
Who Audits the Auditor
In March 2026, OpenAI published a blog post about how they monitor their internal coding agents for misalignment. The system uses GPT-5.4 to review the chain-of-thought reasoning of their coding agents, flagging suspicious behavior. They analyzed tens of millions of agent trajectories. About 1,000 triggered moderate alerts, many from their own red-teaming. None were flagged as the highest risk tier.
Sounds reassuring, but OpenAI is using its own model to monitor its own agents, evaluating its own systems against its own criteria, and reporting its own results. There is no external verifier anywhere in this pipeline.
Concerningly, this is the default across the entire industry.
The Pattern
In April 2026, Anthropic published "Trustworthy agents in practice", a framework built on five principles: human control, value alignment, security, transparency, and privacy. The post is thoughtful. It acknowledges open problems, including that determining when agents should pause versus proceed is "one of the harder unsolved problems in agent development."
It is also entirely self-assessed. Anthropic defines the principles, Anthropic evaluates compliance, and Anthropic reports the results. There is no external audit, no third-party verification, no mechanism for anyone outside Anthropic to check whether these principles are being met in practice.
Six weeks before publishing that framework, Anthropic dropped its core safety commitment: the promise to pause training more powerful models if capabilities outstripped the company's ability to control them. The company said the industry had already blown through the guardrails the policy was designed to build consensus around. The trustworthy agents post does not reference this change. The two exist in separate universes on the same blog.
Same thing at the government level too. The US Department of Defense adopted AI Ethics Principles in 2020 and a Responsible AI Strategy in 2022. Both are self-assessed. No independent verification, no third-party audit, no mechanism to block deployment if a system fails to meet them.
OpenAI monitors OpenAI. Anthropic evaluates Anthropic. The DoD grades the DoD. The entity doing the thing is also the entity deciding whether the thing was done responsibly.
Why This Doesn't Work
This is not a new problem. We solved it in other industries decades ago.
Pharmaceutical companies don't approve their own drugs. The FDA exists because we learned, repeatedly, that self-assessment under commercial pressure produces exactly the outcomes you'd expect. Financial institutions don't audit their own books. Enron did that. Aircraft manufacturers don't certify their own planes. Boeing's 737 MAX showed what happens when the FAA delegates certification authority back to the manufacturer.
Self-assessment under competitive pressure will always give you meh results. It's just way too easy to make exceptions and grant leniency to yourself. Every company that finds a problem in its own system faces a choice: delay the product and absorb the cost, or define the problem narrowly enough that it doesn't block launch. Under quarterly earnings pressure, investor expectations, and a competitive race, the second option is favored every time.
This is the same prisoner's dilemma I wrote about in a previous essay. The structure rewards narrow self-assessment and punishes thorough self-assessment. The only way to break that dynamic is to take the assessment out of the hands of the entity being assessed.
What External Verification Could Look Like
There are two fundamentally different approaches to making AI trustworthy, and right now the industry is only pursuing one of them.
The first is interpretability: look inside the model and understand why it produced its output. This is Anthropic's big research bet (mechanistic interpretability) and DeepMind's Gemma Scope 2 tooling. The goal is to map the internal circuits of a model so you can see what it's "thinking." This is valuable safety research. But interpretability tells you why the model said something. It does not tell you whether what it said is true. And the people doing the interpreting are the same people who built the model.
The second is verification: check the output against external evidence, and create a cryptographic record that the check happened. This is closer to how auditing works in every other high-stakes industry. You don't need to understand the internal reasoning of an accountant to verify that the numbers on a balance sheet match the bank statements. You check the outputs against an external source of truth.
I built a prototype of this called Verifiable Claude. It takes model outputs, locks every claim into a Merkle tree, and runs each claim against external evidence with deterministic checks: URL validity, quote matching, entity consistency, source credibility, temporal accuracy. The cryptographic commitment means the claim can't be altered after the fact. The external evidence check means verification doesn't depend on the model evaluating itself.
This is a small prototype for a specific problem (factual claims). But the architecture points in a direction the industry is not going: verification that doesn't depend on the system being verified.
What's Actually Missing
The labs are publishing trust frameworks. Enterprises are deploying agents. And nearly 40% of agentic AI projects are being canceled, according to Gartner and MIT. If an agent gets it right 85% of the time on any given step, that sounds fine. But over a 10-step workflow, those errors compound. The whole thing only succeeds about 20% of the time. Trust frameworks built on principles don't help when the failure mode is compounding errors across sequential steps.
The industry needs external verification infrastructure that doesn't depend on the goodwill of the company being evaluated. Concretely:
Third-party model audits with blocking authority. Audits conducted by independent entities, with the authority to block deployment. Defense procurement does this for hardware. The AI models inside weapons platforms have been getting a pass.
Standardized external benchmarks for agent reliability. Anthropic's own trustworthy agents post calls for "standardized benchmarks for comparing agent systems" and "industry evidence-sharing practices." They are right. These don't exist yet. And they need to be maintained by independent bodies, not by the companies whose products are being benchmarked.
Cryptographic verification layers for high-stakes outputs. For AI systems making decisions that affect people's lives, the output should be checkable against external evidence with a tamper-proof record that the check occurred. The technology exists, but the infrastructure has yet to be built.
The Point
Every major AI lab is currently grading its own homework. They are doing it thoughtfully, with published frameworks and real internal effort. But the structure is the same one that failed in pharma before the FDA, in finance before independent auditing standards, and in aviation before third-party certification.
The AI industry's trust problem will not be solved by better self-assessment. It will be solved by external verification that the entity being evaluated does not control. The labs know this. Anthropic's own ethics essay argues for mandatory oversight. Their own agent framework calls for industry standards bodies. The gap is between what they're asking for and what they're currently doing, which is evaluating themselves.
Someone needs to build the auditor. And the auditor can't be the one being audited.