Require the GenAI system to provide citations or direct links back to the source documents used to generate a response, in to enhance the transparency, trustworthiness, and verifiability of AI-generated content.
AI/ML / Gen AI / Controls / DEV
Citations and Source Traceability
CCC.GenAI.CN05 · MachineLearning
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.GenAI.CP21 | Generate Content | Ability to generate a response given a foundation model, parameter values, and a prompt. |
| CCC.GenAI.CP03 | Embedding Model Selection | Ability to select a foundation model used for tasks like semantic search, clustering, and document similarity by converting text into vector embeddings. |
| CCC.GenAI.CP06 | Customizable Model Selection | Provide users the ability to fine-tune models with their own data. |
| CCC.GenAI.CP07 | Parameter Tuning - Temperature | Ability to control the randomness and creativity of the response. |
| CCC.GenAI.CP08 | Parameter Tuning - Max Token | Ability to limit the length of the response. |
| CCC.GenAI.CP09 | Parameter Tuning - Top P (Nucleus Sampling) | Ability to adjust the number of likely next tokens to consider based on cumulative probability. |
| CCC.GenAI.CP10 | Parameter Tuning - Top K | Ability to limit the number of token choices for the next word. |
| CCC.GenAI.CP11 | Parameter Tuning - Stop Sequences | Ability to halt generation when a predefined sequence is encountered. |
| CCC.GenAI.CP12 | Parameter Tuning - Frequency Penalty | Ability to penalize words that have been used frequently, reducing their likelihood of being repeated. |
| CCC.GenAI.CP13 | Parameter Tuning - Presence Penalty | Ability to penalize tokens that have already been used, encouraging the model to introduce new tokens. |
| CCC.GenAI.CP14 | Parameter Tuning - Context Length | Ability to control how much prior conversation or input the model will use for generating coherent responses. |
| CCC.GenAI.CP25 | Plugin Integrations | Ability for the model to use tools to complete a model interaction. For example web search, python code execution or external maths engine. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.GenAI.TH09 | Lack of Explainability | The "black box" nature of GenAI models makes it difficult or impossible to understand the specific reasoning behind a given output. This opacity makes it challenging to diagnose failures, detect hidden biases, and meet regulatory requirements for decision transparency. |
| CCC.GenAI.TH04 | Insecure / Unreliable Model Output | A GenAI model may generate content that is incorrect, misleading or harmful, such as convincing misinformation (hallucinations) or vulnerable or malicious code, due to its reliance on statistical patterns rather than factual understanding. Directly using this flawed output without validation can lead to system compromises, poor decision-making, and legal or reputational damage. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.GenAI.CN05.AR01 | When a RAG-enabled system generates a response containing information retrieved from its knowledge base, then the response MUST include a verifiable citation that links back to the specific source document. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| FINOS-AIGF | AIR-DET-013 | Providing Citations and Source Traceability for AI-Generated Information |