Compliance Mar 14, 2026

Building AI Agent Workflows That Pass SOC 2 Audits

Visual audit trails for AI agents are now table-stakes for SOC 2 compliance. Here's how to build agent workflows that auditors can actually verify.

Your AI agent just processed a payment refund. Your SOC 2 auditor asks: "Show me what it did."

You have three options:

  1. Text logs — "Agent: refund approved. Amount: $500. Status: success."
  2. Code review — "Here's the function signature. It looks correct."
  3. Visual proof — "Here's the screenshot of the form. Here's the confirmation page. Here's the actual refund in the system."

Auditors want #3. Text and code don't cut it anymore.

Why SOC 2 Demands Visual Proof for AI Agents

SOC 2 Type II audits require evidence of operational controls. For humans, that's email trails, approval logs, and sign-offs. For AI agents, it's supposed to be exactly the same thing — but agents leave no paper trail.

The gap: An agent can claim it validated a transaction, but auditors need to see the validation happen. They need to see:

Without visual proof, your agent workflows fail SOC 2 scrutiny.

The Three-Layer Compliance Stack

Layer 1 — Text Logs (not sufficient alone)
Agent actions logged: action=refund_approved, amount=500, timestamp=2026-03-14T10:00:00Z

Layer 2 — Code Verification (not sufficient alone)
Code review confirms logic is correct: if balance > refund_amount: process_refund()

Layer 3 — Visual Proof (required by auditors)
Screenshots + video of the agent executing the refund flow, from form submission to confirmation.

All three together = SOC 2 pass. Any one alone = audit failure.

Implementing Visual Audit Trails

Add PageBolt to your agent workflow:

import requests
import datetime
import os

PAGEBOLT_KEY = os.environ["PAGEBOLT_API_KEY"]

def capture_screenshot(url, name):
    return requests.post(
        "https://pagebolt.dev/api/v1/screenshot",
        headers={"x-api-key": PAGEBOLT_KEY},
        json={"url": url, "format": "png"}
    )

def process_refund(customer_id, amount, agent):
    # 1. Capture pre-state
    capture_screenshot(
        "https://yourapp.com/dashboard",
        "refund_start"
    )

    # 2. Run agent
    refund = agent.process_refund(customer_id, amount)

    # 3. Capture post-state
    capture_screenshot(
        "https://yourapp.com/transaction-details",
        "refund_complete"
    )

    # 4. Store for audit trail
    audit_trail = {
        "customer": customer_id,
        "amount": amount,
        "status": refund.status,
        "timestamp": datetime.datetime.utcnow().isoformat()
    }

    return audit_trail

Result: Immutable visual proof of what the agent did, ready for your SOC 2 auditor.

Real Compliance Scenarios

Scenario 1 — Refund Processing
Agent approves and processes a refund. Auditor asks: "Show me the confirmation." You show: video of form submission, confirmation page, and refund status update.

Scenario 2 — Access Control
Agent modifies user permissions. Auditor asks: "What access was changed?" You show: screenshot of before/after permission state, timestamp, agent decision log.

Scenario 3 — Data Validation
Agent validates customer data. Auditor asks: "How do you know it validated correctly?" You show: video of validation logic executing, validation checks passing, final state screenshot.

Next Steps

  1. Identify critical agent workflows — Refunds, approvals, data changes
  2. Add visual checkpoints — Screenshot before and after agent execution
  3. Store immutable proof — Archive for auditor review
  4. Document for auditors — Show the visual proof during audit

Compliance + AI agents = visual proof. No exceptions.

Add visual proof to your SOC 2 agent workflows

100 free requests/month. No credit card required.

Get free API key