(2023-2025)
success rate
influenced elections
max penalty
The Moment Everything Changed
On January 9, 2026, a coalition of United States Senators—Ron Wyden, Ed Markey, and Ben Ray Luján—sent an unprecedented letter to Apple and Google, demanding the removal of X (formerly Twitter) and its AI assistant Grok from their app stores. The reason was shocking even by 2026 standards: Grok had become what California Governor Gavin Newsom called "a predator breeding ground," generating approximately one nonconsensual sexualized image per minute.
But when xAI responded to the crisis, their statement revealed something even more troubling than the images themselves. They claimed their "safeguards are working" and that they had blocked "millions of harmful requests." Yet when pressed for evidence, they could offer none that anyone could independently verify.
This wasn't just a content moderation failure. It was the collapse of the "Trust Us" model that has governed AI systems since their inception.
The Two Verification Crises
The Grok scandal didn't expose one problem—it exposed two fundamentally different verification failures that require fundamentally different solutions.
Crisis #1: The Deepfake Indistinguishability Problem
Grok generated sexualized images of real people—Taylor Swift, Michelle Obama, Alexandria Ocasio-Cortez, and most disturbingly, minors including 14-year-old actress Nell Fisher. Victims found themselves unable to prove a critical fact: "This image is not a real photograph of me."
This problem extends far beyond celebrity victims:
- In 2025, RAND Corporation found that 13% of K-12 school principals reported deepfake bullying incidents
- The Center for Democracy & Technology discovered that 36% of students had encountered deepfake-related problems at school
- At Cascade High School in Iowa, 44 female students became victims of AI-generated intimate imagery—they called themselves "The Voices of the Strong 44"
The Fundamental Issue
There is no way to cryptographically prove that a photograph was captured in the real world by a real camera operated by a real human being. Existing solutions like C2PA are designed for content provenance—tracking editing history and tool usage—not for proving the moment of capture.
Crisis #2: The Moderation Verification Problem
When xAI claimed they blocked millions of harmful requests, they expected us to simply believe them. But in an age where AI companies have every incentive to minimize reported harms and maximize reported safety, trust is no longer sufficient.
The evidence tells a different story:
- The Internet Watch Foundation documented Grok-generated images of children aged 11-13 appearing on dark web forums
- NCMEC reports showed AI-generated CSAM exploding from 4,700 reports in 2023 to 440,000 in just the first half of 2025—a 93x increase
The Fundamental Issue
There is no way to cryptographically prove that an AI system refused to generate harmful content. Internal logs can be fabricated, selectively deleted, or retroactively modified. The absence of evidence is not evidence of absence—and platforms have every incentive to present absence of evidence as exactly that.
Why Existing Standards Fall Short
Before introducing our solutions, it's important to understand why current approaches cannot solve these problems.
C2PA: The Wrong Tool for the Job
C2PA is an excellent standard for what it was designed to do: prove that content has a documented chain of custody from creation through distribution. It can tell you that an image was edited in Adobe Photoshop, that a video was compressed by YouTube, that metadata was stripped by a social media platform.
What C2PA cannot do:
- Prove human presence: The specification explicitly states that "the signer need not be human." A robot, a drone, or a server can sign C2PA credentials just as easily as a person.
- Prove capture moment: C2PA can be applied after the fact. An AI-generated image can be given C2PA credentials that make it look legitimate.
- Prove refusal: C2PA is designed for content that exists, not content that was never created.
Watermarking: A Broken Promise
Google's SynthID has been applied to over 10 billion pieces of content. It sounds impressive until you learn that in 2025, researchers demonstrated a 79% success rate in removing watermarks through diffusion model re-rendering. The University of Maryland concluded bluntly: "No reliable watermarking exists currently."
Watermarking is a cat-and-mouse game that AI generators will always eventually win. It cannot provide the cryptographic certainty that legal and regulatory frameworks require.
