Where Accountability Breaks When Agents Multiply
At first, everything seems to work
Put a single AI agent into a real service and it tends to hold up surprisingly well. It writes code, drafts answers, edits files. So you add another, and then one more. You split the roles, set each one's permissions and limits, and let them get on with their work. Up to here, things run smoothly.
The trouble only shows itself the moment one of those smoothly running pieces goes wrong.
"How do I trace this later?"
Say an agent ships bad code. Or gives a wrong answer, or edits a file it should have left alone. A few days later you need to reconstruct that decision — what do you have to lean on? There are logs. You might even tag every task with a "created by / approved by" badge. But you open the logs, check the badges, and in the end a person has to look through it all again.
Which raises the next question on its own. Those badges — can you actually trust them?
The one applying the mark is the one being marked
"The AI proposes, the human makes the final call." As a principle, it's fine. In practice, speed wins. Even with an approval step in place, it often gets waved through. So a "human approved" badge gets recorded — but whether a person actually looked and approved, or whether it just slid past under pressure, the badge alone can't tell you.
The deeper obstacle sits underneath that. The thing that applied the badge and the thing that wrote the log are the same system. It records its own work, and then points to that record to say it was right. Work in this long enough and an odd discomfort sets in: the records pile up, yet they don't feel like they'd protect you at the moment you'd actually need them to.
That discomfort isn't a misread. The structure is simply built that way.
A record you kept yourself can't vouch for you
No matter how meticulous the record, if it was kept by your own hand and held in your own system, then to the other side it amounts to nothing more than "this is what our logs say" — one party's version. It's the same reason a company's internal books, however accurate, can't stand in for an external audit. The problem isn't accuracy; it's position. When the one being judged and the one doing the judging sit on the same side, the record struggles to become evidence.
With more than one agent, this folds over on itself. Suppose A hands its work to B, B carries it through to deployment, and a bug surfaces. Where do you draw the line of responsibility? A's log is A's own record, and B's log is B's own record. On each side, everything checks out. Yet nowhere is there a record that threads the three together and says, neutrally, at which point what was decided.
So — would sharpening the badges fix it?
There's a line thicker internal records can't cross
Tagging more carefully and stacking thicker logs does help, of course — for reconstructing what happened, on your own terms. But however thick they get, the fact that they're still records you kept yourself doesn't change. Thickness doesn't move position. Self-testimony can grow more refined; it can't stop being self-testimony.
Which is why it helps to turn the direction slightly. Not to dig further inward into the record, but to move only the boundary of the decision outward.
One other path — fixing the decision's boundary outside, in advance
Here's one way to think about it. Before an agent executes a decision, it fixes that decision's boundary somewhere outside itself, ahead of time. This isn't about digging into what went wrong internally — that's still the job of internal debugging. What gets left on the outside is far thinner: who declared a decision, when, and within what scope, before executing. That's all.
With that in place, the three questions land in slightly different spots. When you go to trace a bad decision later, you're comparing against a declaration already fixed outside before execution — not a record composed after the fact. "A human approved" becomes a matter of form rather than content: fix whether an approval existed at the moment of the decision, and later you have somewhere to check whether it was a real approval or something that slid past. And by leaving a mark, at each juncture from A to B to deployment, of what was fixed outside, you get one neutral point to lean on when you ask where responsibility should be drawn.
None of this is especially new. If anything, it's closer to the traditional way.
This concern was built in from the start
People have been solving the same problem for a long time. The reason the more important the promise, the more we've leaned on notarization, registration, third-party custody — rather than one party's own ledger — is exactly this: only by separating the hand that judges from the hand being judged does a record become evidence.
Run several agents and you arrive at this question on your own. Nobody has to teach it to you — you try the badges, stack the logs, and reach the point of wondering "is this really enough?" That point is the wall of self-testimony. The idea of fixing a decision's boundary outside itself, in advance, is one built with that wall in mind from the beginning. Not a claim to be selling the answer — just a trace of someone having looked at the same problem first.
It may not be urgent yet
If your agents are all under one roof right now — owned by one person, running on one platform — badges and logs will carry you for a while. The wall of self-testimony is there, but you don't often reach it yet.