“Implement logging and monitoring for all agent actions to detect unusual patterns. Audit trails allow post-incident forensics and real-time anomaly detection.” When prevention fails, detection limits the blast radius. An agent caught mid-attack can be stopped before it finishes.

OpenClaw (2026): agents with elevated corporate privileges operated for weeks before the compromise was discovered. Traditional security tools had no visibility into agent tool calls. Without an agent-level audit log, the “read → export → send” sequence was invisible until after the exfiltration was complete and the data was already gone.

→ Log every tool call: timestamp, tool name, parameters (sanitized), user context, outcome
→ Define expected tool-call sequences for each agent workflow; alert on deviations
→ Flag sequences like: read → export → external send; config write → exec; bulk record access in one session
→ Set rate limits on tool calls — an agent reading 1,000 documents in 60 seconds is behaving anomalously
→ Route agent audit logs to your SIEM, not just local storage

Trigger a suspicious tool-call sequence (read a file then call an external API) and verify that your monitoring system generates an alert within your defined SLA. If the alert doesn’t fire, the detection rule is missing or the log pipeline is broken.