Mickai43m ago

Chain of Custody for a Machine Decision

Evidence that cannot prove its own handling is no evidence at all. The same is becoming true of artificial intelligence decisions. This essay applies forensic chain of custody to machine actions and lands on the signed, tamper-evident, offline-verifiable record as the difference between a log and admissible proof.

https://mickai.co.uk/articles/chain-of-custody-for-a-machine-decision

#AIgovernance #chainofcustody #audit #forensics #admissibility

Chain of Custody for a Machine Decision

Evidence that cannot prove its own handling is no evidence at all. The same is becoming true of artificial intelligence decisions. This essay applies forensic chain of custody to machine actions and lands on the signed, tamper-evident, offline-verifiable record as the difference between a log and admissible proof.

Mickai44m ago

A Right to Explanation Is a Right to a Record

Explanation rights under modern data and artificial intelligence law assume the existence of a record that most systems never kept. I argue that an explanation you cannot replay is a press release, and that the only honest answer is a signed, hash-chained account written before each action and verifiable offline by anyone.

https://mickai.co.uk/articles/right-to-explanation-is-right-to-record

#explainability #aigovernance #audit #euaiact #dataprotection

A Right to Explanation Is a Right to a Record

Explanation rights under modern data and artificial intelligence law assume the existence of a record that most systems never kept. I argue that an explanation you cannot replay is a press release, and that the only honest answer is a signed, hash-chained account written before each action and verifiable offline by anyone.

Mickai45m ago

The Signature Has To Outlive the Signer

Most artificial intelligence systems are designed to be trusted in the present tense. But a model can run for decades, and the record of its actions has to be verifiable long after the keys, the company, and the author are gone. This is an argument for signing today for a verifier who has not been born yet.

https://mickai.co.uk/articles/the-signature-has-to-outlive-the-signer

#keycustody #postquantumcryptography #AIgovernance #sovereignty #auditability

The Signature Has To Outlive the Signer

Most artificial intelligence systems are designed to be trusted in the present tense. But a model can run for decades, and the record of its actions has to be verifiable long after the keys, the company, and the author are gone. This is an argument for signing today for a verifier who has not been born yet.

Mickai47m ago

Shadow AI Is a Governance Problem, Not a Security One

Banning ungoverned AI tools and agents does not remove them, it just removes your visibility into them. The answer is not prohibition but a signed, hash-chained, offline-verifiable record of what every AI action actually did, owned by you and not the vendor.

https://mickai.co.uk/articles/shadow-ai-is-a-governance-problem

#shadowAI #AIgovernance #audit #AIagents #EUAIAct

Shadow AI Is a Governance Problem, Not a Security One

Banning ungoverned AI tools and agents does not remove them, it just removes your visibility into them. The answer is not prohibition but a signed, hash-chained, offline-verifiable record of what every AI action actually did, owned by you and not the vendor.

Mickai50m ago

When the log is the product, not the exhaust

Most systems treat logging as exhaust, smoke routed away from the real work. I argue the opposite: in artificial intelligence systems, the trustworthy record of what happened is the actual product. Audit-first design builds that record first, signed before the act, sealed into a chain, and verifiable offline by anyone who trusts no one.

https://mickai.co.uk/articles/log-is-the-product-not-the-exhaust

#auditfirstdesign #AIgovernance #tamperevidentlogging #postquantumcryptography #EUAIAct

When the log is the product, not the exhaust

Most systems treat logging as exhaust, smoke routed away from the real work. I argue the opposite: in artificial intelligence systems, the trustworthy record of what happened is the actual product. Audit-first design builds that record first, signed before the act, sealed into a chain, and verifiable offline by anyone who trusts no one.

Mickai51m ago

When Models Eat Their Own Output, Lineage Is the Only Defence

As artificial intelligence (AI) models increasingly train on the output of other models, the lineage of data collapses into a fog. I argue that provenance, a signed and offline-verifiable chain of custody for synthetic data, is the only durable defence. This is the case for treating data lineage as infrastructure, not paperwork.

https://mickai.co.uk/articles/provenance-for-synthetic-data

#syntheticdata #dataprovenance #AIgovernance #modelcollapse #postquantum

When Models Eat Their Own Output, Lineage Is the Only Defence

As artificial intelligence (AI) models increasingly train on the output of other models, the lineage of data collapses into a fog. I argue that provenance, a signed and offline-verifiable chain of custody for synthetic data, is the only durable defence. This is the case for treating data lineage as infrastructure, not paperwork.

Mickai54m ago

Your Vendor SOC 2 Says Nothing About the Model

Procurement still treats a SOC 2 report as proof that an artificial intelligence vendor is safe. It is not. SOC 2 attests to infrastructure controls, not model behaviour, and the two have almost nothing to do with each other. Here is what your contracts should actually demand instead.

https://mickai.co.uk/articles/your-soc-2-says-nothing-about-the-model

#AIgovernance #SOC2 #procurement #modelattestation #audit

Your Vendor SOC 2 Says Nothing About the Model

Procurement still treats a SOC 2 report as proof that an artificial intelligence vendor is safe. It is not. SOC 2 attests to infrastructure controls, not model behaviour, and the two have almost nothing to do with each other. Here is what your contracts should actually demand instead.

Mickai56m ago

Air-Gapped Is Not the Same as Accountable

Isolating a model from the network is a containment control, not an accountability control. Air-gapping limits blast radius but proves nothing about what the model decided or why. Real containment needs a signed, hash-chained, offline-verifiable record, not just a moat.

https://mickai.co.uk/articles/air-gapped-is-not-accountable

#airgap #aiaccountability #aigovernance #audit #postquantum

Air-Gapped Is Not the Same as Accountable

Isolating a model from the network is a containment control, not an accountability control. Air-gapping limits blast radius but proves nothing about what the model decided or why. Real containment needs a signed, hash-chained, offline-verifiable record, not just a moat.

rhodzy3h ago

New blog post: Amazon, Anthropic, and the Art of the Quiet Word

The news about Amazon's CEO influencing a crackdown on Anthropic models isn't surprising. It's just another example of big tech shaping AI regulation to suit its own interests.

https://rhodzy.com/blog/amazon-anthropic-and-the-art-of-the-quiet-word

#ai #anthropic #amazon #techregulation #bigtech #aigovernance

rhodzy.com

al7h ago
Post 2/2
Why now? A Munich court just ruled Google's AI Overviews are Google's own speech, not neutral search results -- and the reasoning reaches well beyond Germany, to any AI answer engine. Wrote up the ruling and the build (afternoon, £4.98, eighteen months of prior infrastructure debt doing the real work):
https://haunted.lighthouse.co.im/articles/we-built-a-search-engine-this-afternoon/
#AIGovernance #SovereignAuditor
We Built a Search Engine This Afternoon

A Munich court just ruled that Google's AI Overviews are Google's own speech, not neutral search results -- and that ruling reaches further than Germany. Here is what we built in response, and what it actually took.