Attach citations and source traceability to AI-generated information so that outputs can be verified against retrieved sources and decisions can be explained.
AI/ML / Multi Agent Refarch / Controls / DEV
Citations and Source Traceability for AI-Generated Information
CCC.MARefArc.CN20 · DET
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP23 | Cross-layer telemetry collection | Captures logs, traces, metrics, and events emitted by every layer to support debugging, auditability, distributed tracing, and operational monitoring across the request lifecycle. |
| CCC.MARefArc.CP25 | Signal correlation | Correlates signals across logs, traces, metrics, and events into a unified view, connecting symptoms to root causes across cross-layer dependencies. |
| CCC.MARefArc.CP21 | Human supervision and oversight | Mechanisms for human reviewers to inspect, approve, correct, or override agent outputs, supporting human-in-the-loop and human-over-the-loop workflows for sensitive or high-impact tasks. |
| CCC.MARefArc.CP05 | Agent-ingress zero-trust guardrails | Treats all inputs as untrusted and enforces authentication, authorization, input validation, content filtering, access control, rate limits, and dynamic policy before any request reaches an agent. |
| CCC.MARefArc.CP02 | Human-in-the-loop output review | Application-embedded controls that allow users to review, approve, or modify agent outputs before they are executed or shared. |
| CCC.MARefArc.CP16 | Model-interaction zero-trust guardrails | Enforces authentication and authorization for every inference request and applies input validation against prompt injection, output filtering and redaction, access control, rate limits, and cost management before and after model execution. |
| CCC.MARefArc.CP22 | Runtime protection | Monitors agent actions and model outputs during execution to detect unsafe, non-compliant, or anomalous behavior, enforcing constraints, blocking disallowed actions, or triggering escalation. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.TH24 | Lack of explainability and traceable rationale | Black-box foundation models produce outputs without traceable rationale, leaving the firm unable to justify AI-driven decisions to regulators, stakeholders, or customers and allowing latent errors or biases to go undetected; observability and human oversight are the principal mitigating surfaces. |
| CCC.MARefArc.TH25 | Non-compliant outputs and model-risk-management gaps | AI-generated advice, marketing, or communications that fail KYC, suitability, disclosure, record-keeping, or model-risk-management expectations create regulatory exposure; weak supervision and accountability lines turn this into direct non-compliance. |
| CCC.MARefArc.TH16 | Confident hallucination and fabricated facts | Lacking ground truth and faced with ambiguous prompts or helpfulness-biased tuning, the model fabricates plausible but false facts, figures, or citations, presented with high fluency that makes errors hard to catch and likely to be acted upon. |
| CCC.MARefArc.TH15 | Reputational harm from offensive or misleading outputs | The system generates offensive, misleading, or inappropriate outputs, or is manipulated into doing so, that are attributed to the organization, with reputational and regulatory impact when output filtering and human review are insufficient. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MARefArc.CN20.AR01 | Outputs grounded in retrieved content MUST include citations identifying the source documents. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.MARefArc.CN20.AR02 | The system MUST retain the linkage between an output and the retrieved sources used to produce it. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| finos-air | AIR-DET-013 |