Back to Dashboard
Verification / Deployment/ 5.4.1

5.4.1 Verifiable Audits

2026 Governance Status: Prototype-level / narrowly operationalized

Original Problem in the Paper

Paper motivation: external audits/assessments are proposed as core governance tools; attesting to audit process/outcome could build trust among developers, auditors, governments, and users and prove compliance. Open problems: verify claimed capabilities/performance without full access, use ZK proofs despite high overhead, prove live inference pipeline matches audited pipeline, handle dynamic models, scale beyond enclave-only critical systems, inform users with low friction, and prevent auditor exfiltration of weights; verify safety measures post-deployment.

July 2026 Update & Trajectory

Verifiable audit ingredients are maturing: ZK inference proofs for 13B LLMs, TEEs/confidential AI factories, AI Act/GPAI audit/documentation obligations, and system cards. But end-to-end audit registry plus live certificate matching for deployed dynamic pipelines is not production-standard by July 2026. ZK/TEE overhead, dynamic updates, model exfiltration, and user-facing verification remain open.

Deployed / Operationalized

  • Empirical audit artifacts: system cards, safety scorecards, external red-team summaries, and regulator documentation forms.
  • TEE/confidential-computing architecture can attest measured inference environments before releasing secrets.
  • ZK LLM inference proofs demonstrate feasibility for selected models/proofs but are not yet routine for large live services.

New Tractable Vectors

  • ZK proof of inference authenticity for moderately large LLMs without revealing weights.
  • Enclave certificate chains tying evaluated containers/model artifacts to runtime key release.
  • Regulatory audit/documentation workflows under EU AI Act and GPAI Code of Practice.

Key Open Questions

  • End-to-end public audit registries binding audit results to every user-facing generation from a dynamic pipeline.
  • Scalable ZK/TEE verification for frontier multimodal systems with acceptable latency/cost.
  • Safe auditor access that avoids model-weight exfiltration or benchmark leakage.
  • Verifying that post-deployment safety filters/classifiers are attached, current, and enforced for every relevant request.

Evidence & Primary Sources