5.3.2 Verification of Dynamic Systems
Original Problem in the Paper
Paper motivation: systems like ChatGPT are not static models but multi-component systems—mixture-of-experts, input/output filters, other components—that change through their lifecycle; oversight is hard because deployed systems are ever-changing. Open problem: reliable accessible versioning/update tracking, model registries, what information to store, how to verify it, and how to monitor updates and impacts.
July 2026 Update & Trajectory
Versioning is operational for open repositories and increasingly required administratively by AI Act documentation, post-market monitoring, GPAI model lists, and system cards. But the paper’s target—verified dynamic system identity across hidden model, filters, tools, prompts, retrieval, and frequent updates—is not solved. July 2026 status: narrow operational versioning/documentation; little cryptographic assurance that a live hosted pipeline equals the documented/evaluated one.
Deployed / Operationalized
- Public model repositories use git commits/revisions/history to track model-file changes.
- AI Act creates documentation, model evaluation, systemic-risk classification/listing, and post-market monitoring obligations for high-risk/GPAI systems.
- System cards/safety reports publish release-specific assessments for specific model versions or families.
New Tractable Vectors
- Standard model documentation forms and lifecycle records for GPAI providers under the EU Code of Practice.
- Mapping public model/version commits to eval artifacts for open-weight models.
- Routine release-specific system cards with pre-deployment and post-deployment evaluations.
Key Open Questions
- Cryptographic proof that a hosted API is serving the same model+prompt+tools+filters evaluated by auditors.
- Granularity standards: when prompt, retrieval corpus, safety filter, tool policy, quantization, or routing changes require a new version/audit.
- Versioning agentic systems with rapidly changing tools, memories, and user-specific state.
- User-facing presentation of version/verification data without overwhelming users.
Evidence & Primary Sources
- Hugging Face Hub repositories keep every add/commit/push change as a revision and expose history/diffs, operationalizing versioning for public model artifacts.: https://huggingface.co/docs/hub/repositories-getting-started
- EU AI Act requires GPAI technical documentation covering training/testing process and evaluation results, systemic-risk list upkeep, standardized model evaluation for systemic-risk GPAI, and post-market monitoring plans; legal act 2024-07-12. (2024-07-12): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- Anthropic Claude Opus 4/Sonnet 4 system card documents model-specific pre-deployment tests, release decision, ASL determinations, and ongoing safety commitments; dated May 2025. (2025-05): https://www-cdn.anthropic.com/6be99a52cb68eb70eb9572b4cafad13df32ed995.pdf