When you hand an AI agent the keys to do real work — move money, update a customer’s record, approve a vendor — you’re delegating authority. That part is easy. What doesn’t move is accountability. The agent is a tool. It can’t be sued, fined, or asked to explain itself in any room that matters. The responsibility for what it did, and whether it was allowed to do it, stays with the people and the company that put it there.
I learned that distinction on job sites. If I sent an apprentice to frame a wall, I could tell him exactly where the studs went — but if the wall ended up in the wrong place, the inspector still came to me. The apprentice didn’t sign the permit. The same rule holds when the work is done by code instead of by hand. Regulators in the EU and the US are converging on the same expectation: traceability and human accountability for higher-risk AI. None of them are interested in hearing that the agent acted on its own. (This isn’t legal advice — but the direction is clear enough to plan around.)
So the question that eventually arrives isn’t “did you log it?” It’s this: can you prove what the agent was authorized to do, and what it actually did?
Most teams answer that with dashboards and log files. Those are great for debugging. They are not evidence. They run on systems the same team controls, and a record you can edit or delete is not proof to anyone outside your walls. An auditor or an insurer who suspects something went sideways wants more than “our internal system says it’s fine.” Right now the gap between what most companies can show and what an outsider can independently check is enormous.
There’s an academic debate about whether agents should someday count as legal persons. It’s interesting and, for your purposes, irrelevant. Responsibility flows to the humans and companies that deployed the system. “The agent did it” has never been a defense in any other field, and it won’t become one here.
What’s actually changing is the standard for what counts as a reliable record. The direction is toward tamper-evident, append-only records that carry cryptographic signatures and can be checked without trusting whoever produced them. Not a public ledger, not a blockchain — a private record whose integrity an outsider can confirm from the receipt alone.
That’s the problem Marturia was built to solve. When an agent takes a consequential action — anything that moves money, changes a record, or carries regulatory weight — Marturia writes a receipt: what the action was, what it touched, and what it was authorized to do. Each receipt is signed with a per-tenant Ed25519 key and chained to the one before it with SHA-256, so the history is append-only and any edit breaks the chain. At regular intervals that chain is rolled into a Merkle root co-signed by independent, in-house witnesses kept separate from the agent runtime — so no single party, us included, can quietly rewrite what happened.
The point is independent verification. Anyone can check a receipt with our open-source tool — pip install marturia-verify — and it does all the work locally: validates the signatures, walks the hash chain, and confirms the witnessed root. No account, no call back to us, no reason to trust me. You hand a regulator or an insurer a single receipt and they verify it themselves.
I came to this after years as a carpenter. On any job that needed a permit, you didn’t get to mark your own homework. An independent inspector checked the work against the approved plans and signed off — and if he found a problem, the fact that your own notes said everything was fine didn’t help you. That’s the principle now landing on software that can move money without a human in the loop. Observability tells you what you think happened. Independent verification tells everyone else what they can prove happened.
The difference shows up the first time something goes wrong. With ordinary logs, you’re stuck explaining why your system should be believed. With a receipt anyone can verify, the argument stops being about your trustworthiness and becomes a thirty-second check of some math. That’s the shift regulators and insurers are starting to expect, and it’s the gap most tooling doesn’t close.
I built it on a small set of boring, standard primitives on purpose — Ed25519 signatures, SHA-256 chaining — so the guarantee outlives the people who made it. Operators change. Companies get acquired. The original engineers move on. A receipt that only makes sense inside one company’s dashboard won’t survive any of that. A receipt anyone can verify with open tools and standard cryptography will.
Authority will keep getting delegated to agents. Accountability won’t. The companies that can produce an independent record of what was authorized and what actually happened will be the ones that can answer the question when — not if — it gets asked.