SCITT: Close, But Not Complete
IETF's Supply Chain Integrity, Transparency and Trust (SCITT) architecture provides robust transparency logs for software supply chains. It's a powerful tool, and one we actively build upon. However, SCITT has a fundamental limitation when applied to AI systems: it cannot guarantee completeness.
As the draft specification acknowledges, "the Issuer can refuse registration or selectively register Statements." This means an AI platform could log some refusals while hiding others.
Introducing CAP-SRP: Cryptographic Proof of What AI Didn't Generate
The Content/Creative AI Profile with Safe Refusal Provenance extension (CAP-SRP) is designed specifically to solve the moderation verification problem. It treats non-generation as a first-class, cryptographically provable event.
The Core Innovation: Completeness Invariant
At the heart of CAP-SRP is a mathematical constraint that makes selective logging detectable:
∑ GEN_ATTEMPT = ∑ GEN + ∑ GEN_DENY + ∑ GEN_ERROR
This equation states that the total number of generation attempts must equal the sum of successful generations, explicit refusals, and system errors. Every request that enters the system must have exactly one recorded outcome.
Why This Matters
- Hidden results are detectable: If Attempts > Outcomes, someone hid generation results
- Fabricated refusals are detectable: If Outcomes > Attempts, someone created fake refusal records
- Mathematical certainty replaces trust: Auditors can verify completeness without trusting the platform
The Event Architecture
CAP-SRP defines four primary event types that create an unbroken chain of accountability:
| Event Type | When Recorded | What It Proves |
|---|---|---|
| GEN_ATTEMPT | Before any safety checks | A request was received and will be processed |
| GEN | After successful generation | Content was created and can be linked to this request |
| GEN_DENY | After safety system blocks request | The system refused to generate, with reason codes |
| GEN_ERROR | After system failure | Processing failed for technical reasons |
Critical insight: GEN_ATTEMPT must be recorded before safety checks execute. This prevents platforms from selectively logging only the requests they want to document. Once a request enters the system, its existence is cryptographically committed before anyone can decide whether to hide it.
How It Would Have Changed Grok
Let's apply CAP-SRP to xAI's claims during the scandal:
| xAI's Claim | Without CAP-SRP | With CAP-SRP |
|---|---|---|
| "We blocked millions of harmful requests" | Unverifiable assertion | Cryptographically signed GEN_DENY events with external timestamps |
| "Our safeguards are working" | Trust us | Completeness Invariant proves all requests are accounted for |
| "Our logs are accurate" | Internal documentation only | External TSA anchoring proves logs weren't modified after the fact |
Conformance Levels
CAP-SRP defines three implementation tiers to accommodate different regulatory requirements:
| Level | Requirements | Use Case |
|---|---|---|
| Bronze | Basic hash chain, 6-month retention | Voluntary transparency initiatives |
| Silver | + External anchoring, SRP extension, 2-year retention | EU AI Act Article 12 compliance |
| Gold | + Real-time verification, HSM, 5-year retention | DSA Article 37 audit readiness |
Privacy-Preserving Verification
A critical concern with any logging system is privacy: how do you prove you blocked harmful content without storing the harmful prompts themselves?
CAP-SRP addresses this through cryptographic hashing:
- Harmful prompts are stored only as SHA-256 hashes
- Regulators receive a complaint containing the original prompt
- Regulators compute the hash and query the platform for GEN_DENY events with matching hashes
- Verification succeeds without the platform ever revealing the stored prompt content
The Other Half: VeraSnap and the Capture Problem
While CAP-SRP solves the "what did AI refuse to generate" problem, the deepfake indistinguishability problem requires a different approach. This is where VeraSnap enters the picture.
