Tracking AI: A New Framework for Secure Interactions

Author: Denis Avetisyan

A novel system aims to establish a clear record of AI application activity, fostering accountability and mitigating risks in increasingly complex AI ecosystems.

Figure 2: System Workflow The system operates through a cyclical process of perception, planning, and action, where incoming sensory data informs a predictive model-described by <span class="katex-eq" data-katex-display="false">P(\mathbf{x}_t | \mathbf{x}_{t-1})</span>-to anticipate future states and subsequently refine action selection through a learned policy, ultimately optimizing for desired outcomes within a dynamic environment. — Figure 2: System Workflow The system operates through a cyclical process of perception, planning, and action, where incoming sensory data informs a predictive model-described by $P(\mathbf{x}_t | \mathbf{x}_{t-1})$ -to anticipate future states and subsequently refine action selection through a learned policy, ultimately optimizing for desired outcomes within a dynamic environment.

The AiAuditTrack framework utilizes blockchain technology to create an auditable trail of AI interactions, enabling robust risk management and decentralized identity verification.

The increasing complexity of large language model-driven applications presents a critical challenge in establishing accountability and managing emergent risks. This paper introduces AIAuditTrack: A Framework for AI Security system, a blockchain-based solution designed to record and govern AI interactions through decentralized identity and verifiable credentials. By modeling AI entities as nodes within a dynamic interaction graph, AAT enables cross-system auditing and propagates early warnings via a novel risk diffusion algorithm. Could this framework provide a foundational layer for trust and responsible innovation within increasingly interconnected AI ecosystems?

The Opacity Problem: Accountability in Modern AI

The accelerating deployment of Large Language Models presents novel security and accountability dilemmas stemming from their inherent opacity. These models, trained on massive datasets, function as complex “black boxes” where the reasoning behind outputs remains largely inaccessible, creating significant challenges for verification and trust. Unlike traditional software with clearly defined codebases, LLMs generate responses through intricate statistical patterns, making it difficult to pinpoint the source of errors, biases, or malicious outputs. This lack of transparency not only hinders the ability to audit decisions made by AI systems but also complicates efforts to establish responsibility when those decisions have negative consequences, demanding new approaches to ensure responsible AI development and deployment.

Traditional security measures, designed for clearly defined inputs and outputs, are proving inadequate when applied to the dynamic and multifaceted interactions with Large Language Models. These models don’t operate on discrete commands but rather engage in extended, conversational exchanges, generating outputs based on complex internal states and vast datasets. This poses a significant challenge for conventional intrusion detection and access control systems, which struggle to monitor and verify the provenance of information flowing through these intricate networks. Consequently, a fundamental shift is required; new interaction tracking approaches must move beyond perimeter defenses and focus on granularly logging and auditing the entire lifecycle of a query, from initial prompt to final response, to establish accountability and ensure responsible AI deployment.

The absence of verifiable provenance in artificial intelligence systems presents a growing concern, as decisions made by these complex algorithms increasingly impact critical aspects of daily life. Without a clear and auditable record of the data, reasoning, and influences shaping an AI’s output, it becomes exceedingly difficult to identify the source of errors or detect intentional manipulation. This opacity erodes trust, particularly when AI is employed in sensitive areas like finance, healthcare, or criminal justice, where accountability is paramount. The inability to trace a decision back to its origins not only hinders the correction of mistakes but also creates opportunities for malicious actors to exploit vulnerabilities and introduce biases, ultimately undermining public confidence in the technology and its applications. Establishing robust provenance mechanisms is therefore crucial for ensuring the responsible and ethical deployment of AI systems.

AiAuditTrack: A Blockchain-Based Provenance Framework

AiAuditTrack (AAT) establishes a system for documenting the origin and history of AI interactions by leveraging blockchain technology. This framework records details of each AI operation – including inputs, processing steps, and outputs – as transactions on a distributed, immutable ledger. The use of blockchain ensures that this record cannot be altered retroactively, providing a high degree of trust and transparency. By cryptographically linking each interaction to its preceding events, AAT creates an auditable trail that verifies the integrity and lineage of AI-driven results, facilitating compliance and accountability. This verifiable provenance is critical for applications requiring demonstrable trustworthiness, such as regulated industries and high-stakes decision-making processes.

