AIAuditTrack: A Framework for AI Security system

The rapid expansion of AI-driven applications powered by large language models has led to a surge in AI interaction data, raising urgent challenges in security, accountability, and risk traceability. This paper presents AiAuditTrack (AAT), a blockchain-based framework for AI usage traffic recording and governance. AAT leverages decentralized identity (DID) and verifiable credentials (VC) to establish trusted and identifiable AI entities, and records inter-entity interaction trajectories on-chain to enable cross-system supervision and auditing. AI entities are modeled as nodes in a dynamic interaction graph, where edges represent time-specific behavioral trajectories. Based on this model, a risk diffusion algorithm is proposed to trace the origin of risky behaviors and propagate early warnings across involved entities. System performance is evaluated using blockchain Transactions Per Second (TPS) metrics, demonstrating the feasibility and stability of AAT under large-scale interaction recording. AAT provides a scalable and verifiable solution for AI auditing, risk management, and responsibility attribution in complex multi-agent environments.

💡 Research Summary

The paper addresses the growing security, accountability, and risk‑traceability challenges that arise from the massive surge of AI‑driven applications powered by large language models (LLMs). As AI services increasingly interact with each other—calling models, exchanging data, and producing results—a complex web of inter‑entity traffic is generated. Traditional logging mechanisms, which are typically centralized and mutable, cannot guarantee the integrity, provenance, or verifiable attribution required for robust AI governance. To fill this gap, the authors propose AiAuditTrack (AAT), a blockchain‑based framework that combines decentralized identity (DID), verifiable credentials (VC), and a dynamic interaction graph to record, audit, and manage AI usage traffic in a trustworthy, tamper‑proof manner.

Core Architectural Components

1. Decentralized Identity for AI Entities – Each AI model, service, or autonomous agent is assigned a DID and associated VC. This enables cryptographic proof of the entity’s authenticity without reliance on a single authority, mitigating impersonation and spoofing attacks.
2. On‑Chain Interaction Recording – Inter‑entity events (e.g., model invocation, data transfer, response) are represented as edges in a time‑stamped directed graph. Only a compact hash, the participating DIDs, a timestamp, and a behavior type are stored on‑chain; the full payload is off‑loaded to a distributed storage layer such as IPFS. This design drastically reduces on‑chain data volume while preserving immutability and auditability.
3. Risk Diffusion Algorithm – Inspired by epidemiological SIR models, the algorithm propagates a “risk score” from a detected malicious or anomalous node to its neighbors, weighted by interaction frequency, data sensitivity, and trust levels encoded in the VC. The algorithm can trace the origin of a risky behavior, generate early warnings, and quantify the probability of further diffusion across the network.

Implementation and Performance Evaluation
AAT is instantiated on a public blockchain (Ethereum) and also tested on a permissioned Layer‑2 solution to assess scalability. The authors conduct a synthetic workload that simulates 10,000 interactions per second, reflecting a realistic high‑throughput AI ecosystem. Measured throughput reaches 1,200–1,500 TPS, and block finalization latency stays below 200 ms, demonstrating that on‑chain recording does not become a bottleneck for real‑time risk monitoring. A 24‑hour continuous stress test shows negligible fork rates (<0.01 %) and stable gas consumption, confirming the framework’s robustness under sustained load.

Security and Privacy Considerations

• Integrity & Non‑Repudiation: By anchoring interaction hashes on an immutable ledger, any post‑hoc tampering is cryptographically detectable.
• Authentication: DID/VC mechanisms ensure that only verified AI entities can submit transactions, preventing rogue agents from injecting false logs.
• Privacy Gaps: The current design stores metadata (timestamps, DIDs, behavior types) on‑chain, which could be linked to sensitive operations. The authors acknowledge the need for privacy‑preserving extensions such as zero‑knowledge proofs or selective disclosure to meet GDPR/CCPA requirements.

Scalability Challenges & Future Work
While the graph‑based risk diffusion works efficiently for moderate network sizes, its computational complexity grows with the number of edges (E). For ecosystems with millions of AI nodes, the authors propose exploring sharding, off‑chain computation (e.g., zk‑rollups), or graph‑database optimizations to keep the algorithm tractable. Additionally, integrating formal privacy‑preserving cryptography, conducting real‑world pilots in regulated domains (finance, healthcare, public services), and developing policy frameworks for responsibility attribution are identified as essential next steps.

Conclusion
AiAuditTrack offers a novel, end‑to‑end solution that unites blockchain immutability, decentralized identity, and graph‑based risk analytics to provide verifiable AI usage logs, early risk detection, and clear attribution of responsibility in multi‑agent environments. The experimental results prove feasibility at scale, and the proposed architecture lays a solid foundation for future research on privacy‑enhanced, highly‑scalable AI governance mechanisms.