There is a move we make constantly and rarely notice. A system verifies something — a signature checks out, a certificate is current, a backtest looks strong, a transaction is valid on-chain — and on the strength of that verification, we trust the thing. We treat the check and the trust as one act. They are not. A check confirms a narrow, technical fact. Trust is a claim about a much larger property the check does not actually establish. Most of the time the gap between them is harmless. Sometimes it is where the entire failure lives.

Over the past stretch I ran five adversarial reviews — each one taking the strongest honest case for an industry claim and testing it against the primary literature until it broke. They were meant to be independent: different sectors, different evidence, different experts. Financial-AI provenance. Modernizing mainframe COBOL with AI. Whether machine learning beats classical methods in markets. Whether DeFi is "trustless." Whether security certifications mean a vendor is secure. Five unrelated questions.

They broke in the same place.

Provenance. Regulators now require that the origin and lineage of a financial model be documented and auditable. The tooling can sign the bytes and name the signer — but it cannot witness that the training data was clean, and the enterprise platforms record lineage as ordinary, editable database rows. Documented is not verified.

COBOL. AI can translate the code, and the demos are real. But the hard part of moving a bank off a forty-year-old system was never translation — it is proving the new program behaves identically to the old one, with no written specification to check against, in a domain where a sub-penny rounding difference is a regulatory event. Translated is not equivalent.

Quant ML. Machine learning does add genuine value in specific market tasks. But "reliably beats classical methods" is inflated by costs that get quietly omitted, by edges (profitable advantages) that live in stocks too small to trade at size, and by the enormous number of model variants silently tried before one looks good. A strong backtest is not realized return.

DeFi. "Don't trust, verify" is the slogan. But cryptographic verification confirms a transaction is valid — it says nothing about whether the price feed was manipulated, the bridge validators were compromised, or three large holders control the governance vote. There is even a theorem: you cannot connect two blockchains without trusting some third party. Trust isn't removed; it moves somewhere less visible. Verified is not safe.

Enterprise security. A SOC 2 or FedRAMP certificate attests that described controls were tested over a past window, within a scope the vendor itself chose. Companies holding current certifications are breached regularly — often through the build pipeline the audit never looked at: the automated steps that turn source code into shipped software. Attested is not assured.

Five sectors. One shape: a verified-looking artifact mistaken for the property it is taken to warrant. Once you see it, you cannot unsee it. And the most striking part is that the last review closed back onto the first — the fix for un-inspectable software supply chains (reproducible builds, signed provenance you can re-check yourself) is the same mechanism the provenance review identified for regulated AI. It is one gap, not five.

There is also a way to close it, and it is the same move every time. Don't accept the artifact's self-report. Re-derive the property from evidence outside the thing that's claiming it. Account honestly for what you did and did not check. And give a three-valued verdict instead of a binary one: it matches, it drifts, or it cannot be verified — and never quietly fill that last case with a guess. Much of the harm in all five sectors comes from treating "cannot be verified" as "fine."

I want to be exact about what this is, because the work is about not over-claiming and would be a hypocrite otherwise. This is a research synthesis, not a proof. It is AI-assisted: research agents gathered and cross-checked sources in parallel; I did the synthesis, adjudicated the verdicts, and independently re-verified the load-bearing claims — and several first-pass claims were corrected or dropped along the way, which is the discipline working rather than failing. The strongest claim here — that these five are the same gap rather than five merely similar ones — I label as an argument, not a theorem. It is exactly as strong as its evidence, and no stronger.

The full corpus — five sourced reviews and a synthesis, with a SHA-256 manifest staking a dated claim on every file — is public:

• GitHub: github.com/HarperZ9/witnessing-spine
• Zenodo: 10.5281/zenodo.20778927

If it's wrong, that is the most useful thing you could tell me. It is built to be attacked.

Zain Dana Harper is an independent researcher in Seattle. This corpus is a companion to a longer philosophical argument, Conferred Existence, on the same theme: that nothing — a model, a market, a machine, or a person — carries its own warrant.  ↑ top

There is a gap you cross every day without noticing it. A system checks your password, confirms you are who you claim to be, and then — on the strength of that — lets you through the door. We treat those two moments as one. They are not. Knowing who someone is tells you nothing, by itself, about what they are permitted to do. The first is a fact. The second is a permission. And no pile of facts, however high, ever adds up to a permission on its own.

