Regulatory Compliance

Trust frameworks face unprecedented challenge as AI complicates identity and supply chains in 2025

Tuesday, 16 December 2025 3:30PM UTC

In 2025, fractured trust across digital infrastructure forces organisations to rethink assurance strategies amid AI-driven impersonation, credential sprawl, and evolving threat landscapes, prompting a shift towards verifiable architectures and cryptographic safeguards.

Trust fractured across multiple layers of the digital stack in 2025, exposing the limits of long‑standing trust frameworks and forcing security teams to reimagine how assurance is established and withdrawn. According to the original report, credential sprawl, session hijacking and AI‑driven impersonation eroded traditional identity signals, turning routine access into a persistent risk that defenders had to evaluate in real time. ^[1]

What emerged from the year’s turmoil was a practical shift: organisations began treating incidents as a baseline expectation rather than anomalies to be avoided. Cando Wango told the roundtable that “shadow AI and autonomous agents are forcing organisations to assume incidents rather than hope to prevent them,” framing resilience as a visible business differentiator and driving demand for auditable proof of readiness rather than self‑attested posture. That change aligns with academic work proposing trust‑native architectures that bake verification into agent infrastructure rather than layering oversight on afterwards. ^[1]^[4]

Identity proved the recurring hinge point. Aaron Painter warned that “Zero Trust still depends on recognizing who is asking for access,” reflecting a consensus that stronger identity assertion and recovery must precede any trustworthy access model. Industry voices at the roundtable and subsequent research both stress cryptographic and hardware‑backed mechanisms, continuous validation of machine identities, and lifecycle controls for keys and certificates to prevent attackers from exploiting automated trust decisions. ^[1]^[4]

AI amplified both the problem and the possible solutions. Several participants described AI as “the sword and the shield,” noting rapid weaponisation of generative tools alongside their defensive utility. Academic proposals such as BlockA2A and TrustTrack map directly to these concerns: decentralised identifiers and blockchain‑anchored ledgers for immutable audit trails, smart contracts for dynamic access control, and embedded policy commitments and tamper‑resistant behavioural logs to make agent behaviour verifiable at runtime. Together they point toward systems that can attest who an agent is and what it did without relying solely on vendor declarations. ^[1]^[2]^[4]

Software and AI supply chains also moved from peripheral risk to primary attack surface. Roundtable participants highlighted SBOMs becoming routine in CI pipelines and the need to extend that concept into AI workflows; recent scholarship introduces TAIBOM, a tailored “SBOM for AI” that propagates integrity statements and provenance across heterogeneous pipelines. Practical adoption hinges on making these provenance signals part of continuous delivery and anomaly detection so that components that appear out of band can trigger verifiable alarms. ^[1]^[3]

Trust metrics are shifting from paper to cryptography and runtime enforcement. The roundtable emphasised that documentation alone, SBOMs, model cards, policy statements, does not equal control. New research on verifiable SLA claims shows how trusted hardware monitors and zero‑knowledge proofs can turn machine‑readable promises into cryptographic attestations, enabling parties to prove compliance or violations without exposing sensitive telemetry. The lesson for defenders is clear: build enforcement and proof into the execution path, not into post‑hoc reports. ^[1]^[5]

Governance and accountability remain the social half of the problem. Several contributors argued that oversight groups without clear ownership fail in crisis, and that legal and regulatory regimes lag technical capability. A socio‑technical perspective on public trust in generative AI reinforces this: trust is produced by networks of actors, not by isolated artefacts, and operationalising responsibility across builders, deployers and agents will be a legal and organisational challenge in 2026. ^[1]^[6]

Practically, progress will come from compositional change: embedding verification into agent infrastructure, extending SBOM principles to AI components, and deploying cryptographic monitors that create auditable, privacy‑preserving proofs of behaviour. According to the original report, organisations that defined control responsibilities early and instrumented change paths held up best; the emerging academic frameworks offer concrete mechanisms to operationalise those lessons at scale. ^[1]^[2]^[3]^[4]^[5]

The transition will not be instantaneous. Roundtable contributors urged caution against fear‑driven testing that misses real‑world adversary techniques and stressed the need for human judgement layered over automation. As the sector moves into 2026, the combination of governance, verifiable runtime controls and transparent supply‑chain provenance will determine whether trust becomes a resilient guarantee or an increasingly fragile assumption. ^[1]^[6]

📌 Reference Map:

##Reference Map:

^[1] (LastWatchdog , Byron V. Acohido) - Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 4, Paragraph 5, Paragraph 6, Paragraph 8, Paragraph 9
^[2] (arXiv , BlockA2A) - Paragraph 4, Paragraph 9
^[3] (arXiv , TAIBOM) - Paragraph 5, Paragraph 9
^[4] (arXiv , TrustTrack) - Paragraph 2, Paragraph 4, Paragraph 9
^[5] (arXiv , verifiable SLA proofs) - Paragraph 6, Paragraph 9
^[6] (Springer , socio‑technical trust in generative AI) - Paragraph 7, Paragraph 9

