How to build a tamper-proof audit trail for AI decisions
When an AI decision is disputed, trusting internal logs is not enough — the operator could have edited them. How signed, chained decision records make an AI audit trail verifiable.
The moment an automated decision is challenged — a declined loan, a rejected claim, a flagged account, a moderation call — the operator is asked a hard question: prove what the model actually did. Most systems answer with an internal log. But an internal log has a fatal weakness as evidence: the operator controls it, so they could have edited it after the fact. Trusting the operator's own logs is exactly the assurance a skeptical regulator, auditor or court cannot accept, because it asks them to trust the party with the motive to alter the record.
The requirement regulators are converging on is non-repudiation: records the operator provably could not have changed after they were created. The EU AI Act mandates logging and traceability for high-risk systems; financial and sectoral supervisors expect the same. Meeting that bar means moving from a log you assert is accurate to a record anyone can verify is intact — without trusting you at all.
The construction is well understood. For each decision, capture the inputs or a hash of them, the output, the model identifier and version, and a timestamp, then sign that record with a private key. Chain each record to the hash of the previous one, so the entries form an append-only sequence: altering or deleting any record breaks the chain and fails verification. Now the audit trail is tamper-evident — an auditor recomputes the hashes and checks the signatures, and any edit, reordering or gap shows up immediately. The trust rests on cryptography and math, not on the operator's word.
Two details make it durable and honest. First, anchor timestamps to something the operator cannot backdate — a public randomness beacon or a public chain — so when is as verifiable as what. Second, sign with a post-quantum scheme such as ML-DSA (FIPS 204), because compliance records may need to hold up for years and a classical signature becomes forgeable once quantum computers mature; the record should outlive that transition. Be precise about scope: a verifiable audit trail proves the authenticity, ordering and integrity of what was logged — it does not prove the decision itself was correct, fair or lawful, which is a separate governance question. What it removes is the ability to quietly rewrite history, which is precisely what turns a log into evidence. The cryptography is resistant to known attacks per NIST, not unbreakable.
Try it yourself — live, free, verifiable in 30 seconds:
Create a verifiable AI audit trail →