stephenaitken.io

June 2026

Why AI Needs a Flight Recorder

An executive brief on the missing layer of AI accountability.

Companion to “Closing the AI Evidence Gap

The Problem in One Sentence

When an AI makes a decision that affects your business or your customers, you currently have no way to prove what actually happened.

The AI Evidence Gap

Every day, organisations are deploying AI systems that make consequential decisions:

  • A bank's AI declines a mortgage application
  • An insurer's AI denies a claim
  • A hospital's AI recommends a treatment path
  • A government agency's AI flags an applicant for review

When a human makes these decisions, there is a paper trail. Notes are taken. Files are kept. Decisions can be reviewed, appealed, and audited.

When an AI makes these decisions, there is... nothing.

You have the prompt that went in. You have the response that came out. But you have no verifiable connection between them — no evidence that the response actually came from the system you think it came from, at the time you think it happened, without being altered or tampered with.

This is the AI Evidence Gap.

Why This Matters Right Now

Three forces are converging:

  1. Regulation is arriving. The EU AI Act is already in force, with obligations phasing in through 2027. Sectoral regulators (financial services, healthcare, insurance) are increasingly requiring auditability of automated decisions. If you cannot produce evidence of what your AI did, you may be presumed non-compliant.
  2. Litigation is coming. The first wave of AI-related lawsuits has begun. Plaintiffs will demand to see what the AI actually did. Defendants who cannot produce verifiable records will face an uphill battle.
  3. Customer trust is fragile. When something goes wrong, “the AI did it” is no longer an acceptable answer. Customers, partners, and regulators expect accountability — not explanations, but evidence.

The Flight Recorder Analogy

Consider the aviation industry.

Every commercial aircraft carries a flight recorder — the “black box.” It does not prevent accidents. It does not fly the plane. Its only job is to record what actually happened so that after an event, investigators can determine the truth.

The flight recorder has transformed aviation safety — not because it stops crashes, but because it enables accountability, learning, and continuous improvement.

Flight recorders created the evidence layer for aviation. AI now needs its own — an AI Evidence Layer.

Visual Explainer

Here is what a Trust Receipt — an AI flight recorder entry — looks like in practice:

User Prompt

“What is my account balance?”

AI System

“Your balance is $4,250.”

Trust Receipt

#a7f3e9

Hash: 9e4c...2b7f

Signature: Ed25519

Previous: #d6c2...

TimestampAgent IDTenantPrinciple Scores

Verify

  • Hash match
  • Signature valid
  • In chain

User receives response — independently verifiable

The same flow, in plain text:

User Prompt      AI System        Trust Receipt
     ▼               ▼                 ▼
"What is my      AI System      ┌─────────────┐
 account                        │  RECEIPT    │
 balance?"                      │  #a7f3e9    │
     │               │          ├─────────────┤
     │               │          │ Hash:       │
     │               ▼          │ 9e4c...2b7f │
     │         "Your balance    │             │
     │         is $4,250."      │ Signature:  │
     │               │          │ (Ed25519)   │
     │               │          │             │
     │               │          │ Metadata:   │
     │               │          │ • Timestamp │
     │               │          │ • Agent ID  │
     │               │          │ • Tenant    │
     │               │          │ • Principle │
     │               │          │   Scores    │
     │               │          │             │
     │               │          │ Previous:   │
     │               │          │ #d6c2...    │
     │               │          └─────────────┘
     │               │                 │
     │               │                 ▼
     │               │          ┌─────────────┐
     │               │          │   VERIFY    │
     │               │          │             │
     │               │          │ ✓ Hash      │
     │               │          │ ✓ Signature │
     │               │          │ ✓ In chain  │
     │               │          └─────────────┘
     │               │
     ▼               ▼
User receives    Response can be
response         independently
                 verified

What makes this different from a log file?

A log file is a record. A trust receipt is evidence.

Log FileTrust Receipt
Can be edited after the factCryptographically signed and timestamped
Lives inside your systemCan be verified by anyone with the public key
A point-in-time snapshotForms a chain where each one proves the previous

This is the difference between saying what happened and proving what happened.