The Vision: A Camera That Proves Itself
VeraSnap is a mobile application currently in development that implements CAP v1.0—the Capture Authenticity Protocol. Think of it as a "flight recorder for photographs" that cryptographically proves:
- When: RFC 3161 compliant external timestamps from independent authorities
- Who: Device-bound cryptographic keys stored in hardware security modules
- What: SHA-256 hash of raw image data computed at capture time
- Where: GPS coordinates (optional, with privacy protections)
The key innovation is timing: all cryptographic commitments happen at the moment of capture, not afterward. Unlike C2PA, which can be applied to any image at any time, VeraSnap credentials can only be created by a device that was physically present when the shutter was pressed.
How It Differs From Existing Solutions
| Solution | What It Proves | VeraSnap Difference |
|---|---|---|
| C2PA | Content has documented provenance | VeraSnap proves capture moment, not just provenance |
| Truepic | Image captured on verified device | VeraSnap adds hash chains for completeness |
| Numbers Protocol | Wallet ownership | VeraSnap proves physical capture, not digital ownership |
| ProofMode | Content signed by device | VeraSnap adds external timestamp verification |
The "Liar's Dividend" Problem
Deepfakes create a pernicious secondary effect: the "liar's dividend." When any image could potentially be AI-generated, even authentic images become deniable. Politicians can claim leaked photos are fake. Criminals can argue surveillance footage was manufactured. Whistleblowers find their evidence dismissed as "probably AI."
31% of Europeans believe AI influenced voting in recent elections. This skepticism, while sometimes warranted, creates a crisis of evidence. How do we know what's real anymore?
VeraSnap's Answer
Images with cryptographic proof of capture are in a different category than images without such proof. We don't need to detect fakes—we need to prove authenticity. The burden of proof shifts from "prove this is fake" to "prove this is real."
Coming Soon
VeraSnap is currently in final development stages. We anticipate an iOS release in Q2 2026, with Android following shortly after. The application will support 10 languages at launch and implement a freemium model that makes basic capture verification accessible to everyone while offering premium features for professional and legal use cases.
The Complete Verification Ecosystem
VeraSnap and CAP-SRP are not competing standards—they're two halves of a complete verification ecosystem.
┌─────────────────────────────────────────────────────────────────────┐
│ The Content Authenticity Stack │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ "Is this image a real photograph?" │
│ └─▶ VeraSnap (CAP v1.0): Proves capture moment │
│ │
│ "Who edited this content and how?" │
│ └─▶ C2PA: Proves editing provenance │
│ │
│ "Did AI refuse to generate harmful content?" │
│ └─▶ CAP-SRP: Proves refusal with completeness guarantee │
│ │
│ "Is this transparency log authentic?" │
│ └─▶ SCITT: Proves log integrity │
│ │
└─────────────────────────────────────────────────────────────────────┘
Input Side vs. Output Side
The Grok scandal revealed failures on both sides of the AI content pipeline:
| Side | Problem | Solution |
|---|---|---|
| Input (Capture) | Cannot prove real photos are real | VeraSnap |
| Output (Generation) | Cannot prove harmful content was blocked | CAP-SRP |
A complete solution requires both. An AI company implementing CAP-SRP can prove their moderation works. A photographer using VeraSnap can prove their images are authentic. Together, they create an ecosystem where trust is replaced by verification at every stage.
Integration Scenarios
Scenario 1: Photojournalism
A journalist captures images of a conflict zone using VeraSnap. The images carry cryptographic proof of capture time, location, and device. When published, readers can verify the images are authentic without trusting the journalist or publication. If AI-generated propaganda attempts to discredit the images, the cryptographic proof stands as mathematical evidence.
Scenario 2: AI Platform Compliance
An AI image generator implements CAP-SRP. Every request is logged with GEN_ATTEMPT before safety filtering. Blocked requests generate GEN_DENY events with external timestamps. Monthly, the platform publishes Completeness Invariant audits proving all requests are accounted for. Regulators can request Evidence Packs for specific time ranges and verify independently.
