$100 Billion of AI Inference Runs on Blind Trust
Every AI model powering insurance pricing, fraud detection, and clinical decisions today produces outputs that no third party can independently verify. That era is ending.
The global economy now spends over $100 billion a year running AI models in production. None of that spend ships with a mechanism to prove that the model that was supposed to run is the model that actually ran, on the data it was supposed to see, the way it was supposed to compute.
When an insurance company uses AI to price a policy, the insurer trusts the vendor's output by default. When a bank runs an AI fraud check, the compliance team has no cryptographic evidence linking the model they audited last quarter to the model that scored the transaction this morning. When a health plan uses AI for prior authorization, there is no tamper-evident record connecting model, input, and decision.
For years this was an abstract concern, the kind of thing that lived in academic papers about “AI accountability.” In 2026 it is a concrete compliance problem with a date attached.
Four catalysts, one direction
Four converging pressures are turning “we should be able to verify this” into “we have to be able to verify this.” None of them is hypothetical, and none of them is going away.
High-risk AI systems in credit, insurance, healthcare, and HR must prove model correctness. Transparency obligations apply from August 2026; full Annex III compliance by December 2027. Product-embedded high-risk systems by August 2028. Penalties reach 7% of global revenue.
Broker-dealers must keep records of AI-driven decisions in non-rewriteable, non-erasable form. Over $2 billion in recordkeeping fines have been imposed since 2021 across more than 95 enforcement actions. Standard AI output logs do not meet the standard.
Adverse-action notices must trace to the exact model that produced the decision. Kistler v. Eightfold AI (N.D. Cal., filed January 2026) opened a new theory: AI hiring vendors may themselves be consumer reporting agencies, with statutory damages of $100 to $1,000 per willful violation against a database the vendor markets as covering “more than 1 billion people.”
The UnitedHealthcare nH Predict class action established that vendor AI systems used in benefits decisions are subject to discovery, depositions, and bad-faith claims. The legal cost of “we cannot reproduce what the model did yesterday” is no longer theoretical.
The structural problem
In every other domain where trust matters, financial auditing, clinical trials, legal discovery, certified product safety, we separate the entity doing the work from the entity verifying the work was done.
Auditors do not work for the company they audit. Clinical trial sites do not write their own efficacy reports. Notaries do not certify their own signatures. The separation is not bureaucratic. It is the only reliable way for a third party to act on the result.
The model provider runs the model. The model provider logs what happened. The model provider attests that the logs are accurate. Then we ask the regulator, the customer, the courtroom, to trust the model provider on all three.
That is the structural problem. Every downstream symptom, the audit failures, the missing receipts, the inability to reproduce yesterday's decision, the lawsuits where vendors cannot tell the court what their own model did, flows from it.
What comes next
The cryptographic primitives that would let us separate the executor from the verifier have existed for more than a decade. Zero-knowledge proofs, Merkle commitments, deterministic execution specifications, independent re-execution sampling. What did not exist was a regulatory environment that made the trust gap expensive enough to fix.
That environment now exists. The companies that build for verifiable AI before they are forced to will not be the ones reading regulatory fines in 2028. They will be the ones their competitors are trying to catch up to.