problem
AI Audit Is Not Verification
Audit and verification are treated as the same thing. They are not. Audit reviews reports. Verification confirms execution. AI systems have the first. None have the second.
Two different operations
Audit reviews what was reported. It examines logs, records, and documentation. It asks: are the reports consistent? Are the records complete? Do the documents match the claimed process?
Verification confirms what actually happened. It compares a claim against independent evidence. It asks: did this specific thing execute under these specific conditions? Can a third party confirm it?
Audit operates on reports. Verification operates on evidence. In AI systems, the reports exist. The evidence does not.
Compliance requires verification
Compliance frameworks assume verification is possible. They require organizations to demonstrate that systems operated within defined parameters. They require evidence that controls were in place.
In traditional software, this is achievable. The binary is versioned. The configuration is stored. The execution path is deterministic. An auditor can verify that the system operated as claimed.
In AI systems, compliance is self-reported. The operator asserts what model ran. The operator asserts what configuration was active. The operator asserts what context was provided. No independent mechanism confirms any of these assertions.
AI systems do not have identity. Without identity, compliance is audit without verification. It is a review of claims, not a confirmation of facts.
What currently fails to bridge the gap
Log-based audit reviews what the logging system recorded. The logging system is controlled by the operator. The operator determines what is logged, how it is stored, and how long it is retained. Auditing operator-controlled logs is reviewing the operator's own account.
Output-based review examines what a model produced. It cannot determine what conditions produced it. An output that appears compliant may have been generated under non-compliant conditions. The output does not carry its provenance.
Self-reported compliance is assertion, not evidence. When an operator reports that a system used a specific model version with specific guardrails, no mechanism exists to confirm the report. The compliance report describes what the operator claims. It does not verify what the system did.
Each of these approaches audits. None verify. The distinction is not semantic. It is structural.
Audit without verification is insufficient
Every compliance framework applied to AI systems today operates on audit alone. SOC 2, ISO 27001, HIPAA, the EU AI Act. Each requires evidence of controlled operation. None can obtain it because no verification mechanism exists.
This is not a gap that better audit practices will close. Audit, however thorough, reviews reports. Verification requires independent evidence of execution. The evidence does not exist because the identity of the run does not exist.
Until AI runs have verifiable identity, audit and verification will remain different operations. And only one of them will exist.