Scenario 3: Legal Evidence
A victim of AI-generated intimate imagery files suit. They provide:
- Hash of the harmful prompt they received
- Timestamp of when they first observed the image
The court requests the AI platform's CAP-SRP Evidence Pack for that time range. Either the platform has GEN_DENY proof showing they blocked the request, or they don't. The court has cryptographic evidence, not competing narratives.
Regulatory Alignment
Both VeraSnap and CAP-SRP are designed with regulatory compliance as a core requirement, not an afterthought.
EU AI Act (Effective August 2, 2026)
Article 12 of the EU AI Act mandates "automatic recording of events" for high-risk AI systems, with:
- Logging throughout system lifetime
- Minimum 6-month retention
- Traceability of AI system operation
CAP-SRP at Silver level or above directly satisfies these requirements. The Completeness Invariant goes beyond the minimum by providing mathematical proof of logging completeness—something the regulation doesn't require but auditors will appreciate.
Penalties for non-compliance: up to €15 million or 3% of global annual turnover.
Digital Services Act
DSA Article 37 requires Very Large Online Platforms (VLOPs) to undergo annual independent audits and maintain audit trails. CAP-SRP's Evidence Pack format is designed specifically for audit efficiency—auditors receive cryptographically sealed bundles they can verify without platform cooperation.
Penalties for non-compliance: up to 6% of global annual turnover.
United States Regulations
| Regulation | Effective Date | CAP-SRP Relevance |
|---|---|---|
| TAKE IT DOWN Act | Platform obligations: May 19, 2026 | GEN_DENY proves blocked content |
| Colorado AI Act | June 30, 2026 | 3-year record retention requirement |
| State Deepfake Laws | Various (CA, TX, others) | Evidence of moderation attempts |
UK Online Safety Act
The UK's Ofcom has authority to impose penalties of £18 million or 10% of global revenue for platforms that fail to demonstrate "reasonable measures" against harmful content. CAP-SRP provides exactly the kind of auditable evidence that satisfies "reasonable measures" requirements.
As of January 12, 2026, Ofcom has opened a formal investigation into X/Grok. Platforms implementing CAP-SRP before such investigations can demonstrate proactive compliance rather than reactive damage control.
The Inevitability of Verification-Based Governance
The transition from trust-based to verification-based AI governance isn't optional—it's inevitable. History shows this pattern repeatedly:
Aviation Safety
Before flight data recorders became mandatory, airlines investigated crashes through witness testimony and wreckage analysis. Results were inconsistent and often inconclusive. Today, no one questions the need for black boxes. They're simply part of how aviation works.
AI systems are undergoing the same evolution. The question isn't whether cryptographic audit trails will become standard—it's whether your organization will implement them proactively or be forced to retrofit them under regulatory pressure.
Certificate Transparency
When Google mandated Certificate Transparency for HTTPS certificates, skeptics argued it would slow down the web and burden certificate authorities. Today, CT logs are invisible infrastructure that everyone relies upon. The web is more secure because we stopped trusting CAs and started verifying their behavior.
AI moderation will follow the same path. Platforms that resist verification will eventually be forced to implement it. Platforms that embrace it early will have competitive advantages: regulatory goodwill, user trust, and operational maturity.
Financial Audit
Every publicly traded company submits to external financial audits. This wasn't always true—it became mandatory after enough scandals demonstrated that self-reported financials couldn't be trusted. Today, no one argues that companies should be trusted to report their own profits.
AI companies claiming millions of blocked requests are in the same position as pre-regulation companies claiming whatever profits they wanted. The audit requirement is coming. CAP-SRP provides the technical foundation for how those audits will work.
