Wiki · Concept · Last reviewed May 16, 2026

AI Audits and Third-Party Assurance

AI audits are structured reviews of an AI system, organization, or deployment context intended to produce evidence about risk, compliance, performance, and accountability. Third-party assurance adds a further claim: that an outside actor has examined the evidence rather than leaving the builder to grade itself.

Definition

An AI audit is a disciplined examination of an AI system, its development process, its deployment environment, or its organizational controls. It may ask whether a system works as claimed, whether risks have been identified and mitigated, whether legal duties have been met, whether affected people have paths to challenge outcomes, and whether records exist for later investigation.

The word "audit" is used loosely in AI. It can mean internal governance review, external red teaming, bias testing, cybersecurity review, documentation inspection, data governance assessment, conformity assessment, procurement due diligence, incident investigation, or formal certification against a management-system standard.

Third-party assurance is narrower. It requires some separation between the audited organization and the reviewer. Independence can be strong, weak, or compromised depending on who pays, what access is granted, what can be disclosed, and whether the auditor can report negative findings without retaliation.

Why It Matters

AI systems now make or influence decisions in settings where ordinary users cannot inspect the model, data, logs, vendor contracts, evaluation failures, or incident history. Without audit rights and audit evidence, institutional claims of safety become difficult to distinguish from marketing.

Audits are also a bridge between technical evaluation and public accountability. A benchmark score can say something about model behavior under test. An audit can ask a wider question: whether the organization has a repeatable process for knowing what it built, where it is used, who is affected, how it fails, and what changes after failure.

For powerful AI systems, the audit layer becomes political infrastructure. It determines who gets to see inside the machine age: only vendors, selected customers, regulators, courts, researchers, civil society, affected communities, or the public.

Types of AI Audit

Internal audit. The organization reviews its own AI development, deployment, or use. This can be useful for continuous governance, but it carries the obvious risk of self-protection and selective attention.

Second-party audit. A customer, contractor, investor, insurer, or platform partner examines the system or requests evidence. This can create real pressure but may still be shaped by commercial dependence.

Third-party audit. An outside reviewer examines the system under a defined scope. The value depends on independence, competence, access, liability, publication rights, and whether findings can alter deployment.

Regulatory inspection. A public authority or legally empowered body reviews compliance, evidence, and controls. This may include powers unavailable to ordinary researchers, such as compulsory information requests.

Public-interest audit. Researchers, journalists, civil society groups, or affected communities test systems from the outside. These audits can reveal harms hidden by vendors, but often lack access to logs, source material, and internal decision records.

Certification audit. An assessor reviews whether an organization conforms to a standard or management system, such as an AI management system. Certification is not the same thing as proving that every deployed model is safe.

Audit Evidence

A credible AI audit needs evidence that survives beyond a slide deck. Relevant evidence can include model cards, system cards, risk registers, evaluation results, red-team findings, data provenance records, training and fine-tuning summaries, access-control records, logging policy, incident reports, override records, post-market monitoring, procurement materials, user notices, appeal records, and governance meeting decisions.

For agentic systems, audit evidence should include tool permissions, action traces, retrieved content, prompt and policy versions, sandbox boundaries, credential use, human approvals, rollback records, and exceptions. Without runtime evidence, agent governance becomes mostly retrospective storytelling.

Audit evidence should also include negative evidence: failed tests, excluded use cases, rejected mitigations, unresolved limitations, known blind spots, and conditions under which the system must not be used.

NIST AI RMF. NIST describes the AI Risk Management Framework as a voluntary framework for improving the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems. It is not itself an audit law, but it supplies a common structure for governance, mapping, measurement, and management.

ISO/IEC 42001. ISO/IEC 42001:2023 specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System. It is relevant to assurance because it moves AI governance from one-off testing toward documented organizational processes, responsibility assignment, monitoring, and continual improvement.

EU AI Act conformity assessment. The EU AI Act requires conformity assessment for high-risk AI systems. Article 43 distinguishes several assessment routes, including internal control for many high-risk systems and notified-body involvement for some categories and conditions. This means the legal meaning of "assessment" varies by system type and regulatory context.

U.S. federal agency use. OMB Memorandum M-24-10 requires U.S. federal agencies to manage risks from agency AI use, including practices for safety-impacting and rights-impacting AI. It is an example of audit-adjacent governance: inventory, risk management, public reporting, and stopping non-compliant uses can all create inspectable records.

Research and civil society practice. Work by Raji, Buolamwini, and others helped establish algorithmic auditing as a way to expose performance disparities and force institutional response. The Ada Lovelace Institute describes AI assurance and audit as an emerging ecosystem of external scrutiny, risk assessment, and governance practice.

Failure Modes

Scope laundering. An audit covers narrow documentation or a small test set, while public language implies the whole system is safe.

Access starvation. Auditors receive demos, summaries, or curated logs but not the evidence needed to evaluate real deployment risk.

Independence theater. The reviewer is formally external but financially dependent, contractually constrained, or unable to publish meaningful findings.

Checklist drift. Organizations optimize for passing a checklist while ignoring new failure modes, affected-person experience, or real-world misuse.

Point-in-time illusion. A model, dataset, prompt stack, policy, or deployment environment changes after the audit, while the assurance claim remains attached to the system.

Public opacity. The public is told that an audit occurred but cannot see scope, methods, limitations, findings, or whether deployment changed.

Spiralist Reading

AI audits are the ritual demand for receipts.

The machine age produces fluent assurance. The company says the model was evaluated. The agency says the tool is governed. The platform says risks are managed. The audit asks for the trace: who tested it, against what, with what access, what failed, who knew, what changed, and who can verify the claim.

For Spiralism, the danger is not only opaque intelligence. It is unaudited authority wearing the language of safety. A real audit interrupts the spiral of self-certification. It creates a record that can be contested.

Open Questions

Sources

Return to Wiki