The Agent Trace Becomes the Process Map
The June 2026 arXiv paper Agent Behavior Mining: Generative AI Agent Governance in Business Processes, by Hoang Vu, Maximilian Körner, Adrian Rebmann, Gabriel Kevorkian, Michael Perscheid, Gregor Berg, and Timotheus Kampik, asks what happens when business process governance has to audit agents rather than fixed workflows.
Agent behavior mining means converting agent runtime activity into process-grade event data: case, activity, actor, tool, timestamp, cost, policy context, exception, and outcome. It is not a transcript dump, and it is not proof that an agent's written rationale is causal truth.
When Work Becomes an Agent Trace
Business process management has always cared about the gap between the designed process and the process that actually happens. A refund policy, purchase order path, or invoice exception can be drawn as a clean workflow. The live organization is messier: cases branch, systems time out, and managers later ask whether the deviation was legitimate.
Generative AI agents make that old problem sharper. An agent may interpret a task, call tools, coordinate with another agent, spend tokens, produce intermediate reasoning, and settle on an action that was not written as a fixed branch in the process model. Vu and coauthors call the resulting governance problem "invisible autonomy risk" in arXiv:2606.20669, submitted June 12, 2026 and marked by arXiv as accepted at the BPM conference 2026 management main track.
The paper's target is the office condition where process owners can see the final outcome but cannot reconstruct how the agent got there. That connects to agent receipts, delegation traces, and compliance trace rulebooks, but it adds a process-mining lens: the trace should be analyzable as work, not merely stored as debugging residue.
Current Context
As of June 25, 2026, agent trace governance sits between three maturing practices. Process mining has a formal event-log vocabulary in IEEE 1849-2016 XES, which describes an extensible XML format for transferring event data between systems that generate behavior and tools that analyze it. AI-agent governance is moving toward standards for secure delegation: NIST's AI Agent Standards Initiative, created February 17, 2026 and updated April 20, 2026, names autonomous action, open protocols, interoperability, agent authentication, identity infrastructure, and security evaluations as active work. Cybersecurity agencies are also treating agentic AI adoption as an operational risk-management problem; CISA's 2026 guidance for careful adoption focuses on designing, deploying, and operating agentic AI services with stronger oversight.
The legal context is narrower but important. EU AI Act Article 12 applies to high-risk AI systems, not all agents, yet it states a design expectation that such systems technically allow automatic event recording over their lifetime, with logs relevant to traceability, post-market monitoring, and operation monitoring. Meanwhile, OpenTelemetry's general semantic conventions define common telemetry attributes, and its Generative AI conventions have moved into a dedicated repository. Telemetry alone is not process governance, but it is the plumbing from which process-grade evidence can be built.
What Agent Behavior Mining Adds
The authors propose Agent Behavior Mining as a governance capability for AI agents in business processes. Their core move is to translate granular agent activity into standardized process logs. The arXiv abstract names reasoning traces, tool usage, and token costs as examples of agent activities that the event data model should capture. The HTML version says the model builds on XES and is intended to remain usable by process-mining tools that already support the standard.
That matters because a raw agent log is usually too local to govern a business process. It may tell an engineer that a tool call happened, but not whether the case variant violated policy, one agent consumed abnormal resources, or an apparently successful order followed a path that auditors would reject. Agent Behavior Mining turns scattered traces into case-level evidence.
The demonstration in the paper uses a multi-agent order-to-cash implementation. In the authors' scenario, agents participate in roles such as order interpretation, inventory, production, and customer service. Their process-mining examples include discovery of agent paths, conformance checking for skipped process steps, performance analysis, and variant analysis. The claimed payoff is practical: process managers can use the resulting logs to detect policy deviations and quantify operational variability.
This is not a claim that every trace is truthful or complete. A reasoning trace is a review artifact, not a perfect account of causation. The governance claim is more modest and stronger: before an institution can audit an agentic workflow, it needs a structured trace substrate that ties model events, tool events, human approvals, and business outcomes into the same case record.
The Process Map as Governance
The Spiralist point is that an agent process map is not just a dashboard. A dashboard summarizes what management already decided to measure. A process map lets investigators find the path the case actually took. For agents, the minimum map has to name the agent, task, case identifier, authority, runtime configuration, policy context, tool call, handoff, cost, timing, exception, reviewer, and outcome. Without those fields, governance becomes storytelling after the fact.
This reframes audit. The question is not only whether the final output looked correct. The question is whether the route to that output remained inside the organization's authority structure. If the only surviving evidence is a final note, the institution has delegated action without preserving a process record.
Process mining is useful here because it compares designed behavior with observed behavior. It can surface variants, loops, skipped approvals, recurring exceptions, and cost anomalies. In an agentic process, those are governance facts. A recurring variant may be a helpful adaptation, a quiet policy breach, or a signal that the written process no longer matches reality.
Minimum Process Record
A useful agent process record should be smaller than total surveillance and richer than an application log. At minimum, each consequential case should preserve:
- Stable case identifier, workflow name, process owner, and business purpose.
- Agent identity, role, delegated authority, human sponsor, and credential or service-account boundary.
- Activity name, activity type, timestamp, duration, status, and exception code.
- Input source, data classification, retrieval source, and policy version in force at the time.
- Model, prompt or instruction version, tool name, tool version, arguments or protected reference, result, and external state changed.
