AI agents are increasingly being used to review code, summarize documents, analyze contracts, and answer questions. In many cases, the result itself matters less than its authenticity.
Suppose Alice wants to share an AI-generated security review with Bob. Bob wants to know that the review is exactly what a particular agent produced for a particular input.
In other words, Bob wants evidence that
output = Agent(input)
for a specific agent, model version, configuration, and input, without running the same inputs, and spending tokens and time.
Today, there is no standard way to prove this.
Trusted attestation
The simplest solution is to rely on a trusted authority.
An inference service—or an independent auditor—runs the agent and signs the result.
The certificate could contain:
Agent: OpenAI Code Security Review
Model: GPT-5.5
Agent version: v3
Input hash: SHA256(...)
Output hash: SHA256(...)
Timestamp: ...
Signature: ...
Anyone with the original input and output can verify the hashes and the signature. If they match, the output is authentic.
This does not prove that the model executed correctly. It proves that the trusted authority attests that it produced this output for this input.
For many applications, that is already enough. It is no different from trusting a software publisher's code signature or a Certificate Authority on the web.
AI providers, code hosting platforms, or independent auditors could all publish signed attestations for AI-generated artifacts.
Beyond trust
A stronger goal is to remove the trusted authority entirely.
Instead of relying on a signature, the inference itself would produce a cryptographic proof that the output is exactly the result of evaluating the specified model on the specified input.
Verification would no longer depend on trusting the service that performed the inference. Anyone could verify the proof independently.
This is an active area of research. Zero-knowledge proofs, zkVMs, and other verifiable computation techniques are making progress, but generating proofs for frontier AI models remains expensive.
Why it matters
Verifiable inference would make AI outputs much more useful.
A code review could be accompanied by proof that it was generated by a specific review agent. A legal analysis could be verified to have come from a particular model version. Researchers could cite AI-generated analyses with confidence that readers are seeing the original output.
Verifiable inference does not make models more accurate or more trustworthy. It simply preserves their provenance. Whatever confidence—or skepticism—you have in a model can be carried all the way to its outputs.
AI-generated content could become a first-class, verifiable artifact, much like signed software releases or digitally signed documents are today.
As AI becomes infrastructure, verifiable inference may become as fundamental as HTTPS or code signing.