AiAuditTrack utilizes Decentralized Identifiers (DIDs) – globally unique identifiers not controlled by centralized authorities – to establish digital identities for AI agents and the systems they operate within. These DIDs serve as the foundation for issuing Verifiable Credentials (VCs), which are digitally signed statements attesting to specific attributes or actions of the AI entity. VCs can confirm aspects such as the AI’s model version, training data provenance, or authorization to perform specific tasks. The combination of DIDs and VCs enables a trust framework where AI interactions are linked to a verifiable identity, allowing for independent validation of claims regarding the AI’s behavior and data lineage, and facilitates interoperability across different AI systems and platforms.

Trajectory Encoding within AiAuditTrack (AAT) functions by recording each discrete step of an AI’s operational sequence, encompassing input data, processing parameters, and resultant outputs. This data is then structured into a Trajectory Network Graph, where nodes represent individual AI interactions and edges define the sequential relationships between them. The resulting graph provides a complete, immutable record of the AI’s decision-making process, facilitating detailed auditing and analysis of its behavior. Each trajectory is cryptographically linked to the AI entity’s Decentralized Identifier (DID), ensuring data integrity and non-repudiation. The graph structure allows for efficient traversal and reconstruction of any AI’s operational history, supporting forensic investigations and compliance verification.

Trajectory records are constructed to capture and represent the system's dynamic behavior over time. — Trajectory records are constructed to capture and represent the system’s dynamic behavior over time.

Proactive Risk Management Through Network Analysis

Risk Propagation Control within the Autonomous Agent Toolkit (AAT) utilizes the Trajectory Network Graph to model and analyze risk diffusion. This graph represents agent interactions as nodes and the flow of information or resources as edges, allowing AAT to simulate how a vulnerability or malicious event in one area of the network can spread to others. By mapping these propagation pathways, the system can quantify the potential impact of risks, identify critical nodes vulnerable to cascading failures, and assess the effectiveness of mitigation strategies. The modeling process incorporates factors such as agent trust levels, data sensitivity, and network topology to generate a probabilistic representation of risk spread, enabling proactive security measures and improved resilience within the AI interaction network.

AAT utilizes Graph Neural Networks (GNNs) to construct anomaly detection models within the AI interaction network, represented as a Trajectory Network Graph. These GNNs learn node embeddings that capture the relationships and features of each node – representing AI components or interactions – allowing the system to identify deviations from established behavioral patterns. The models are trained on normal network activity and subsequently used to score new interactions based on their likelihood of being anomalous. Anomalies are flagged when the calculated score exceeds a predetermined threshold, indicating potentially malicious activity or system failures. The GNN architecture enables the system to detect complex anomalies that may not be apparent through traditional signature-based methods by considering the contextual relationships within the graph structure.

The Risk Level Propagation mechanism within AAT facilitates a computable risk control system by assigning and disseminating risk scores throughout the AI interaction network. This process begins with an initial risk assessment at a node, which is then propagated to connected nodes based on the strength and type of interaction. The propagation algorithm considers factors such as the confidence level of the initial assessment and the inherent vulnerability of the connected node. Consequently, security measures – including access restrictions, data encryption levels, and monitoring frequency – are dynamically adjusted at each node proportional to its calculated risk level. This allows for targeted and automated security responses, mitigating potential threats without impacting the functionality of lower-risk components within the network.

Sui Blockchain: A Foundation for Scalable Trust

The Sui Blockchain functions as the foundational layer for the AAT system, delivering the requisite performance and scalability for deploying secure and verifiable smart contracts. This is achieved through Sui’s architecture, which incorporates features like parallel transaction processing and dynamic sharding. These features allow AAT contracts to execute complex logic on-chain without experiencing significant latency or throughput limitations. The blockchain’s design ensures that all contract state and execution are cryptographically verifiable, providing a robust audit trail and preventing unauthorized modifications. This infrastructural support is critical for AAT’s functionality, as it relies on the reliable and tamper-proof execution of smart contracts to track and verify AI interactions.

AAT’s core smart contracts are built using the Move programming language, a language specifically designed for safety and performance in blockchain environments. Move employs a resource-oriented programming model, ensuring secure asset management and preventing common vulnerabilities like double-spending. This approach facilitates the execution of complex on-chain logic, including the tracking and verification of AI interactions, without compromising security or efficiency. The language’s static analysis capabilities allow for proactive identification of potential errors during development, further enhancing the robustness of AAT’s contracts and minimizing the risk of exploits.

