AI coding agents run on your machine with broad access to files, network, and system calls — but most developers have zero visibility into what they actually do. Correlic is building kernel-level security observability to change that. Using eBPF to trace every syscall, we detect anomalous behavior, correlate threat patterns, and give developers a real-time audit trail of AI agent activity. This blog documents the technical journey of building Correlic from the ground up — the engineering challenges, the failed approaches, and the breakthroughs in making AI agents transparent and accountable.