Verifiable vs Presentational Citations
In early 2026, every major AI assistant offers inline citations. Grok 3 DeepSearch, Perplexity Deep Research, Gemini 2.5, and ChatGPT SearchGPT all produce numbered source references alongside answers. They look similar. They are not equivalent.
The distinction is categorical: presentational citations tell you what was referenced. Verifiable citations prove it.
What a presentational citation is
When Perplexity, Grok, or Gemini return a numbered source card, they are providing a hyperlink and an excerpt. You can click through and read the source. You cannot:
- Verify that the content fetched at query time matches the content at the URL today
- Confirm the source was fetched directly and not through a proxy, VPN, or cached layer
- Reconstruct the exact artefact that contributed to the answer
- Prove to a third party that the cited source existed in its referenced form at the moment of the query
- Detect whether a source was altered between citation and review
This is citation as user experience feature. It is well-designed and useful. It is not an audit record.
What a verifiable citation chain is
AIEP’s P37 evidence chain produces a different kind of record for every response.
For each source fetched, Piea computes:
artefact_id = sha256(source_url + content_hash + retrieved_at + session_id)
This artefact ID is:
- Committed — written to the session’s evidence ledger before the answer is generated
- Chained — each artefact includes the hash of the previous artefact, forming a sequential chain from a genesis record
- Bound to the response — the final
response_commitment()hash covers the answer text, all artefact IDs, and a timestamp
The chain is tamper-evident. If a single source, response token, or timestamp is altered, every downstream hash in the chain changes. The divergence is detectable.
The source integrity layer (P124)
AIEP goes further. Before any source is accepted into the evidence chain, P124’s inspectSourceIntegrity() checks:
| Check | What it detects |
|---|---|
| TLS verification | Source served over valid HTTPS |
| Via header analysis | Source routed through a proxy or CDN layer |
| VPN / proxy detection | Outbound request appears to originate via tunnel |
| RFC1918 range detection | Source IP is a private network range (internal only) |
| HTTP 451 check | Source is legally restricted in the fetching jurisdiction |
A source that fails any of these checks receives a degraded confidence tier. The degradation is recorded in the artefact record. The system does not silently accept sources that cannot be verified as clean.
No competitor — including Harvey, AlphaSense, or any of the major general AI assistants — interrogates the network path of a fetched source. They inherit whatever the CDN or proxy layer delivers.
What this means in regulated contexts
The difference between presentational and verifiable citations is not abstract. In legal proceedings, regulatory audits, and financial compliance reviews, the question is not “did you cite a source?” It is “can you prove what that source said at the moment you relied on it?”
A citation card from Perplexity is a claim. A P37 artefact chain is a cryptographically structured factual record with a stable, reproducible identifier. These are different categories of evidence.
| Requirement | Presentational citation | AIEP evidence chain |
|---|---|---|
| Source URL provided | ✓ | ✓ |
| Content hash at retrieval | ✗ | ✓ (per-artefact) |
| Tamper-evident chain | ✗ | ✓ (P37 sequential chain) |
| Network path integrity | ✗ | ✓ (P124 source inspection) |
| Independently verifiable | ✗ | ✓ (chain replayable from genesis) |
| Dissent recorded when incomplete | ✗ | ✓ (P126 negative proof hash) |
| Reproducible response hash | ✗ | ✓ (response_commitment()) |
The dissent signal (P126)
When AIEP’s evidence chain cannot adequately support an answer, it does not hedge verbally. It produces a negative proof hash — a structured, signed record that is stored in the session ledger alongside positive evidence records.
This negative proof record states:
- What was searched for
- What was not found
- When the search was conducted
- A hash of the empty result set
Claude’s Extended Thinking and o3’s reasoning chains produce human-readable uncertainty traces. These are useful for interpretation. They are not structured audit records — they cannot be referenced in a compliance report with a stable identifier, and they deteriorate if the model is updated.
AIEP’s P126 dissent record can be retrieved, hashed, and verified independently of the model that produced it.
Related specs
- P37 — Divergence Proof and evidence commitment chain
- P124 — Source integrity inspection (VPN, proxy, TLS, RFC1918)
- P126 — Negative proof hash and dissent signal
- P41 — Canonical Record Protocol — defines the artefact record structure
- P80 — Dual-Ledger Memory Substrate — where evidence and dissent records are stored
See also: Evidence Layer · Audit · Source Integrity · Compliance