That small gap is the seam I have spent a long time pulling on. This essay is about where the thread leads.

One premise

Start with a single claim: nothing possesses its own existence. Not you, not me, not a star, not a sentence. To exist is to be conferred — held up, moment to moment, by what is not you. The flame is the old image: it gives off real heat, it is genuinely hot, and it does not own a second of its own burning. Cut off the fuel and the air and it is simply gone. Its heat was real. Its independence was never there.

Philosophers call the property of owning your own existence aseity — being "from oneself." The work I have been building, Conferred Existence, argues for the opposite at every level: no-aseity. Existence, status, standing, the moral "ought," legitimate authority, even the meaning a verified command carries — each is conferred, relational, re-spoken at every instant, owned by no one all the way down. And, this is the part that matters, none of it is less real, or less binding, for being conferred.

This is not a fashionable idea, but it is not a lonely one either. Three traditions that never met arrived at the same seam independently: the Ash'arite theologians of medieval Islam, who held that God re-creates the world at every instant (their term kasb, "acquisition," names the strange way a conferred act is still genuinely yours); Madhyamaka Buddhism, with its emptiness of own-being; and Yoruba thought, where a person's destiny, orí, is received rather than self-made. Different vocabularies, the same structural discovery: a thing can be real and ownerless at once.

Why a machine-age reader should care

Here is where the abstract premise turns sharp.

Authentication cannot confer authorization. Return to the door. A perfect identity check — cryptographic, unspoofable, certain — still cannot tell you whether the person should be let in. That requires a policy: a permission, which is a different kind of thing entirely, owing nothing to the facts of identity. Readers with a philosophical bent will recognize a cousin of Hume's law, the old point that you cannot derive an "ought" from an "is." I call the place it lives the membrane, and the result is unforgiving: no improvement in authentication ever closes the gap, because the gap is logical, not technical. We build enormous systems that quietly confuse the two — granting power because they recognized a face. The confusion has a name now, and a shape.

Origin does not determine standing. If existence is conferred rather than self-owned, then how a mind came to be — born, grown, trained, manufactured — cannot by itself settle what that mind is owed. That does not hand machines a claim to moral status. It does the narrower, harder thing: it removes "but we made it" as an automatic answer. The question then has to be asked on its merits, not closed in advance by an appeal to origin.

What is actually claimed — and what isn't

I want to be exact about the standing of this work, because the work is about accountability and would be a hypocrite otherwise.

Three results I offer as genuinely new. The membrane framing above. A transcendental argument that wherever an act of conferring occurs, it occupies a real here-and-now — established, I argue, without circularity, and bounded honestly to the conventional level (the verdict in the text is stamped, literally, forces-conventionally-only). And an arity gap in the free-will debate: the popular move to reduce holding someone responsible to merely shaping their future behavior quietly deletes one of the two people in the relation. You cannot collapse a two-place relation into a one-place vocabulary without losing a relatum.

And the honest part. This corpus is pre-proof. It is, in plain terms, AI-assisted research substrate: an argument built quickly and then stress-tested hard, but one whose every claim a human author still has to re-derive and own before signing his name to it as finished. I publish it now not as a finished result but to stake a dated, citable claim and to invite exactly the adversarial scrutiny that would break it if it deserves breaking. Proof before trust — including about authorship. Especially about authorship.

The thread, and where it goes

The same seam runs through all of it: the distance between a fact and a permission, between recognizing a thing and answering for it. It is a philosophical claim, but it is also, increasingly, an engineering one — because we are now building systems that recognize and act at a scale where confusing the two becomes its own kind of danger.

The full corpus — the thesis, the four papers, the adversarial examination record, and a SHA-256 manifest staking priority on every file — is public:

• GitHub: github.com/HarperZ9/senses-and-sensibility
• Zenodo: 10.5281/zenodo.20773724

If you think it is wrong, that is the most useful thing you could tell me. The argument is built to be attacked.

Zain Dana Harper is an independent researcher in Seattle. He writes about accountability — in machines, and in the people who build them.  ↑ top