AI Audit Trail

An AI audit trail is a record of what an AI system retrieved, used, and validated to produce a given response. Without one, AI reasoning cannot be audited, challenged, or defended.

AIEP creates this record automatically, in a machine-readable format, with every response.

Why AI audit trails matter

In regulated industries, professional services, and any context where decisions carry consequences, it is not enough to know what an AI answered. You need to know:

  1. What evidence the answer was based on
  2. What the state of that evidence was at the time of the response
  3. Whether the evidence has changed since
  4. Whether the response was validated

Without a protocol-level answer to all four, AI outputs cannot be reliably used in audit-sensitive contexts.

What an AIEP audit trail contains

Every AIEP response includes:

FieldPurpose
questionThe input that triggered the response
answerThe generated output
evidence_railOrdered list of all source artefacts
artefact_idUnique identifier for each source
source_urlWhere the artefact was retrieved from
content_hashSHA-256 hash of the source at retrieval time
retrieved_atISO 8601 timestamp of retrieval
validation_statusWhether each artefact passed schema validation
generated_atWhen the full response was assembled

How the trail is used

At time of response: the trail is generated and included in the response JSON.

At time of audit: the trail can be re-fetched. Each source URL is re-retrieved. The new hash is compared to the recorded hash.

  • If they match: the source has not changed. The original reasoning stands.
  • If they differ: the source has changed. The discrepancy is documentable.

This is a complete, verifiable audit record — without relying on the AI system to provide it retrospectively.

Example audit record

{
  "question": "How can an AI answer be verified?",
  "answer": "An AI answer can be verified by binding claims to evidence...",
  "evidence_rail": [
    {
      "artefact_id": "ev_001",
      "source_url": "https://aiep.dev/schema/evidence.json",
      "content_hash": "f3a2c4e0b6a7d991d3e2f5a9c8b7e6f1...",
      "retrieved_at": "2026-04-25T00:00:00Z",
      "validation_status": "passed"
    }
  ],
  "validation": {
    "schema_valid": true,
    "hashes_present": true,
    "evidence_rail_present": true,
    "status": "passed"
  },
  "generated_at": "2026-04-25T00:00:00Z"
}

This record is self-contained. An auditor with only this JSON and access to the source URL can perform an independent check.

Try it

Verification Playground →

See a full audit trail example →

View the response JSON →

View on GitHub →

Machine endpoint →

See also: Verify AI Output · Deterministic AI · RAG vs AIEP · How AIEP Works · Build with AIEP