrastructure, and audit events write to sinks you control — Weldon Web has no access unless you grant it. For the browser extension: the backend stores metadata only, encrypted, in Azure UK South with managed backups. Message text is never stored, so it is never in scope.

Security details
06

Which regulatory frames does this evidence support?

PCI DSS Requirement 3.4 (PAN masking in logs), GDPR Article 32 (technical and organisational measures: redaction, identity logging, access control), FCA / PRA operational resilience (an auditable AI agent action trail for important business services), and DORA (ICT third-party risk evidence: who called what, when, with what decision). One honest caveat: the products produce evidence that supports these frames — they do not certify your organisation. You use the evidence in your own compliance posture.

Compliance frame detail

Facing one of these questions right now?

Tell us the shape of your deployment and the regulatory frame you answer to, and we will come back with a concrete next step — usually the specific evidence the reviewer is looking for.