Following the Model — Where AI Evidence Actually Lives – Part 2

In traditional investigations, evidence has a physicality — disks, logs, packets, timestamps. AI incidents dismantle that comfort. When artificial intelligence influences outcomes, the evidence is no longer concentrated in a single place. AI forensics requires investigators to follow the model, not the machine.

AI evidence lives across layers: data, models, infrastructure, and decision context. Missing any one of these creates gaps that cannot be reconstructed later. This is why many AI investigations collapse under scrutiny — the evidence was never preserved because no one knew where to look.

The first and most overlooked evidence source is training data. Models do not reason; they reflect. Bias, error, and manipulation often originate in datasets created long before deployment. Data sources, preprocessing steps, labeling decisions, and exclusions all influence model behavior. If these artifacts are undocumented or discarded, investigators lose causal visibility.

Next is model lineage. Model versions matter. A minor retraining event can significantly alter outcomes. Yet many organizations treat models as static assets rather than evolving systems. Without version control, rollback capability, and metadata preservation, investigators cannot determine which model made which decision.

Inference artifacts are another blind spot. AI systems often log outputs but not reasoning pathways. Prompts, inputs, confidence scores, and response parameters are frequently omitted for performance or privacy reasons. When harm occurs, the absence of inference context turns investigation into speculation.

Infrastructure evidence still matters — but differently. Compute environments, API gateways, orchestration layers, and access controls reveal who interacted with the system and how. AI forensics requires correlating these signals with model activity to establish timelines. Traditional SIEM tools rarely make these connections automatically.

Explainability artifacts are often misunderstood. Explainability tools do not replace forensics; they supplement it. They can indicate which features influenced outcomes, but they cannot prove intent or misuse. Overreliance on explainability without corroborating evidence leads to false confidence.

One of the hardest challenges is temporal drift. Models change as data changes. An investigation conducted weeks after an incident may analyze a system that no longer resembles the one involved. Without snapshotting and retention, forensic reconstruction becomes impossible.

Human decisions also leave evidence — or fail to. Governance artifacts matter: approval records, deployment justifications, risk assessments, and exception handling. These documents establish accountability. Their absence is itself a finding.

The reality is uncomfortable: most organizations do not retain the evidence required to investigate AI incidents. Not because they are negligent, but because AI was deployed as a feature, not a system of record. Forensics was never part of the design.

AI forensics demands intentional architecture. Evidence must be preserved deliberately, not recovered opportunistically. This requires collaboration between security, engineering, legal, and data science teams — a coordination few organizations have achieved.

If investigators cannot follow the model, they cannot follow the truth.

Q&A

Q: Where does AI evidence typically reside?
A: Across training data, model versions, inference logs, infrastructure activity, and governance records.

Q: Why are traditional logs insufficient for AI investigations?
A: They rarely capture model behavior, data influence, or decision context.

Q: Can explainable AI replace forensic analysis?
A: No. Explainability provides insight, not evidence or accountability.

Q: What is the biggest risk in AI evidence handling?
A: Loss of historical state due to retraining, updates, or insufficient retention.