Building AI You Can Audit

Most of the excitement around AI is about what it can do. Almost none of it is about whether you can explain, after the fact, what it did and why. In a domain like medicine, that second question is not optional. It is the one that decides whether the technology is allowed anywhere near a real decision. A lot of our design work went into making sure the answer is always yes.

Accountability is a design decision, not a report

You cannot bolt accountability onto a system at the end. By then the information you would need is gone. It has to be built in from the first day, as a property of how the system runs, not a document you generate later.

In practice that means every meaningful action leaves a record, and that record is tamper-evident and append-only. You can add to it, but you cannot quietly rewrite it. So if anyone ever asks who accessed what, when, and how the system reached a given state, you can answer with evidence instead of assurances. The difference between "we believe" and "we can show you" is the entire game.

Guard the part that learns

I wrote elsewhere that the system improves by learning from expert feedback. That capability is powerful, and it is exactly the part that has to be locked down hardest.

A model that learns continuously is a model that can be shaped over time. If just anyone can influence what it learns, then the integrity of every future decision is only as good as the least careful person with access. So the pathway that can change the system is treated as the crown jewels. Only credentialed people and processes can reach it. Nothing is trusted simply because it is already inside. Behavior that looks wrong gets flagged. And all of it is logged.

That is not paranoia. It is the recognition that in a learning system, the training pathway is as sensitive as the data, and most people protect the data while leaving the learning wide open.

Why I think about it this way

This is my whole career pointed at a new problem. I have spent decades on a simple, unglamorous question: who can touch the thing that matters, and can you prove it afterward? Identity, least privilege, zero trust, audit trails. None of it is exciting at a dinner party. All of it is what separates a system you can defend from one you only hope is fine.

Bringing that discipline to AI feels overdue. We are rushing to deploy systems that make consequential decisions, and far too often the honest answer to "what happened and who influenced it" is a shrug. A shrug is not acceptable when the decision touches a patient.

The standard I hold

My test for any AI built for a serious setting is plain. When it is questioned, and it will be, can the system show what it did, who was involved, and that the right controls held the whole time? If it can, you have something people can actually trust. If it cannot, no amount of accuracy makes up for it.

That standard is the part of this invention that comes most directly from me. The diagnostic idea is elegant. The fact that you can audit it is what makes it usable.