AI Decision Provenance
Cryptographic lineage for every AI output — the data, model, policy, and authority that produced it.
Provenance is the chain of inputs, models, data transformations, policy decisions, and authorities that led to a specific AI output. H33 produces cryptographic provenance for every AI decision: tamper-evident, replayable, verifiable by any third party without contacting the AI vendor.
What AI decision provenance actually means
Provenance answers a specific question: how did this AI output come to be? Standard observability tells you what happened. Provenance is more demanding. Provenance documents the full causal chain: Which data corpus did the model consult? Which retrieval results were surfaced and ranked first? Which model version processed the input, with what parameter configuration? Which policy was in force at decision time? What confidence did the model report? Which evidence rows did the answer cite? Who was authorized to make this decision under the policy? Provenance is the difference between "the AI returned this answer" and "here is the cryptographic record of why the AI returned this answer."
How H33 produces provenance
Every AI decision routed through H33 produces an evidence bundle. The bundle is the provenance record. The bundle's eight evidence control objects, taken together, document the full causal chain: PolicyBind records which policy was bound to the decision. ModelFingerprint records which model processed it. AuthorityBind records who was authorized. CalibratedAbstention records confidence and abstention behavior. PipelineDag records execution stages with hash-linked digests. CorpusBind records the corpus and index epoch consulted. EvidenceAttestation records the evidence rows that grounded the decision. ResultCitationBind records the binding between answer text and citations. The bundle is signed with three independent post-quantum algorithm families. Its 32-byte commitment can be anchored to a public blockchain.
Why provenance is harder than logging
Logs are written; provenance must be proven. Logs are mutable; provenance must be tamper-evident. Logs are local; provenance must be portable. Logs are point-in-time; provenance must record the relationships between events. A system can satisfy logging requirements without producing real provenance. H33 produces provenance by design.
What "the data corpus" means in a verifiable record
Provenance for AI decisions has a specific failure mode: ambiguity about the data consulted. A typical RAG system retrieves documents from a knowledge base that evolves over time. By the time an auditor reviews the decision, the knowledge base may look different from the version the decision was made against. H33 addresses this with CorpusBind: the corpus manifest digest at decision time, the corpus epoch, the index epoch, the retrieval engine versions with fingerprints. The provenance record proves which corpus state and which retrieval state produced the retrieved context.
Use cases
FDA AI submission. A pharmaceutical company submits an AI-assisted analysis to the FDA. The provenance bundle documents the analysis path: which trial data was consulted, which model was used, which version of the analysis policy was applied. Lending decision provenance. A bank's AI lending model approves a loan. The provenance bundle records the applicant data accessed, the policy version, the model identity, the model's confidence. Healthcare AI recommendation provenance. A clinical decision support AI recommends a treatment plan. The provenance bundle records the patient record consulted, the treatment protocol, the recommending model, and the literature cited.
Common questions
Is provenance the same as explainability?
No. Explainability addresses what the model reasoned. Provenance addresses what the system actually did. The two are complementary.
Does the provenance record include the model's internal reasoning?
No. The provenance record documents the model's identity, the inputs it processed, the outputs it produced, and the policy and authority it operated under.
How is this different from MLOps lineage tracking?
MLOps tracks training data, model versions, and deployment pipelines. Provenance tracks what happened at inference time for a specific input.
Can the provenance be reviewed without exposing the input data?
Yes. The provenance can be verified at the bundle structure and signature level without decrypting the underlying input.
Does the provenance work across model retraining?
Yes. The provenance is tied to the model fingerprint at decision time. Subsequent retraining does not affect already-produced provenance records.
Related: Verifiable AI Decisions · AI Audit Trails · AI Decision Attestation · Explainable AI vs Verifiable AI