Every "AI security analyst" I tried had the same flaw: a correct verdict and a confident-but-wrong one are indistinguishable on screen. In security that's not a UX nit — it's the whole problem. So I built USAP around a single rule, and this post is about that rule and three things that fell out of it.
The evidence gate
USAP's output contract is 11 typed JSON fields. The uncompromising one is evidence_references: every verdict must carry at least one source that resolves. Four accepted forms:
mcp:<logical>:<tool>:<call_id> — evidence fetched live from a connected MCP
https://... — a canonical external source (CVE, EPSS feed, MITRE)






