Tamper-evident logging explained: how to make a log you can actually trust
Every app has logs. Almost none of them can be trusted as evidence. The reason is simple: an ordinary log is just text in a file or a table, and anyone with access can quietly change it — add a line, delete one, alter a timestamp — and nobody can tell. The moment you actually need your logs to prove something happened (an incident, a dispute, an audit) is exactly when that weakness shows. Tamper-evident logging is the fix. Here's how it works, in plain English.
Logs vs evidence
The difference between a log and evidence is trust. If a record can be silently altered after the fact, it proves nothing — a sufficiently motivated person (or a compromised process) can make it say whatever they need. Evidence is a record where alteration is detectable: you may not be able to stop someone changing it, but you can always tell that they did.
The core idea: hash chaining
Tamper-evident logging works by linking entries together cryptographically. Each new entry includes a hash — a short fingerprint — of the entry before it. That chains every record to its predecessor, all the way back to the start. Change any single entry, even by one character, and its fingerprint changes, which breaks the fingerprint of the next entry, and the next, and so on. One quiet edit anywhere lights up the whole chain after it.
Append-only and why it matters
Alongside chaining, a tamper-evident log is append-only: the system lets you add new entries but not silently edit or delete existing ones. Combined with the hash chain, this means the record only grows, and any attempt to rewrite history is detectable. The goal isn't to make tampering impossible — it's to make it impossible to hide.
What it does and doesn't give you
Be honest about the guarantee: tamper-evident is not the same as tamper-proof. You can detect that a record was altered; you don't make alteration physically impossible. And tamper-evident logging on its own is audit-grade — strong enough for incident review, disputes, insurers, and internal accountability — but not automatically court-admissible, which depends on process and chain-of-custody beyond the data structure. Anyone claiming a log is “court-proof” out of the box is overselling.
Where this matters for AI agents
This is the missing piece for AI agent forensics and for regulations like the EU AI Act's Article 12. An agent's actions are only useful as evidence if you can trust the record of them. A tamper-evident log of what an agent did — every prompt, tool call, and outcome — is what lets you prove what happened instead of guessing, and what turns “we have logs” into “we have evidence.”
How Opviva does it
Opviva's Flight Recorder records agent activity as a hash-chained, append-only ledger, scoped per session, with a one-call integrity check that verifies the whole chain. When data reaches the end of its retention, a signed tombstone records what was removed and that its chain was intact — so even deletion is auditable. Tamper-evident by construction, honest about being audit-grade rather than court-admissible. It's the same construction behind Opviva's Evidence Canvas: when the agent proves a vulnerability is real by reproducing the exploit, that reproduction is recorded the same tamper-evident way, so the proof holds up.
Frequently asked questions
What is tamper-evident logging?
Tamper-evident logging is a way of recording events so that any later alteration is detectable. It typically uses hash chaining — each entry includes a fingerprint of the previous one — plus append-only storage, so editing or deleting a past entry breaks the chain and gives the tampering away.
How does hash chaining work?
Each log entry includes a cryptographic hash of the entry before it, linking them in a chain. Changing any entry changes its hash, which breaks the hash stored in the next entry and every entry after it — so a single quiet edit is detectable across the whole chain.
Is tamper-evident the same as tamper-proof?
No. Tamper-evident means alteration is detectable, not impossible — you can always tell if a record was changed. It's audit-grade (strong for incident review, disputes, and audits) but not automatically court-admissible, which also depends on process and chain-of-custody.
