02 Detect · AI authorship attribution
AI authorship attribution
AI authorship attribution fingerprints code by author — Copilot, Cursor, Claude Code, Windsurf, Devin. Methodology cross-referenced against 6,439,303 code samples spanning 64 distinct AI models across 13 programming languages and 9 published datasets. End-to-end production accuracy on customer code is pending Q3–Q4 2026 pilots — we do not claim "validated on N customer sites."
What it does
-
Per-finding attribution
For each violation surfaced by the multi-domain scanner, AI authorship attribution estimates the probability that the underlying code was written by a specific AI agent vs. a human author.
-
Multi-signal fingerprinting
Combines lexical entropy, AST shape statistics, naming cadence, and edit-history rhythm into a single attribution posterior — no single brittle classifier.
-
Cross-corpus validation
Methodology cross-referenced against 6,439,303 samples spanning 64 AI models, 13 languages, and 9 published datasets. All seven research claims confirmed with strong-to-very-strong evidence at scale.
-
Honest framing
End-to-end production accuracy on real customer code is pending Q3–Q4 2026 pilots. We do not claim "validated on N customer sites" today — published research signal does not equal deployment telemetry.
-
Differential CI thresholds
Feeds the CI/CD gate so customers can apply stricter PR gates to AI-authored patches than to human-authored ones — the AI 1.7× bug-rate finding made operational.
-
Standalone marketplace
Ships as the umbrella platform's attribution engine and as the standalone product blamer.ai on the developer marketplace.
Layer mapping
| Axis | Role | Direction |
|---|---|---|
| L9 AI Act | Author-attribution feeds Art. 50 transparency on AI-generated artifacts | Emit |
| L3 Testing (cross-feed) | Per-finding "who wrote this" annotation joined onto canonical scores | Cross-feed |
Multi-domain scan ScanEvent | Source of normalized findings to attribute | Read |
| CI/CD gate | Differential AI-vs-human thresholds for PR-merge policy | Feed |
| AI artifact audit | Per-author hashed records in the tamper-evident evidence chain | Feed |
Differentiator
No other compliance scanner attributes findings to a specific AI agent at this fidelity. Only the AI authorship attribution module enables differential AI-vs-human thresholds in the CI/CD gate — without attribution, every PR is treated the same and the AI 1.7× bug-rate finding becomes unactionable. The methodology corpus is two orders of magnitude larger than the next-most-cited public attribution study.
Filed IP
ARIADA holds filed-IP positions covering the AI authorship attribution methodology and model fingerprinting methods at the core of this module. Provisional application only; conversion to non-provisional is scheduled within the 12-month window. PCT national-phase decision pending.
Application numbers, claim counts, and PCT deadlines are available for accredited-investor due diligence on the Legal & IP page.
Cross-references
-
Multi-domain scan
Source of the
ScanEventthat AI authorship attribution processes. Without the scanner, there are no findings to assign authorship to. See multi-domain scan → -
AI artifact audit
Per-author records hashed into the tamper-evident chain that backs EU AI Act Art. 50 transparency packages.
-
CI/CD gate
Consumes AI authorship attribution to apply differential thresholds to AI-authored vs. human-authored pull requests. Standalone product: clamper.ai. See the CI/CD gate →
-
Canonical scoring
Per-finding attribution joins onto the canonical per-domain score, so customers can see which fraction of their score regresses from AI-generated code. See canonical scoring →
-
blamer.ai (standalone)
The marketplace standalone for developer-led buyers. Same engine. Visit blamer.ai →
-
Trust page
Validation evidence and the explicit "research signal vs. deployment telemetry" boundary lives on the Trust page.
Source-level remediation only — agentic suggestions are not autonomous deployments; pull requests require client merge. Not a legal certification body. For accredited certification, customers consult a notified body or registered auditor.