Skip to content

Review what AI agents did (Agent Activity)

Enterprise plan Owner or Admin

The Audit Logs page has two tabs. The main Audit Log tab records human actions (who changed what). The Agent Activity tab is the parallel record for AI: every operation a connected AI agent (Claude, ChatGPT, Cursor, and other MCP clients) or the in-app assistant ran on your organization’s data, whether it succeeded, failed, or was blocked.

Each row is one agent operation: the tool that ran, its outcome, the acting person, the agent connection it came through, and the entity it touched. The outcome is one of:

  • Applied, the operation ran and changed data.
  • Failed, the operation errored and changed nothing.
  • Gated, the operation was held for review or blocked by a policy (for example, a governed destructive operation that is not enabled).
  • Unauthorized, the agent lacked permission for the operation.
  • Cap exceeded, a rate or budget cap stopped the operation.
  • Undone, the operation was applied and later reversed.

Preview-only operations (an agent proposing a change without applying it) are hidden by default, so the list stays focused on things that actually happened or were actively denied.

  • Filter by tool to see just one kind of operation (for example, only task updates).
  • Filter by outcome to isolate failures, denials, or undone actions.
  • Search to narrow the list further.
  • Expand any row to see the full operation as copyable JSON: the tool, status, mode, acting user, agent connection, entity, and the input and output payloads. This is the detail you hand to an auditor or paste into a ticket.

They answer different questions and are backed by different records:

Audit LogAgent Activity
AnswersWhat did people change?What did AI agents do?
RecordsHuman and system actionsAI operations (successes, failures, denials)
DetailAction, actor, target, timeFull operation payload as copyable JSON

Use the Audit Log for governance of people, and Agent Activity to see exactly what your connected agents are doing on your data, and to prove that blocked operations were in fact blocked.

Does this include the in-app assistant, or only external agents? Both. Any AI operation, whether from a connected MCP client or the in-app assistant, appears here.

Why is an agent action not in the main Audit Log? The main Audit Log and Agent Activity are separate records. Agent operations are tracked in Agent Activity with far more detail (the full input and output). Some agent actions that change core data also leave an Audit Log entry, but Agent Activity is the complete AI record.

Can I see operations that were denied? Yes. That is a key reason the tab exists. Gated, Unauthorized, and Cap-exceeded outcomes are all shown, so you can confirm your agent policies are holding.