Case Study: The AI Evidence Gap in Practice

Scenario: A Bank's Mortgage Denial

The situation: A customer applies for a mortgage. The bank's AI-assisted underwriting system flags the application and recommends denial. The customer appeals.

Without a Flight Recorder

The bank's compliance officer searches the logs. They find the application record. They confirm the AI was involved. But they cannot answer the questions that matter:

  • What exact prompt was sent, and which model version answered it?
  • Is the response on file the one the AI actually produced — or one edited afterward?
  • Did the recommendation change between the original decision and the appeal?

The bank's position reduces to “trust us, the AI got it right.” The regulator's response is the only one it can be: “prove it.” And the bank cannot — not because it did anything wrong, but because it kept a record instead of evidence.

With a Flight Recorder

A good regulator will raise the obvious objection first: if the bank signs its own receipts with its own key, isn't that just the bank vouching for itself?

Self-attestation from the party under scrutiny is exactly what an audit exists to overcome.

A trust receipt answers this in three layers — none of which asks the regulator to take the bank's word for it.

  1. Integrity. The response is hashed and signed at the moment of the decision. Anyone with the public key can confirm the response on file is bit-for-bit the one that was signed, and that it hasn't changed since. The bank cannot quietly revise the decision before the appeal.
  2. Continuity. Each receipt carries the hash of the one before it, forming a chain. The bank cannot delete an inconvenient receipt without leaving a visible gap — a missing link isn't the absence of a problem, it's the signature of one.
  3. Independence. The chain can be anchored to a record the bank doesn't control — a public timestamping service or transparency log — so the order and timing of events can't be rewritten after the fact, even by the bank itself.

Note what this does and doesn't prove. It doesn't prove the AI's recommendation was correct, fair, or made in good faith — cryptography can't see inside a model's judgement. What it proves is narrower and more useful: that this output came from this system, at this time, in this order, and hasn't been touched since. The bank is committed to the record the moment it's created, and can't choose what to remember once the appeal arrives.

The compliance officer retrieves the receipt, verifies the signature, checks the timestamp against the independent anchor, and traces the chain to confirm nothing is missing.

Once a verifiable record is the expectation, a missing receipt stops being a paperwork gap and becomes the most incriminating thing a system can produce.

The conversation shifts from “trust us” to “here is the evidence — verify it yourself.”

What This Is Not

This isn't a pitch for a single vendor — the concept of cryptographically verifiable AI records is emerging across the industry, from academic research to standards bodies to commercial offerings, including SONATE, which I built to put these ideas into practice.

The point is that whatever AI system you deploy, it should produce verifiable records of its interactions.

Ask your AI vendors:

  • Do you generate cryptographically signed receipts for AI responses?
  • Can I independently verify that a response came from your system and hasn't been altered?
  • Do receipts form a tamper-evident chain?
  • Can I provide these receipts to a regulator or auditor as evidence?

If the answer to any of these is no, you have an AI evidence gap.

The Bottom Line for Executives

AI is becoming too important to operate on trust alone.

You would not fly on an airline that said “don't worry, we don't need black boxes.” You should not deploy AI systems that cannot produce verifiable evidence of what they did.

The question is not whether AI will be held accountable. The question is whether you will have the evidence when it happens.

The technology exists. The standards are emerging. The regulators are paying attention.

It is time to close the AI evidence gap.

For Regulators

When drafting AI governance rules, consider adding a requirement for verifiable interaction records:

  • Each AI decision that affects a person or business should produce a cryptographically signed receipt
  • Receipts should be independently verifiable by the affected party and by regulators
  • Receipts should form a tamper-evident chain
  • Regulators may increasingly view the absence of verifiable interaction records as a governance gap

This creates a practical, enforceable standard — not a subjective judgment about whether the AI was “fair” or “accurate,” but an objective fact about whether there is evidence of what happened.

Coming Next

Article 4: How to Read a Trust Receipt

A practical guide for compliance officers, auditors, and investigators — no cryptography degree required.

Read article 4

See It Running

Stop relying on trust. Generate your first cryptographically signed AI Trust Receipt and see what an AI Evidence Layer looks like in practice.

Try the live demo