There is a quiet consensus forming about how to make an AI agent's output trustworthy: make it reproducible. Pin the inputs. Hash the pipeline. Anchor the hash somewhere tamper-evident. Then anyone can re-run the exact steps on the exact bytes and land on the exact same answer. If the numbers match, the result stands.
This is real progress, and I am not trying to talk anyone out of it. Reproducibility is the whole distance between "trust me" and "here, run it yourself." But it answers a narrower question than the word "verified" tends to imply, and the gap between the two is exactly where a careful adversary sets up shop.
Reproducibility proves one thing: the recipe was followed on the inputs you were handed. It says nothing about whether those inputs are a faithful capture of the world. Those are two different claims. Most agent pipelines quietly fold them into one and ship the confidence of both.
The same answer twice is not the same as the right answer
Take a concrete case. An agent screens a company against sanctions lists and reports "no match." To make that checkable, it pins the exact list files it screened, hashes them, commits the hashes alongside the result, and publishes everything so anyone can re-run the match and watch "no match" fall out deterministically. A second party does exactly that and gets "no match" too.






