Audit logs tell you what happened. EP trust receipts prove what was authorized — before the action executed. For consequential, irreversible actions, post-hoc logs are a forensics tool, not a control.
A wire transfer fired by a compromised AI agent shows up in your audit log seconds after it executes. By then the funds have left, the API call has succeeded, and the only remaining job is investigation. Logs are necessary — they are not sufficient when the cost of an unauthorized action is unrecoverable.
EP shifts the boundary: every high-risk action requires a valid handshake and named human signoff before execution. The trust receipt that emerges is itself the audit record — but issued at the gate, not after the breach.
Receipts verify offline against a published key set. An IG, GAO, or external auditor can confirm an action was authorized without contacting the issuing system — useful when the issuing system is itself under investigation.
| Dimension | Audit logs | EP trust receipts |
|---|---|---|
| When evidence is created | After the action | Before — gates execution |
| Tamper resistance | Depends on log store integrity | Cryptographic; verifiable offline |
| Who approved | Inferred from session ID | Named principal, signature-bound |
| What was approved | API call shape | Exact action parameters, policy version, authority chain |
| Replay protection | None inherent | One-time consumable per action |
| Verifies without DB access | No | Yes — receipt is self-contained |
| Use | Forensics + detection | Prevention + forensics |