Ovie Carroll, director of the Department of Justice’s cybercrime lab and a principal instructor at the SANS Institute, has published a paper warning that autonomous AI agents can modify files on Windows machines without leaving the forensic artifacts that digital examiners have relied on for decades. He coined a name for the courtroom defense this enables: SAIDI, or “Some Artificial Intelligence Did It.”

The term is a deliberate successor to SODDI (“Some Other Dude Did It”), the longstanding legal strategy that blames open Wi-Fi, shared accounts, or malware for activity on a defendant’s machine. SAIDI swaps the unknown human for the AI assistant the user installed themselves.

The Experiment

Carroll ran a controlled test on a Windows 11 machine, according to Forbes contributor Lars Daniel. He placed a Word document in a OneDrive folder and instructed an AI agent, built on the open-source OpenClaw framework running Anthropic’s Claude, to open the document, add a summary paragraph, and save it.

The agent completed the task without touching Word’s interface. It rewrote the file directly through a programming library inside an invisible PowerShell session, a silent process with no window and no click. The document changed, the change synced to OneDrive, and Word launched afterward only to display the finished file.

The shortcut files, recent-documents lists, and registry entries that examiners typically reach for first were never created. An examiner relying on those artifacts would have concluded the document was never opened.

Two Failure Modes

Carroll identified two distinct risks for forensic examiners. The first: an examiner finds no records and falsely concludes nothing happened. The second: an examiner finds a modified file in a user’s personal folder and falsely concludes the user made the change, when the modification was actually the work of an agent acting on a vague instruction, or on no instruction the user remembers giving.

Innocent people can be blamed for what software did under their account. Guilty ones can point at the AI copilot their employer installed.

The Evidence Is Recoverable, But Buried

In Carroll’s test, the truth survived the agent’s work — it just lived in records examiners rarely check first. The file system’s change journal recorded the rewrite to the second. Windows event logs captured the silent PowerShell session. The agent kept its own session log, preserving the typed instruction verbatim. Three independent records, each created by a different system, told one consistent story.

But even those deeper logs did not establish who typed the instruction, or whether that person understood what the agent would do.

Federal Courts Pulled Back a Proposed Rule

The legal system has started to notice. Proposed Federal Rule of Evidence 707 would have held machine-generated evidence to the same reliability standard as human expert testimony. After mixed public comment, the advisory committee pulled it back for further study. Agent-attribution disputes can reach courtrooms years before any rule is ready.

Federal Rule of Evidence 603 requires every witness to swear an oath designed to bind the conscience. Software has no conscience to bind. Carroll’s line, as reported by Forbes: without accountability there is no testimony, only output.

The Enterprise Audit Problem

The findings extend beyond criminal cases. Employment disputes turn on who copied the client list. Fraud investigations turn on who edited the invoice. Compliance audits assume forensic artifacts reflect human activity. Every enterprise deploying AI agents under employee user accounts now faces the question of whether their audit trails can distinguish agent actions from human ones, and most current logging infrastructure was not built with that distinction in mind.

The agents are already running on ordinary computers, reading files and drafting documents under ordinary user accounts. Carroll’s experiment shows the first SAIDI defense is a matter of when, not whether.