Methods · Provenance · Decision integrity
The evidence boundary is the product
An intelligence system is trustworthy only when it shows not merely what it found, but what it searched, what it missed, which claims the sources support, where sources conflict and where the conclusion stops.
Executive judgement
The central failure mode of AI research is not always fabrication. It is unjustified confidence. A fluent synthesis can contain individually correct statements while giving the reader a false impression of completeness, causality or consensus. Citations alone do not solve this. A source can be reputable yet irrelevant to the precise claim; a citation can support one sentence but not the conclusion built around it; ten sources can all repeat the same upstream report.
The strategic answer is to make the evidence boundary a first-class output. Every consequential synthesis should expose the searched universe, retrieval time, inclusion logic, claim-level support, source independence, conflicts, freshness and unresolved unknowns. The system should distinguish direct evidence from inference and inference from assumption. When coverage or support falls below a declared threshold, it should fail closed or visibly downgrade the conclusion.
Evidence
The W3C PROV family supplies a useful conceptual base. PROV-O represents entities, activities and agents and the relations among them: what was generated, what it was derived from, who or what acted and when. PROV-AQ addresses how provenance can be accessed and discovered. Applied to intelligence, the answer is an entity; crawling, extraction and synthesis are activities; sources, models and reviewers are agents or attributed entities. This makes provenance queryable rather than decorative.
NIST’s AI Risk Management Framework adds lifecycle governance. Its Govern, Map, Measure and Manage functions require context, measurement, accountability and continuing response. For an intelligence product, this means retrieval quality cannot be separated from governance. A model change, source outage or stale index can change the risk of the same user query. The system needs monitoring and an owner for those changes.
ISO 31000 frames risk management as integrated, structured and based on the best available information while recognising limitations and uncertainty. The phrase “best available” is important: perfect evidence is rarely available, but that does not license silent gaps. A decision can still proceed if limitations are explicit, proportionate and accepted by the appropriate authority.
Recent research on retrieval-augmented generation demonstrates another distinction: answer correctness and attribution faithfulness are not identical. A response may be correct by chance or by model knowledge while the cited passage does not entail it. Conversely, a faithful citation can support a claim that is outdated or strategically incomplete. Evaluation must therefore test both the quality of the conclusion and the relationship between each claim and its cited evidence.
Mechanism
A decision-grade pipeline begins before retrieval. The question must be decomposed into claims, time horizon, geography, affected actors and decision stakes. “What is happening in the global economy?” is not directly searchable at adequate resolution. It contains growth, inflation, trade, finance, fiscal space, labour, commodities, distribution and geopolitical transmission mechanisms. The decomposition becomes a coverage contract.
The source catalogue is the next layer. It should retain references and metadata—authority, jurisdiction, topic, language, access method, update pattern and historical reliability—without needlessly mirroring the entire web. At query time, the system can fetch relevant current material across the catalogue. This supports smart local storage: persistent source knowledge and evidence hashes, transient source content where lawful and efficient, and retained extracts only when audit or licensing requirements justify them.
Retrieval must report its denominator. Saying “64 sources were consulted” is weak if the system does not show whether the catalogue contained 100 eligible sources or 40,000, how candidates were selected and which high-authority sources failed. Coverage is not the percentage of the internet crawled; that denominator is unknowable. It is the percentage of the declared, relevant source universe successfully evaluated under a documented selection method.
Extraction should preserve the smallest useful evidence unit: document identity, edition or timestamp, exact location, quoted or normalised proposition, retrieval time and content hash. Claims in the synthesis then point to those evidence units. This allows a verifier to distinguish a source that merely discusses a topic from one that supports the stated proposition.
Contradiction analysis operates at claim level. Two forecasts can disagree because of different publication dates, definitions, scenarios or genuine analytical conflict. The system should normalise those dimensions before labelling a contradiction. Where conflict remains, it should present the competing claims, relative authority, independence and decision consequence. Selecting one silently is synthesis without accountability.
Freshness is also claim-specific. A constitutional text may remain authoritative for years; a market price can become stale in seconds. Each source class therefore needs an expected update interval and each claim a freshness tolerance. The public answer should show the evidence cutoff and warn when a required source missed its expected update or could not be accessed.
