02 Detect · AI authorship attribution

AI authorship attribution

AI authorship attribution fingerprints code by author — Copilot, Cursor, Claude Code, Windsurf, Devin. Methodology cross-referenced against 6,439,303 code samples spanning 64 distinct AI models across 13 programming languages and 9 published datasets. End-to-end production accuracy on customer code is pending Q3–Q4 2026 pilots — we do not claim "validated on N customer sites."

What it does

  • Per-finding attribution

    For each violation surfaced by the multi-domain scanner, AI authorship attribution estimates the probability that the underlying code was written by a specific AI agent vs. a human author.

  • Multi-signal fingerprinting

    Combines lexical entropy, AST shape statistics, naming cadence, and edit-history rhythm into a single attribution posterior — no single brittle classifier.

  • Cross-corpus validation

    Methodology cross-referenced against 6,439,303 samples spanning 64 AI models, 13 languages, and 9 published datasets. All seven research claims confirmed with strong-to-very-strong evidence at scale.

  • Honest framing

    End-to-end production accuracy on real customer code is pending Q3–Q4 2026 pilots. We do not claim "validated on N customer sites" today — published research signal does not equal deployment telemetry.

  • Differential CI thresholds

    Feeds the CI/CD gate so customers can apply stricter PR gates to AI-authored patches than to human-authored ones — the AI 1.7× bug-rate finding made operational.

  • Standalone marketplace

    Ships as the umbrella platform's attribution engine and as the standalone product blamer.ai on the developer marketplace.

Layer mapping

AI authorship attribution is the cross-feed module — it reads from L9 AI Act surface signals and the L3 Testing findings, and emits attribution posteriors that join onto both. L0–L10 numbering follows the scanner-axis stack.
Axis Role Direction
L9 AI ActAuthor-attribution feeds Art. 50 transparency on AI-generated artifactsEmit
L3 Testing (cross-feed)Per-finding "who wrote this" annotation joined onto canonical scoresCross-feed
Multi-domain scan ScanEventSource of normalized findings to attributeRead
CI/CD gateDifferential AI-vs-human thresholds for PR-merge policyFeed
AI artifact auditPer-author hashed records in the tamper-evident evidence chainFeed

Differentiator

No other compliance scanner attributes findings to a specific AI agent at this fidelity. Only the AI authorship attribution module enables differential AI-vs-human thresholds in the CI/CD gate — without attribution, every PR is treated the same and the AI 1.7× bug-rate finding becomes unactionable. The methodology corpus is two orders of magnitude larger than the next-most-cited public attribution study.

Filed IP

ARIADA holds filed-IP positions covering the AI authorship attribution methodology and model fingerprinting methods at the core of this module. Provisional application only; conversion to non-provisional is scheduled within the 12-month window. PCT national-phase decision pending.

Application numbers, claim counts, and PCT deadlines are available for accredited-investor due diligence on the Legal & IP page.

Cross-references

  • Multi-domain scan

    Source of the ScanEvent that AI authorship attribution processes. Without the scanner, there are no findings to assign authorship to. See multi-domain scan →

  • AI artifact audit

    Per-author records hashed into the tamper-evident chain that backs EU AI Act Art. 50 transparency packages.

  • CI/CD gate

    Consumes AI authorship attribution to apply differential thresholds to AI-authored vs. human-authored pull requests. Standalone product: clamper.ai. See the CI/CD gate →

  • Canonical scoring

    Per-finding attribution joins onto the canonical per-domain score, so customers can see which fraction of their score regresses from AI-generated code. See canonical scoring →

  • blamer.ai (standalone)

    The marketplace standalone for developer-led buyers. Same engine. Visit blamer.ai →

  • Trust page

    Validation evidence and the explicit "research signal vs. deployment telemetry" boundary lives on the Trust page.

Book a demo Try the standalone — blamer.ai

Source-level remediation only — agentic suggestions are not autonomous deployments; pull requests require client merge. Not a legal certification body. For accredited certification, customers consult a notified body or registered auditor.