What AI models does the agent use?

The agent has access to Claude, DeepSeek, Gemini, and other top models. It automatically routes to the best model for each task — you never have to think about API keys or token limits.

Yes. Each agent runs in an isolated environment. We don't train on your data, and you can export or delete everything at any time. The underlying engine (GoGogot) is open-source, so you can audit exactly how it works.

What can the agent actually do?

Browse the web, process files (CSV, PDF, images), run scheduled tasks, remember context across sessions, and communicate via Telegram or Slack. Think of it as a capable junior employee, not a chatbot.

How does memory work?

The agent maintains persistent memory across sessions. It remembers your preferences, past conversations, and task context. You can also explicitly tell it to remember or forget things.

Can I self-host the agent?

Absolutely. GoGogot is 100% open-source. Run it on your own hardware for free. cowork.ink is the managed version — we handle servers, model costs, updates, and uptime so you don't have to.

Is there a free trial?

We offer a 7-day money-back guarantee. Spin up an agent, give it real tasks, and if it doesn't save you time, we'll refund you — no questions asked.

What is an AI agent audit trail?

An AI agent audit trail is a tamper-evident, chronological record of every action an AI agent takes — including the trigger that initiated it, each tool call it made, the data it accessed, and the reasoning behind its decisions. Unlike standard application logs, an audit trail is designed for accountability and legal defensibility, not just debugging. See our [AI agent observability guide](/blog/ai-agent-observability/) for the broader monitoring context.

What should be included in an AI agent audit log?

Every audit log entry should capture: agent identity and version, a unique trace ID, the triggering event, the action type (LLM call, tool invocation, file write, API call), inputs and outputs (with PII redacted), the decision or reasoning summary, the human authorization context, a UTC timestamp, and an execution result with any errors. Multi-agent workflows should also include the delegation chain — which agent delegated to which, and what permissions were transferred.

Do AI agents need audit trails for GDPR or SOC 2 compliance?

Yes. GDPR Article 30 requires records of processing activities, and agents that process personal data must have a documented trail of what data was accessed and why. SOC 2 Trust Services Criteria CC7.2 and CC7.3 require monitoring of authorized access and anomaly detection — both of which depend on complete audit logs. The EU AI Act Article 12 adds a specific record-keeping obligation for high-risk AI systems from August 2026.

How long should AI agent audit logs be retained?

Retention depends on your compliance obligations. HIPAA requires 6 years for activity logs. Financial services (SOX, PCI-DSS) require 3–7 years depending on jurisdiction. GDPR's data minimization principle means you should not retain logs containing personal data longer than necessary — typically 12–24 months active, with anonymized archives for longer periods. Define a retention policy before you start logging, not after.

How do you make an AI agent audit trail tamper-proof?

Use append-only (WORM) storage, cryptographic hashing of each log entry, and hash chaining — where each entry includes the hash of the previous one, so any retroactive modification breaks the chain. Store audit logs in a separate system from your application database so a compromised agent cannot delete its own record. Services like AWS CloudTrail, GCP Audit Logs, and dedicated SIEMs provide these guarantees out of the box.

AI Agent Audit Trails: Log Every Action for Compliance

COMPLETE guide to AI agent audit trails: what to log, how to make logs tamper-proof, and which compliance frameworks require them. Build logs that satisfy GDPR, SOC 2, and the EU AI Act.

Frequently Asked Questions

What is an AI agent audit trail?: An AI agent audit trail is a tamper-evident, chronological record of every action an AI agent takes — including the trigger that initiated it, each tool call it made, the data it accessed, and the reasoning behind its decisions. Unlike standard application logs, an audit trail is designed for accountability and legal defensibility, not just debugging. See our [AI agent observability guide](/blog/ai-agent-observability/) for the broader monitoring context.
What should be included in an AI agent audit log?: Every audit log entry should capture: agent identity and version, a unique trace ID, the triggering event, the action type (LLM call, tool invocation, file write, API call), inputs and outputs (with PII redacted), the decision or reasoning summary, the human authorization context, a UTC timestamp, and an execution result with any errors. Multi-agent workflows should also include the delegation chain — which agent delegated to which, and what permissions were transferred.
Do AI agents need audit trails for GDPR or SOC 2 compliance?: Yes. GDPR Article 30 requires records of processing activities, and agents that process personal data must have a documented trail of what data was accessed and why. SOC 2 Trust Services Criteria CC7.2 and CC7.3 require monitoring of authorized access and anomaly detection — both of which depend on complete audit logs. The EU AI Act Article 12 adds a specific record-keeping obligation for high-risk AI systems from August 2026.
How long should AI agent audit logs be retained?: Retention depends on your compliance obligations. HIPAA requires 6 years for activity logs. Financial services (SOX, PCI-DSS) require 3–7 years depending on jurisdiction. GDPR's data minimization principle means you should not retain logs containing personal data longer than necessary — typically 12–24 months active, with anonymized archives for longer periods. Define a retention policy before you start logging, not after.
How do you make an AI agent audit trail tamper-proof?: Use append-only (WORM) storage, cryptographic hashing of each log entry, and hash chaining — where each entry includes the hash of the previous one, so any retroactive modification breaks the chain. Store audit logs in a separate system from your application database so a compromised agent cannot delete its own record. Services like AWS CloudTrail, GCP Audit Logs, and dedicated SIEMs provide these guarantees out of the box.