Finally, an independent witness must test the result. The synthesising model cannot be the sole judge of its own citations. Verification should include deterministic checks—reachable URL, matching timestamp, distinct source count, section completeness—and semantic checks such as entailment, contradiction and material omission. High-consequence outputs require sampling by a separate model or control function with a different failure path.
Counterarguments
The first objection is that full provenance makes answers slow and unreadable. The trade-off is real but manageable. The interface can show a concise executive judgement first, then progressively disclose evidence, conflicts and method. Machine-readable provenance can sit behind the human view. Speed should be governed by a service level: for deep global research, ten minutes may be an excellent exchange for an inspectable result; for a live market query, the pipeline and evidence window must be narrower.
The second objection is that counting sources creates false rigour. Correct. Six derivative articles are not six independent witnesses. Source diversity should be measured by upstream origin, methodology, jurisdiction and incentive, not domain count alone. A minimum source count is a publication floor, not proof of adequacy.
The third objection is that revealing uncertainty weakens the product. In consequential intelligence the opposite is true. Hidden uncertainty transfers risk to the user. Calibrated uncertainty lets a decision-maker choose whether to act, seek more evidence, hedge or wait. The system becomes less theatrical and more useful.
The fourth objection is that no system can search every source on demand. That is also correct. “Global” must mean a maintained multilingual catalogue and defensible coverage across relevant source classes—not a literal claim to have read the whole web. The honest product advantage is measurable breadth plus an explicit boundary.
Scenarios
High agreement, strong coverage. Independent primary sources converge, required authorities were reached, claims are fresh and entailment checks pass. The portal can issue a high-confidence judgement while still recording residual uncertainty and future triggers.
High agreement, weak independence. Many publications repeat one press release or dataset. The interface should collapse derivatives into a single evidence lineage and lower the independence score. The conclusion may remain plausible, but consensus is not proven.
Material contradiction. Credible sources disagree after dates and definitions are aligned. The result should explain the competing mechanisms, identify what observation would discriminate between them and present decisions robust to either case. A single blended paragraph would destroy useful information.
Coverage failure. Key regulators, local-language sources or live datasets are inaccessible. The system should publish a bounded partial answer only if the user can see the missing classes and their likely effect. If the missing evidence could reverse the decision, publication should be blocked.
Uncertainties
No provenance model eliminates judgement. Relevance thresholds, authority rankings, independence grouping and materiality all encode choices. Automated entailment models also make errors, especially across languages, tables and conditional legal text. Those choices must be versioned, tested and open to challenge.
The web itself is unstable. Pages change, sources disappear, robots rules evolve and licensing can constrain retention. Content hashes and retrieval timestamps prove what the system observed, but not necessarily what every reader will see later. Durable high-stakes evidence may require licensed archives or retained extracts under an explicit policy.
There is also an unavoidable open-world problem: the system cannot prove that no unknown source would alter the conclusion. It can prove only that it searched a declared catalogue using a stated method and that specified coverage gates passed. That is a strong, auditable claim. “Everything is known” is not.
Decision framework
- Define the decision: specify who will act, by when, with what downside if the answer is wrong.
- Declare coverage: list required themes, jurisdictions, languages and source classes before searching.
- Record retrieval: preserve catalogue denominator, candidates, failures, timestamps, redirects and proxies.
- Build claim provenance: connect each material claim to precise evidence units and upstream lineage.
- Test support: verify entailment, freshness, authority and source independence separately.
- Surface conflict: normalise definitions and dates, then preserve unresolved disagreement.
- Calibrate confidence: combine evidence strength, coverage and contradiction; never infer confidence from fluency.
- Apply a publication gate: block outputs with missing critical evidence, false precision or unlabelled inference.
- Retain a witness package: store enough metadata, hashes and evaluation results to reproduce the judgement.
- Set refresh triggers: update when scheduled sources change, evidence expires or a decision-relevant event occurs.
Sources
- W3C — PROV-O: The PROV Ontology, provenance representation recommendation.
- W3C — PROV-AQ: Provenance Access and Query.
- NIST — Artificial Intelligence Risk Management Framework 1.0.
- NIST — AI RMF Core.
- ISO 31000:2018 — Risk management guidelines.
- Correctness is not Faithfulness in RAG Attributions, research preprint on citation faithfulness.