---
id: "action-extend-provenance"
type: "action-item"
source_timestamps: ["§ What Leaders Should Do", "¶15"]
tags: ["metadata", "governance", "tooling"]
related: ["entity-slsa-framework", "framework-ai-accountability", "entity-canon-c2pa"]
action: "Implement SLSA metadata tracking to record AI tool usage, reviewer identity, and final sign-off on all code."
outcome: "Creates a clear chain of accountability and governance for AI-generated code."
speakers: ["Chengwei Liu", "Balázs Kovács"]
sources: ["futures"]
sourceVaultSlug: "hbr-seg-futures"
originDay: 2
articleStem: "hbr-cl-84-big-tech-capability-crisis"
sourceUrl: "https://hbr.org/2026/06/big-techs-looming-capability-crisis"
sourceTitle: "Big Tech’s Looming Capability Crisis"
---
# Extend Software Provenance for AI

## Action — Extend Software Provenance for AI

**Do:** Use frameworks like [[entity-slsa-framework|SLSA]] to attach metadata to every shipped software module recording **which AI tools touched the code, who reviewed the AI's output, and who provided the final sign-off**.

**Outcome:** a clear chain of accountability and governance for AI-generated code. Precedent: the [[entity-canon-c2pa|C2PA]] provenance model from photojournalism.

This is **Step 1** of the [[framework-ai-accountability|mitigation framework]].