Source: Noah Wire Services

More on this

https://www.lastwatchdog.com/lw-roundtable-part-4-trust-frameworks-on-trial-and-the-push-toward-verifiable-systems/ - Please view link - unable to able to access data
https://arxiv.org/abs/2508.01332 - The paper introduces BlockA2A, a unified multi-agent trust framework designed to address security vulnerabilities in large language model-driven multi-agent systems. It employs decentralized identifiers for agent authentication, blockchain-anchored ledgers for immutable auditability, and smart contracts for dynamic access control. The framework aims to eliminate centralized trust bottlenecks, ensure message authenticity, and provide accountability across agent interactions. Additionally, a Defense Orchestration Engine is proposed to actively neutralize attacks through real-time mechanisms, including Byzantine agent flagging and instant permission revocation. Empirical evaluations demonstrate BlockA2A's effectiveness in neutralizing various multi-agent system attacks, with sub-second overhead, enabling scalable deployment in production environments. ([arxiv.org](https://arxiv.org/abs/2508.01332?utm_source=openai))
https://arxiv.org/abs/2510.02169 - The paper presents TAIBOM, a novel framework extending Software Bills of Materials (SBOM) principles to the AI domain. TAIBOM provides a structured dependency model tailored for AI components, mechanisms for propagating integrity statements across heterogeneous AI pipelines, and a trust attestation process for verifying component provenance. It aims to support assurance, security, and compliance across AI workflows, highlighting its advantages over existing standards such as SPDX and CycloneDX. This work lays the foundation for trustworthy and verifiable AI systems through structured software transparency. ([arxiv.org](https://arxiv.org/abs/2510.02169?utm_source=openai))
https://arxiv.org/abs/2507.22077 - The paper introduces TrustTrack, a protocol that embeds structural guarantees—verifiable identity, policy commitments, and tamper-resistant behavioral logs—directly into agent infrastructure, enabling a new systems paradigm: trust-native autonomy. By treating compliance as a design constraint rather than post-hoc oversight, TrustTrack reframes how intelligent agents operate across organizations and jurisdictions. The protocol design, system requirements, and use cases in regulated domains such as pharmaceutical R&D, legal automation, and AI-native collaboration are presented. The paper argues that the Cloud -> AI -> Agent -> Trust transition represents the next architectural layer for autonomous systems. ([arxiv.org](https://arxiv.org/abs/2507.22077?utm_source=openai))
https://arxiv.org/abs/2510.13370 - The paper introduces a framework for generating verifiable Service Level Agreement (SLA) violation claims through trusted hardware monitors and zero-knowledge proofs, establishing cryptographic foundations for genuine trustworthiness in service ecosystems. The approach starts with machine-readable SLA clauses converted into verifiable predicates and monitored within Trusted Execution Environments. These monitors collect timestamped telemetry, organize measurements into Merkle trees, and produce signed attestations. Zero-knowledge proofs aggregate Service-Level Indicators to evaluate compliance, generating cryptographic proofs verifiable by stakeholders, arbitrators, or insurers in disputes, without accessing underlying data. This ensures three security properties: integrity, authenticity, and validity. The prototype demonstrates linear scaling up to over 1 million events per hour for measurements with near constant-time proof generation and verification for single violation claims, enabling trustless SLA enforcement through cryptographic guarantees for automated compliance verification in service monitoring. ([arxiv.org](https://arxiv.org/abs/2510.13370?utm_source=openai))
https://link.springer.com/article/10.1007/s13347-025-00974-6 - The article discusses the importance of public trust in generative AI systems and proposes a network approach to understanding and fostering this trust. It emphasizes the need for a socio-technical perspective, integrating actor-network theory to analyze the relationships and dynamics that influence trust in AI technologies. The authors argue that building public trust requires a comprehensive understanding of the various actors involved, their interactions, and the broader societal context. The paper suggests that such an approach can inform the development of more trustworthy AI systems and guide policy and regulatory decisions. ([link.springer.com](https://link.springer.com/article/10.1007/s13347-025-00974-6?utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative appears to be original, with no evidence of prior publication. The Last Watchdog is a reputable organisation, and the article is dated December 16, 2025, indicating recent content. The inclusion of recent academic references from 2025 supports the freshness of the information. However, the article's focus on 2025 events suggests it may be summarising ongoing developments, which could lead to rapid changes in the field. Therefore, while the content is current, the rapidly evolving nature of AI governance may affect its long-term relevance.

Quotes check

Score: 9

Notes: The quotes attributed to Cando Wango and Aaron Painter are not found in prior publications, indicating they are original to this narrative. The wording of the quotes matches the context of the article, with no significant variations or discrepancies. This suggests the quotes are authentic and have not been reused from other sources.

Source reliability

Score: 8

Notes: The Last Watchdog is a reputable organisation known for its in-depth analysis of cybersecurity and AI-related topics. The article is well-researched, citing recent academic papers and industry reports, which enhances its credibility. However, the reliance on a single source for the quotes from Cando Wango and Aaron Painter means their statements cannot be independently verified, which slightly lowers the reliability score.

Plausibility check

Score: 7

Notes: The claims made in the narrative align with current discussions in AI governance, such as the emphasis on verifiable systems and the integration of trust frameworks. The references to recent academic papers from 2025 support the plausibility of the information. However, the article's focus on specific individuals and proprietary frameworks like BlockA2A and TrustTrack, which are not widely recognised, raises questions about their authenticity and applicability. Additionally, the rapid evolution of AI governance means that some of the proposed solutions may already be outdated or superseded by newer developments.

Overall assessment

Verdict (FAIL, OPEN, PASS): OPEN

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The narrative presents original content with recent references, indicating a high level of freshness. The quotes appear authentic, and the source is reputable. However, the reliance on specific, lesser-known frameworks and the rapidly evolving nature of AI governance introduce uncertainties regarding the long-term relevance and applicability of the information. Therefore, while the article provides valuable insights, its conclusions should be interpreted with caution, and further verification is recommended as the field develops.

Cybersecurity
AI
Trust frameworks