Output Integrity & Supply Chain

Groundedness or hallucination checks are applied to outputs that make factual claims. Ungrounded or unverifiable claims are flagged, filtered, or annotated per policy.

Outputs claiming to cite source material are checked for groundedness in the cited source. Ungrounded or unverifiable claims are flagged, filtered, or annotated per the organization's policy. Hallucination detection techniques are documented, and detection rates are measured. This is the first line of defense against the most visible failure mode of deployed AI agents.

Content safety filters are applied to outputs, covering harmful content, harassment, illegal content, and other categories defined in the Behavior Charter.

Outputs are passed through safety filters appropriate to the deployment context. Filters cover harmful content, harassment, illegal content, and any additional categories defined in the agent's Behavior Charter. Filter configuration is documented, and filter effectiveness is measured. False negatives are treated as findings; false positives are tracked and tuned.

PII and secrets leakage detection is applied to outputs. The agent does not disclose credentials, internal system information, other users' data, or other sensitive information.

Outputs are scanned for PII, credentials, internal system information, and other sensitive data that should not be disclosed. The agent does not leak secrets, other users' data, or internal implementation details in its outputs. This control is the output-side complement to DAT-03's input-side PII handling and is critical for preventing data breaches through agent outputs.

Citation and provenance are provided where outputs are sourced from retrieval. Any factual claim drawn from retrieved content is traceable to its source.

Outputs that reference external information carry citations to their source. Any factual claim drawn from retrieved content is traceable to the specific source document, enabling the recipient to verify the claim independently. Citation quality is measured as part of groundedness checks under OUT-01.

A model provider inventory is maintained, identifying which foundation models are in use for which agents, under which contractual terms, and with what data-use commitments.

The organization maintains a current inventory of all model providers used across its agent estate. For each provider-agent relationship, the inventory records the model version, contractual terms, data-use commitments, and any restrictions on use. This inventory is the foundation for supply-chain risk management and is referenced by OUT-09 and OUT-12.

A third-party integration inventory is maintained (MCP servers, plugins, tool providers, vector databases, embedding providers, external agents). Each integration carries a documented risk assessment.

Beyond model providers, the organization maintains an inventory of all third-party integrations — MCP servers, plugins, tool providers, vector databases, embedding providers, external agents. Each integration carries a documented risk assessment. This inventory is the supply-chain complement to the model provider inventory in OUT-05.

Third-party integrations are reviewed periodically for continued necessity, security posture, and contractual terms.

Third-party integrations identified in OUT-06 are reviewed at a documented cadence for continued necessity, security posture, and contractual terms. Integrations that are no longer needed are decommissioned. Integrations with degraded security posture trigger remediation or replacement. This ongoing review prevents integration sprawl and stale supply-chain risk.

Open-source dependencies are scanned for vulnerabilities and pinned to reviewed versions.

Open-source dependencies in the agent's codebase and infrastructure are scanned for known vulnerabilities and pinned to reviewed versions. Vulnerability findings are triaged and remediated within documented SLAs. Unpinned or unscanned dependencies are not permitted in production. This control applies standard software supply-chain hygiene to the agent context.

Vendor agreements with model providers and tool providers explicitly address training-data use, data residency, breach notification, model-update notification, and right to audit or attestation evidence.

Vendor agreements with model and tool providers explicitly address training-data use, data residency, breach notification, model-update notification, and right to audit or attestation evidence. These contractual requirements ensure that the organization's data protection, provenance, and change-management obligations can be met even when the underlying capability is provided by a third party.

Fairness metrics defined under SPC-09 are monitored in production. Material drift in disparity metrics triggers re-assessment under Domain 2 and the change-management process.

Fairness metrics established during pre-deployment evaluation under SPC-09 are monitored continuously in production. Material drift in disparity metrics — measured against documented thresholds — triggers re-assessment under Domain 2 and the change-management process under GOV-05. This control ensures that fairness is not a one-time gate but a continuous obligation.

Where regulation or contract requires disclosure of AI-generated or AI-modified content, watermarking, or provenance signaling (e.g., C2PA), the requirements are honored. Disclosure is auditable.

Where regulation or contract requires disclosure of AI-generated or AI-modified content, the organization honors those requirements through watermarking, provenance signaling (e.g., C2PA), or explicit disclosure. The disclosure mechanism is auditable — an assessor can verify that required disclosures are being made and that the mechanism has not been circumvented.

Foundation models in use are pinned to specific versions where the provider supports pinning. Provider-pushed model updates are tested before release to production traffic.

The agent operates against pinned model versions; upstream model changes go through change management. Provider-pushed model updates are tested against the standing evaluation set (SPC-07) and the behavior baseline (SPC-06) before release to production traffic. Material deltas are treated as material change under GOV-05. This control prevents silent model updates from changing agent behavior without oversight.

Where the agent makes or materially influences a consequential decision affecting an individual, an explanation of the basis for that decision is producible on request, in a form intelligible to the affected person.

Where the agent makes or materially influences a consequential decision affecting an individual, an explanation of the basis for that decision is producible on request, in a form intelligible to the affected person. Explanations are supported by logging under MON-01 and DAT-13. This control operationalizes the right to explanation present in multiple regulatory frameworks.

A documented process allows affected individuals to contest or appeal a consequential agent decision and to obtain human review. The process is published in user-facing terms.

A documented process allows affected individuals to contest or appeal a consequential agent decision and to obtain human review. The process is published in user-facing terms and tracked through the human review queue (MON-05). This control ensures that agent decisions are not final — that a human path exists for individuals who believe they have been treated unfairly or incorrectly.