The end-to-end set of deny-by-default gates that make AI-authored output verifiable: source substantiation, shape-only disclosure, and per-artifact provenance.
How it works
Deny-by-default gates sit between an AI author and a shipped artifact: every claim must trace to a substantiated source, every disclosure stays at a shape level rather than reproducing the underlying method, and every artifact carries its own provenance record. A failure on any one link blocks the artifact rather than letting it through. The gates run in sequence and the chain's contract is its order: a source-substantiation pass is not a license to skip shape-only, and shape-only is not a license to skip provenance.
Why it matters
The chain validates compliance with its gates, not the truth of its content. A piece that clears every link can still be wrong on a dimension no gate checks: structural gates pass on rules they can articulate, and an editorial gate (a manual sweep) admits exceptions a structural gate would not. Every link also adds write-time friction the reader may never inspect: the trade is author velocity for trust evidence that earns its place only when a reader needs to verify. The chain raises the floor; it does not lift the ceiling.
In practice
An AI-authored page is held at sequential gates. A claim without a cited source fails the substantiation gate. Prose that reproduces a method below the shape line fails the disclosure gate. An artifact missing its provenance block fails the provenance gate. Missing any one of the gates blocks publication; passing every gate says the page met the chain's contract, not that the page is right on every fact the gates do not cover.
Practical considerations
A useful diagnostic test for any link in the chain: can a violation on the rule that link is supposed to enforce reach published output if the human reviewer is asleep? If the answer is yes, that link is editorial (fail-open by default) rather than structural (fail-closed). The categorization is operational, not aspirational: structural examples are a literal denylist that hard-fails the build, a frontmatter validator that refuses a draft missing required fields, and a citation validator that hard-fails when a required sources block is missing or unparseable; editorial examples are a manual sweep for tone, a review queue with no documented service-level commitment, and a manual approval with no documented blocking criterion. The chain ships only what every gate admits, so violations on an editorial gate's own rule class pass through regardless of how many structural gates run upstream; the chain is editorial overall on every rule any single editorial gate owns. The remediation is rarely "try harder at the editorial gate"; it is to redesign the editorial link as a structural one, or to acknowledge that the chain at that rule class is a recommendation rather than a check.
Related standards and prior art
- NIST AI 600-1 (Generative AI Profile) · 2024-07-26 · (canonical framework) addresses content provenance for generative AI; the authoring-verification framing here is distinct
Defined by Ready Solutions AI