Performance benchmarks conducted against the Qubic Blockchain indicate Sui demonstrates superior transactional throughput capabilities. Specifically, testing focused on applications involving high-frequency AI interaction tracking revealed Sui achieved a simulated Transactions Per Second (TPS) redundancy ratio of 110. This metric represents the ability of the Sui blockchain to reliably process a significantly higher volume of transactions compared to Qubic within a simulated environment. The results suggest Sui’s architecture is well-suited for applications demanding high scalability and consistent performance, such as the accurate and verifiable logging of AI interactions.

Towards a New Standard of Trustworthy AI

A truly trustworthy artificial intelligence ecosystem hinges on understanding how and why an AI reached a particular decision, and Anticipatory Attestation Technology (AAT) directly addresses this need. By meticulously documenting an AI’s developmental lineage – its data sources, algorithms, and modifications – AAT establishes verifiable provenance, creating an auditable trail of accountability. This isn’t merely about post-hoc analysis; AAT proactively identifies potential risks throughout the AI’s lifecycle, allowing developers to mitigate vulnerabilities before they manifest as harmful outcomes. Consequently, stakeholders – from end-users to regulatory bodies – gain increased confidence in AI-driven decisions, fostering responsible innovation and ultimately enabling the safe and ethical deployment of increasingly complex intelligent systems.

The architecture underpinning trustworthy AI extends far beyond theoretical frameworks, offering practical improvements to sectors demanding utmost reliability. In finance, this translates to enhanced fraud detection and secure transaction processing, bolstering consumer confidence and market stability. Healthcare benefits from improved diagnostic accuracy and patient data privacy, facilitating safer and more effective treatments. Perhaps most critically, autonomous systems-ranging from self-driving vehicles to robotic surgery-gain a crucial layer of security and predictability, ensuring responsible operation and minimizing potential harm. By establishing a consistent method for verifying the origins and integrity of AI-driven decisions across these diverse applications, the framework doesn’t merely address potential risks, but actively fosters a new standard of accountability vital for public trust and widespread adoption.

Recent evaluations demonstrate the robust security capabilities of Attested AI Technology (AAT), successfully defending against all four commonly encountered attack vectors during rigorous testing. This performance not only satisfies established international identity security benchmarks but also reveals a high degree of operational integrity and accurate path recognition, even within complicated task environments. The implications of these findings extend beyond simple defense; AAT facilitates the development of AI ecosystems characterized by transparency and auditability, granting both users and regulatory bodies the necessary instruments to guarantee the ethical and secure implementation of artificial intelligence across diverse applications and fostering greater confidence in AI-driven decision-making.

The AiAuditTrack framework, as detailed in the article, posits a system where understanding the entirety of AI interactions – the ‘AI Interaction Trajectory’ – is paramount for robust security. This echoes Linus Torvalds’ sentiment: “Most good programmers do programming as a hobby, and then they get paid to do it.” The article’s focus on meticulous tracking and auditable logs isn’t merely about compliance; it’s a recognition that effective AI governance, like elegant code, stems from a deep understanding of the system’s internal workings. The pursuit of a secure AI ecosystem, therefore, necessitates a holistic approach, mirroring the dedication and intrinsic motivation of skilled developers.

Where Do the Cracks Appear?

The AiAuditTrack framework rightly addresses the escalating need for accountability within increasingly complex AI ecosystems. Yet, systems break along invisible boundaries – if one cannot see them, pain is coming. The current iteration, focused on interaction trajectories and blockchain immutability, assumes a level of standardized logging and data integration that presently exists more in aspiration than reality. The true challenge lies not simply in recording interactions, but in establishing a universally accepted, machine-readable definition of what constitutes a meaningful interaction, and then ensuring consistent application across diverse AI architectures.

Future work must concentrate on defining these structural boundaries. Decentralized identity, while promising, relies on the integrity of underlying verification mechanisms – a single point of failure, however well-guarded, can unravel the entire system. A more holistic approach demands investigation into formal methods for verifying the completeness of the audit trail itself – not just its immutability, but its fidelity to the actual AI decision-making process.

Ultimately, the longevity of AiAuditTrack, or any similar framework, will depend on its ability to anticipate, rather than merely react to, the inherent fragility of interconnected systems. The elegance of a solution is measured not by its complexity, but by its capacity to reveal, and reinforce, the fundamental simplicity beneath the surface.

Original article: https://arxiv.org/pdf/2512.20649.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/