Mechanism

The model output provenance fingerprint method determines whether a generative model's output is structurally proximate to specific training data artifacts, and it does so from the output artifact and the indexed identities of training artifacts. The generative model output is processed by the output variance vector extractor, which applies the full multi-axis extraction pipeline to the generated artifact without regard to the generative model that produced it. The output UID computation module produces a slope-indexed output UID from that variance vector, exactly as any other content artifact receives a unique identifier under the content anchoring platform.

With the output UID in hand, the anchor network proximity query queries the training corpus anchor index for training artifacts whose variance vectors fall within a configured proximity radius of the output UID. The proximity match evaluator computes cosine similarity between the output variance vector and each candidate training artifact variance vector and applies the policy-declared memorization threshold. When the threshold is exceeded, the memorization signal generator produces a memorization proximity score and a ranked list of structurally proximate training artifacts. The provenance report module then generates an auditable provenance record comprising the output UID, the matched training artifact UIDs, the cosine similarity scores, and the applicable policy version.

Operating Without Model Access

The defining property of the method is that it does not require access to model weights, activation patterns, gradient information, or training logs. It operates entirely over the structural features of the generated output and the indexed variance vectors of training artifacts. Because the comparison is between an output UID and the UIDs registered in the training corpus anchor index, the method does not require model introspection, membership inference attacks, or the cooperation of the model operator.

This makes the method deployable by any party that possesses the output artifact and access to the training corpus anchor index. The disclosure names rightsholders evaluating potential infringement by a model they did not train, regulators auditing model output for training data scope compliance, and model operators conducting pre-release provenance checks. Each of these parties can perform the evaluation from the output alone, because the identity used is computed from content structure rather than from any signal the model operator would have to expose.

The Memorization Proximity Score

The memorization proximity score is computed as a function of the cosine similarity between the output variance vector and the most similar training artifact variance vector within the governed corpus, weighted by the variance band of the output and calibrated against the policy-declared memorization threshold for the relevant content category. The disclosure is explicit that a score above the threshold does not constitute a legal determination of infringement; it constitutes a structural proximity signal that may inform further investigation, rights enforcement action, or compensation computation under the creator attribution architecture.

The score is a measurement over the variance-derived UIDs of training artifacts and generated outputs. A high cosine similarity between a generated output's variance vector and a training artifact's variance vector, combined with a similarity score exceeding the policy-declared threshold, indicates that the model's output is structurally proximate to the training artifact in variance space. The measurement is computed at inference time without model introspection.

The Provenance Record

The provenance record generated by the provenance report module is versioned, cryptographically signed, and appended to the anchor network's event log. Its contents are the output UID, the matched training artifact UIDs, the cosine similarity scores, and the applicable policy version. Because the record is signed and logged, it is available as evidence in legal, regulatory, or contractual proceedings. The record does not assert authorship or ownership; it records a measured structural relationship between an output and a set of indexed training artifacts under a named policy version.

Auditability follows from the reproducibility of the underlying measurements. Given the output artifact, the training corpus anchor index, and the policy version named in the record, an authorized party can recompute the output UID, re-run the proximity query, and confirm the cosine similarity scores and the memorization proximity determination. The record is therefore verifiable from its own stated inputs.

Batch Evaluation and Statistical Characterization

The architecture supports both individual artifact evaluation and batch evaluation over a corpus of generated outputs. Batch evaluation over a corpus of model outputs allows statistical characterization of a model's structural proximity to its training data. The distribution of memorization proximity scores across a representative output corpus indicates whether the model exhibits systematic structural proximity to specific training data regions, suggesting memorization of content in those regions, or whether proximity scores are uniformly distributed, suggesting generalization from structural features without memorization of specific artifacts.

The disclosure characterizes this as a novel application of the variance vector infrastructure that enables quantitative, auditable assessment of training data influence on model outputs at scale. The same per-output measurement that supports individual evaluation aggregates into a population-level signal, computed across the output corpus without additional access to the model.

Composition with the Content Anchoring Platform

The provenance fingerprint method reuses the core identity infrastructure rather than adding a parallel one. The output UID is produced by the same multi-axis extraction pipeline that anchors any content artifact, the training corpus anchor index is queried as a slope-band-indexed governed corpus of registered UIDs, and the comparison operator is the same cosine similarity over variance vectors used throughout the platform. The training corpus governance layer admits artifacts only under signed corpus policy objects and records, for each admitted artifact, a governance record comprising the artifact's variance-derived UID, the signed corpus policy object under which it was admitted, a timestamp, and a cryptographic hash of the policy object, which constitutes a verifiable lineage linking trained model artifacts to the admissible corpus.

The method composes with the structural provenance trace, which evaluates whether a trained generative model has memorized specific training data artifacts or generalized from their structural features by computing cosine similarity between training artifact variance vectors and the variance vectors of outputs generated by the model. Where a memorization proximity score exceeds the policy-declared threshold, the result can inform the creator attribution and compensation routing architecture, in which consultation events and proximity measurements drive computable attribution weights and payment obligation records rather than approximations of training data influence derived from model weight analysis.

Distinctions from Conventional Approaches

The disclosure states that no existing system determines whether a generative model output is structurally proximate to specific training data artifacts without requiring white-box or gray-box access to the model. Determining whether an output reflects specific training data conventionally relies on access to model weights, activation patterns, gradient information, or training logs, or on membership inference techniques that probe the model's behavior. The disclosed method requires none of these. It operates over the structural features of the generated output and the indexed variance vectors of training artifacts, so the evaluation is performable by a party that did not train the model and has no privileged access to it.

The method also departs from watermarking and metadata tagging approaches, which embed identity signals in the content stream or a sidecar record and are removable through transcoding, cropping, or generative reconstruction. Nothing is embedded in the output to make its provenance determinable; the output UID is computed from the artifact's own internal variance structure after the fact. Provenance is therefore established for outputs that carry no embedded signal, and because the comparison is to indexed training artifact identities under a named policy version, the result is reproducible and auditable.

Disclosure Scope

This article describes the model output provenance fingerprint method as disclosed in PCT International Application No. PCT/US26/28630. The disclosure encompasses the extraction of a multi-axis variance vector from a generative model output, the computation of a slope-indexed output UID, the proximity query against the training corpus anchor index for training artifacts within a configured proximity radius, the computation of cosine similarity and a memorization proximity score calibrated against the policy-declared memorization threshold, and the generation of a versioned, cryptographically signed provenance record comprising the output UID, matched training artifact UIDs, cosine similarity scores, and the applicable policy version, appended to the anchor network's event log.

The scope extends to individual artifact evaluation and to batch evaluation over a corpus of generated outputs for statistical characterization of a model's structural proximity to its training data, and to the composition of the method with the training corpus governance layer, the structural provenance trace, and the creator attribution and compensation routing architecture. The method operates without access to model weights, activation patterns, gradient information, or training logs, and without the cooperation of the model operator. Specific generative model architectures, content modalities, and enforcement applications are within scope only as exemplars, as the method operates over any output artifact for which a variance-derived unique identifier can be computed.