← Back | Sigmantics Research Portal | Home
Asset Ledger

AI artifacts have no chain of custody

AI is generating artifacts at scale — code, documents, images, decisions. None of them have a chain of custody. You can't audit where they came from, what model made them, or whether they've been modified since. "AI generated this" and "we can prove AI generated this, and here's what we know about how" are not the same sentence. That gap is going to matter more every year.

The obvious fix — ask AI to check AI's work — doesn't work. Correlated failure modes mean the same model that made the error will often miss it. And tracking the artifact alone isn't enough: a clean artifact from an unknown or untrustworthy provider is still suspect. Trust has to come from outside the generation process, and it has to cover more than just the asset.

Asset Ledger is our experimental response. The core proposal: trust in AI artifacts is multi-polar. It requires three independent provenance trails — for assets, for providers, and for users — all writing to a shared historic ledger.

Three pillars of provenance

The Asset

Every artifact carries a trail: how it was generated, what testing it went through, and how users who actually used it responded. Acceptance isn't assumed — it's recorded.

The Provider

A clean artifact from an unknown provider is still suspect. Provider provenance tracks who generated the asset, their credentials, and their track record across everything they've produced.

The User

Users who vote on assets earn their own provenance score. Votes that follow natural patterns carry weight. Uniform voting — always positive, always negative — loses influence over time. You can't buy trust, and new identities start from zero.

Historic Provenance

All three chains write to a shared foundation: the historic ledger. An asset's history, a provider's history, and a user's history are entries in the same record. Trust cannot be separated from track record — and track record cannot be faked from scratch.

The ledger doesn't punish gaming. It makes it pointless.

Gaming the asset chain requires trusted users. Gaming the user chain requires consistent, fair behaviour over time. Gaming the provider chain requires a track record of trusted assets. Every shortcut burns the entity that tries it.

Asset Ledger is experimental. The model is proposed, the implementation is in progress. If this is a problem you're working on too, we'd like to hear from you.