Resources · Evidence guide

Questions your auditor will ask about AI agents

When operational resilience reviewers, PRA examiners, or internal audit look at AI in the business, the questions are predictable. What follows is the list - and what answering each one takes, across the people who use AI chat and the agents that call your tools.

01

Which AI agent touched which record, and when?

The question most MCP deployments cannot answer today. Sovara Gateway records a structured audit row for each intercepted tools/call request on a configured route: agent identity, tool name, masked arguments, policy decision, latency, and upstream response status. Events stream to Azure Log Analytics, an OTLP collector, or stdout, so the answer can become a query rather than an archaeology project.

Sovara Gateway
02

How do you keep cardholder and personal data out of logs and prompts?

Treat enforcement and evidence masking as separate controls. Raw argument patterns can deny a configured tool call before it reaches the MCP server. Twelve built-in detectors plus custom patterns can mask audit copies; optional inline DLP can mask supported live JSON responses before they return to the agent. Audit masking alone does not rewrite the upstream request, and it does not certify PCI DSS compliance.

Sovara Gateway
03

Who authorised this agent to call that tool?

Policy is evaluated before an enforced call is made: route and tool identity rules, required JWT scopes and roles, time windows, rate limits and raw argument patterns. Audit mode can log a would-block decision while forwarding the call, so reviewers should check both the policy and its enforcement mode.

Sovara Gateway
04

What are your people pasting into AI chat?

The half of the question most AI governance misses. Sovara Browser checks every draft message against org policy locally, in the browser, before Send - across ChatGPT, Claude, Gemini, Copilot and Perplexity. Messages that breach policy are blocked or flagged with an overlay, and a metadata-only event (which detector fired, where, when - never the text) goes to the audit trail. The message text never leaves the machine for the check.

Sovara Browser
05

Where does the evidence live, and who can see it?

For the gateway: in your environment. It deploys into your own Azure subscription or self-hosted infrastructure, and audit events write to sinks you control - Weldon Web has no access unless you grant it. For the browser extension: the backend stores metadata only, encrypted, in Azure UK South with managed backups. Message text is never stored, so it is never in scope.

Security details
06

Which regulatory frames does this evidence support?

For UK teams, common mappings include UK GDPR and Data Protection Act safeguards, FCA / PRA operational-resilience evidence, and PCI DSS controls where payment-card data is in scope. Sovara provides configurable controls and evidence; your organisation and its advisers decide applicability, scope and whether the wider control environment meets a requirement.

Compliance frame detail

Facing one of these questions right now?

Tell us the shape of your deployment and the regulatory frame you answer to, and we will come back with a concrete next step - usually the specific evidence the reviewer is looking for.