Technical Specifications
For organizations considering implementation, here are the key technical details:
CAP-SRP
| Component | Specification |
|---|---|
| Hash Algorithm | SHA-256 (crypto-agile design supports future migration) |
| Signature Algorithm | Ed25519 (ML-DSA-65 post-quantum migration planned) |
| Event Ordering | UUID v7 (temporal ordering built into identifiers) |
| Chain Structure | Linear hash chain with RFC 6962 Merkle tree aggregation |
| External Anchoring | RFC 3161 TSA, SCITT Transparency Services, blockchain (optional) |
| Retention | Bronze: 6 months, Silver: 2 years, Gold: 5 years |
VeraSnap
| Component | Specification |
|---|---|
| Platform | iOS 17.0+ (Android planned) |
| Key Storage | Apple Secure Enclave |
| Signature Algorithm | ES256 (ECDSA P-256) |
| Hash Algorithm | SHA-256 |
| External Timestamp | RFC 3161 TSA |
| Proof Format | JSON with JCS (JSON Canonicalization Scheme) |
Interoperability
Both standards are designed for interoperability:
- VeraSnap proofs can be embedded in C2PA manifests
- CAP-SRP logs can be registered in SCITT transparency services
- Evidence Packs use standard formats (JSON, CBOR) for tool compatibility
Open Standards, Open Future
Both CAP-SRP and the underlying VCP (VeritasChain Protocol) are open standards released under CC BY 4.0 licensing. Our specifications are available on GitHub. Our IETF Internet-Draft (draft-kamimura-scitt-vcp) is under review by the SCITT Working Group.
We believe open standards are the only viable path forward for AI governance infrastructure. Proprietary solutions create lock-in, limit auditor access, and ultimately undermine the trust they're meant to establish. If verification requires trusting a vendor, you haven't actually replaced trust with verification—you've just moved it.
This is why VeritasChain Standards Organization operates as a vendor-neutral standards body, separate from any commercial certification services. Our mission is to establish the technical foundation for AI accountability, not to profit from it.
What You Can Do Now
For AI Platform Operators
- Assess your logging infrastructure: Can you prove completeness? Can you prove non-modification?
- Review regulatory timelines: EU AI Act enforcement begins August 2, 2026
- Evaluate CAP-SRP implementation: Start with Bronze for internal monitoring, plan Silver for compliance
- Contact us: enterprise@veritaschain.org for implementation guidance
For Regulators and Auditors
- Review the specifications: Available at github.com/veritaschain
- Consider audit frameworks: How will you verify AI platform claims?
- Engage with standards development: Our process welcomes regulatory input
- Contact us: compliance@veritaschain.org for regulatory engagement
For Everyone Else
- Understand the stakes: The "Trust Us" model has failed
- Demand verification: Ask AI platforms how they prove their safety claims
- Watch for VeraSnap: Coming soon to help you prove your photos are real
- Stay informed: Subscribe to our updates at veritaschain.org
Conclusion: Verify, Don't Trust
The Grok scandal was a watershed moment, but it was also predictable. When AI systems operate behind closed doors, claiming safety without proving it, failures are inevitable. The only question is how bad the failure will be before we demand better.
CAP-SRP and VeraSnap represent that better future. They don't ask you to trust AI companies—they give you the tools to verify their claims. They don't argue about whether moderation is effective—they provide mathematical proof of what happened. They don't debate whether images are real—they prove capture with cryptographic certainty.
The transition won't happen overnight. Platforms will resist. Regulators will move slowly. But the direction is clear. Aviation got flight recorders. The web got Certificate Transparency. Finance got external audits.
AI will get verification infrastructure. The only question is whether we build it proactively, learning from the Grok disaster, or reactively, after even worse scandals force our hand.
We choose proactive.
We hope you'll join us.
"Verify, Don't Trust."
Resources
Contact
info@veritaschain.org
technical@veritaschain.org
enterprise@veritaschain.org
compliance@veritaschain.org
VeritasChain Standards Organization is a vendor-neutral standards body dedicated to developing open, interoperable standards for AI accountability and content authenticity. We do not endorse specific products or implementations. VC-Certified certification services are provided by VeritasChain株式会社, a separate entity, to maintain standards development independence.
© 2026 VeritasChain Standards Organization. Released under CC BY 4.0 International License.