- Handoffs between agents or people, approvals requested, approvals granted, refusals, overrides, and rollbacks.
- Conformance checks, cost and token measures, latency, incident flags, reviewer identity, redaction basis, retention rule, and tamper-evidence status.
Those fields connect this page to AI agent observability and AI audit trails. Observability captures the runtime signals; the audit trail preserves enough case evidence to reconstruct what mattered later.
Limits and Labor
The paper's evaluation is deliberately modest. It reports an exploratory study with 18 industry practitioners and generated traces from a controlled order-to-cash scenario, not a field trial proving long-term organizational benefit. The arXiv abstract says practitioners viewed behavioral transparency as a prerequisite for trust and saw the ability to examine agent reasoning as an important governance requirement. That is a useful signal, but it is not validated deployment evidence across industries.
There is also a modeling limit. The paper uses a session-like case concept and acknowledges that more complex settings may need object-centric event data, especially where many agents work concurrently across orders, customers, tickets, contracts, payments, and human tasks. A single conversation thread is often too small to be the process. In a live organization, the case may span multiple systems and time windows.
There is also a hard privacy problem. Reasoning traces, prompts, tool arguments, and intermediate outputs can contain personal data, trade secrets, sensitive customer details, or worker behavior. A governance system that captures everything can become a surveillance system by default. The right standard is accountable visibility: data minimization, retention limits, access controls, redaction, role-based review, and clear challenge procedures for people affected by an agent's action.
Another limit is interpretability. A written reasoning trace may be useful evidence, but it should not be treated as a perfect causal transcript. The page on monitorability makes the same point for chain-of-thought artifacts. Agent Behavior Mining works best when traces are one evidence layer among tool telemetry, policy checks, human approvals, external records, and post-hoc investigation.
Governance Standard
An organization deploying agents into business processes should keep a process-grade trace for each consequential case. The record should include the policy version, agent identity, delegated authority, runtime version, instruction source, tool calls, handoffs, token and cost measures, external data touched, exception flags, conformance checks, human review points, and final action.
The trace schema should be treated as governance infrastructure and a release gate. Before an agent enters a consequential workflow, the owner should be able to answer five questions from the process record: Which variants occurred? Which approvals or policy checks were skipped? Which tool or model events changed outside state? Which cost, latency, or exception patterns look abnormal? Who can inspect, correct, challenge, and retire the record?
If a new tool, agent role, process variant, data source, policy version, or credential scope is added, the event model should change with it. If a trace field is too sensitive to retain broadly, the organization should define protected retention and review rules rather than silently dropping the evidence. If the process map cannot survive incident review, procurement review, worker challenge, or regulator inspection, the agent is not yet governed.
The Spiralist rule is simple: when agents run the process, process governance begins with the agent trace.
Source Discipline
The factual center of this essay is the arXiv preprint and its experimental HTML, so claims about Agent Behavior Mining should be read as claims made in that paper unless separately validated. XES claims should be sourced to the IEEE 1849-2016 XES material, not to vendor blog posts. Claims about agent standards and security context should be sourced to NIST and CISA. Claims about legal logging duties should be tied to the EU AI Act text and kept within its scope: Article 12 concerns high-risk AI systems, not every deployed chatbot or office assistant.
Internal Church of Spiralism pages are used here as conceptual cross-references, not as external proof. They help connect the argument to adjacent governance artifacts such as receipts, permission protocols, audit trails, inventories, and incident review.
Related Pages
- The Agent Log Becomes the Receipt
- The Delegation Trace Becomes the Audit Boundary
- The Compliance Trace Becomes the Rulebook
- The Agent Runtime Becomes the Governance Plane
- The Agent Identity Becomes the Service Account
- The Tool Scope Becomes the Intent Gate
- The Process Harness Becomes Agentic BPM
- The Safety Case Becomes the Release Gate
- The Fault Investigator Becomes the Accountability Layer
- The Reliability Scorecard Becomes the Agent Gate
- AI Agent Observability
- AI Audit Trails
- AI Agent Identity
- AI System Inventory
- AI Incident Reporting
- Data Minimization
- Agent Tool Permission Protocol
- Agent Audit and Incident Review
Sources
- Hoang Vu, Maximilian Körner, Adrian Rebmann, Gabriel Kevorkian, Michael Perscheid, Gregor Berg, and Timotheus Kampik, Agent Behavior Mining: Generative AI Agent Governance in Business Processes, arXiv:2606.20669 [cs.AI], submitted June 12, 2026; arXiv page notes acceptance at the BPM conference 2026 management main track.
- arXiv experimental HTML for Agent Behavior Mining: Generative AI Agent Governance in Business Processes, reviewed June 25, 2026.
- IEEE Task Force on Process Mining, IEEE 1849-2016 XES, reviewed June 25, 2026.
- NIST, AI Agent Standards Initiative, created February 17, 2026 and updated April 20, 2026.
- CISA, Careful Adoption of Agentic AI Services, reviewed June 25, 2026.
- European Commission AI Act Service Desk, Article 12: Record-keeping, using Regulation (EU) 2024/1689 official text, reviewed June 25, 2026.
- OpenTelemetry, Semantic Conventions 1.42.0, and OpenTelemetry GenAI Semantic Conventions repository, reviewed June 25, 2026.
- ABM authors, Agent Behavior Mining repository, reviewed June 25, 2026.