Can a once-a-year audit keep up with AI?

The annual audit was built for a slower world

I want to explain how a traditional audit actually works, because most people who buy one never see the inside of it.

At its core an audit is one thing: an independent person examines what a company actually did and signs a formal conclusion, which auditors call an opinion. But no auditor can look at everything. So the profession standardized two compressions a long time ago.

The first compression is time. An audit covers a fixed window, either a single date or a period that ended before the report was written. Whatever audit report you are reading, it describes the past.

The second compression is sampling. Instead of checking every item, the auditor checks a slice and projects. This is not a shortcut someone snuck in. It is the published standard: sampling is formally defined as applying an audit procedure to less than 100 percent of the items in a population, which is the auditor's word for the full set. In my fieldwork years a typical test looked like this: the company processed a few thousand access changes that year, and I pulled 25 of them. Twenty-five was considered a real look.

Both compressions were rational. Evidence was expensive to collect. It lived in filing cabinets, then in screenshots and exported spreadsheets, and every request cost someone an afternoon. When evidence is expensive and output moves at human speed, a snapshot plus a sample is a sensible way to ration attention.

The thing to hold onto: neither compression was ever the point. They were workarounds for the cost of looking.

The output curve just bent

Now run that model against a company in 2026.

A two-person team with AI agents ships like a twenty-person team. Agents commit code through the night, change infrastructure, create accounts, rotate keys, and generate documents. The populations an auditor samples from are exploding. Twenty-five items out of three thousand is a real look. Twenty-five out of three million is a rounding error. Same procedure, same paperwork, almost no information.

The snapshot ages faster too. A report about last year used to be a fair proxy for this year, because systems changed slowly. When agents redeploy your stack weekly, an opinion about last June describes a company that no longer exists.

Here is the uncomfortable part. Nothing about the audit changed. The standards are the same, the procedures are the same, the sample sizes are the same. The thing being audited changed underneath it. The compressions that made audits affordable in a human-paced world are quietly becoming the reason an audit describes less and less of reality.

Monitoring is not verification

The compliance industry's answer to this problem is continuous monitoring: software that watches your configurations around the clock and alerts when something drifts. That is genuinely useful. I would rather audit a company that monitors itself than one that does not.

But monitoring and verification are two different jobs, and the difference is structural, not a matter of quality.

Monitoring is something you do to yourself. That is not my framing, it is the definition. NIST, the federal standards body, defines continuous monitoring as an organization maintaining ongoing awareness of its own security posture, threats, and vulnerabilities to support its own decisions. Your tools, watching your systems, configured by your team, reporting to you.

Verification means someone independent examined it and stands behind a conclusion. In an audit, asking a question and accepting the answer is formally insufficient on its own. The standard requires the auditor to corroborate what they were told by inspecting records, observing the control happen, or redoing the work themselves. I wrote about why an auditor can't just take your word for it.

So a green dashboard is a claim, not a verification. It can be a well-evidenced claim. It is still your own systems describing themselves, through checks nobody independent has tested. Who confirmed the monitor watches the right things? Who confirmed the checks themselves work? Who is accountable if it is wrong? On a self-operated dashboard the answers are: you, you, and you.

That is the line worth keeping in your head. Monitoring is you watching yourself. Verification is someone else, with something to lose, checking. Trust needs both, and only one of them comes with a signature.

What "AI-native" verification actually means

If the snapshot and the sample are workarounds for the cost of looking, the future of audit follows from one fact: the cost of looking just collapsed.

An AI agent can read a full population, not a slice of 25. It can pull evidence straight from the source system as raw data instead of screenshots, which is stronger evidence than a dashboard summary ever was. And it can do that continuously instead of one month a year. Machines now produce most of the output, so machines have to do most of the checking. Machine-verified machines.

AI-native does not mean an auditor bought a chatbot. It means agent-compatible. Your systems are increasingly operated by AI agents, so the verification layer has to speak to agents directly. Today that means the Model Context Protocol, the open standard AI agents use to work with outside tools, so that evidence flows as data between the company's agent and the auditor, with the auditor deciding what gets checked.

What does not change: judgment, independence, accountability. Someone still has to decide whether a control actually addresses a risk, whether an exception matters, whether the story holds together. And someone has to stand behind the conclusion with a license and liability attached. Coverage becomes a machine's job. Judgment and the signature stay human. That division of labor is the whole design.

Transparency is how the trust gets rebuilt

There is one more piece, and I think it matters more than the technology.

Today's audit report is close to a black box. It tells you surprisingly little about what was actually tested: which procedures ran, against how many items, and what turned up. The reader is left trusting the brand on the cover.

The future auditor has no excuse for that. If verification runs continuously and the evidence is data, then what was checked, how often, and what was found can be shown rather than asserted. An audit that never finds anything is the one to worry about. An auditor who shows you the problems they found, and what happened next, is showing you their work. That is what builds trust, the same way it does everywhere else.

And once the result is data, it does not have to live in a PDF. The buying side is becoming agents too. A security review used to be a person emailing a questionnaire. Increasingly it is an agent asking a question and expecting an answer in milliseconds. A verified, queryable answer beats a 60-page document attached to an email.

The trust layer of the AI economy

Step all the way back and the arc is simple.

Companies will keep needing the one thing they cannot give themselves: an independent answer to "can I trust this vendor." That question is about to be asked constantly, mostly by machines, about systems run by machines. Answering it takes a verification layer that is independent, continuous, agent-compatible, and transparent about what it checked.

The audit is not dying. The snapshot is. Sampling 25 items was never the point. It was the best available approximation of looking at everything. Now looking at everything is on the table, and an independent opinion can finally stand on full coverage instead of a slice of the past. The auditors who build for that get to underwrite trust for the AI economy. The ones who keep mailing snapshots will be describing companies that no longer exist.