Opinion

Logs are not receipts.

May 15, 2026 . Sequesign

When something goes wrong with an AI agent, the first thing someone asks for is the logs. The agent's chat transcript. The tool call history. The trace. The thing the agent wrote about what the agent did. This is almost always the wrong answer, and the reason matters.

Logs are written by the system being investigated. That single fact disqualifies them as evidence in any serious dispute. If the agent did something wrong, the agent also wrote the record of what it did. If the agent was confused, the agent also wrote the explanation. If the agent lied, the agent also wrote the lie. Logs can document anything an agent wants to claim, and they prove nothing other than what the agent decided to write down.

A receipt is different. A receipt is signed at the moment of action, by the party doing the action, with a key the party cannot rewrite. It is countersigned by an independent witness who did not see the underlying content. It is chained to the previous action so the sequence cannot be quietly reordered. When approvals are required, the approver signs separately with their own key. The receipt is portable: a third party can verify it offline, without trusting the system that produced it, weeks or months after the work happened.

The distinction is not academic. Right now, when an agent does something a reviewer is unhappy about, the reviewer's only recourse is to trust or distrust the agent's logs. There is no third option. If the agent is wrong, the logs reflect a wrong agent. If the agent is lying, the logs reflect a lying agent. The reviewer cannot tell which from the logs alone, because the logs are exactly what the agent decided to produce.

This is fine when nothing is at stake. It stops being fine the moment the agent is approving payments, evaluating claims, executing trades, submitting work for pay, or making decisions a regulator might later ask about. The cost of "trust the logs" goes from low to enormous as soon as someone outside the system needs to verify what happened.

Several adjacent technologies look like they might solve this and do not. Distributed tracing makes logs more structured but does not change who wrote them. Audit logging adds tamper-resistance to log storage but does not change who authored the original entry. Observability platforms aggregate logs from thousands of services but treat them all as authoritative. Even blockchain anchoring, which is occasionally proposed for this problem, only proves that a log existed at a certain time. It does not prove the log accurately describes what happened, because the system writing the log is the same system being investigated.

The receipt pattern is older than any of these. It is how invoices work. It is how shipping manifests work. It is how notarized documents work. The signer commits to a specific claim, in a specific moment, with a specific instrument, and the receipt is the artifact that travels. The reviewer never has to trust the signer to verify the signature.

Bringing receipts to agent work is mostly a matter of building the pieces. The protocol has to define what each action commits to. The chain has to extend deterministically. The witness has to be independent. The signatures have to verify offline. The receipt has to be portable enough that a reviewer who has never heard of the agent platform can still verify it. None of this is novel cryptography. It is plumbing applied to a problem that did not have plumbing yet.

Sequesign exists because the plumbing was missing. Agents are starting to do real work, and they are doing it in environments where someone will eventually ask the agent to prove what it did. Logs are not a defensible answer. Receipts are.

Sequesign is not a truth oracle, and the receipt does not magically detect every lie an agent might tell. A receipt can prove that the agent committed to a specific record, at a specific time, in a specific sequence, with the right signatures. It cannot prove the agent's natural-language summary matches the actual evidence. The protocol's job is to surface the gap: the verifier marks claims that lack external attestation as unsupported, so a reviewer knows what to trust and what to push back on. That is a much smaller claim than "we detected the lie," and it is the claim the protocol can actually defend.

The next time someone asks for the logs, ask for the receipt instead.