Why the next enterprise data moat is authority, provenance, correction history, and outcomes.
For two decades, enterprise data programs equated accumulation with progress: we need more documents, more data, we need telemetry, warehouses, lakehouses, and repositories. The idea was that having more data than competitors would yield competitive advantage.
AI changes the economics. Producing a memo, summary, policy draft, research note, code comment, or sales proposal now costs much less than it used to. Verification, however, still requires judgment, accountability, and time.
Graphite sampled 55,400 English language articles in Common Crawl. Primarily AI-generated articles reached 50.9% in Q4 2025 and 49.9% in Q1 2026, remaining near 50% for five consecutive quarters. Exact percentages matter less than the trends, the rise, how quickly generated content is mixed with hand authored content, and then how we can’t reliably trace back to origin, authority, or accuracy.

Inside companies, the problem becomes more serious and the stakes are higher. AI-generated summaries, policies, and research end up in the same repositories as everything else. Then people and AI systems use that material in decisions and workflows, often not knowing which source is authoritative, what changed, or from where it came.
Before Funding Another Enterprise AI Initiative
Ask these four questions first:
- Authority: Which source controls the decision, and who owns it?
- Provenance: Where did the information originate, and how was it transformed?
- Correction: What did a human change, override, or reject, and why?
- Outcome: What happened after the recommendation or decision?
These four layers create what I call adjudicated data. The data has been placed in context, evaluated by accountable people, and connected to results. Without those answers, the organization is operating a content repository and calling it a trusted data layer.

The Copy-of-a-Copy Problem
Here is the pattern I expect will become increasingly common.
A policy gets summarized and saved to SharePoint. Later, another system retrieves the summary instead of the original policy and uses it to draft an operating procedure. That procedure is stored, reused, and eventually treated as evidence, even though it is now several steps removed from the source.
The enterprise has created a photocopy of a photocopy and promoted it to the source of truth.
This is the enterprise version of a problem researchers have already seen in model training. Stanford’s 2026 AI Index reaches a nuanced conclusion on synthetic data: it can help in post-training, reasoning, and narrow tasks, while high-quality human data remains critical for general pretraining. The report also points to curation, pruning, deduplication, and source quality as increasingly important drivers of performance.
A study published in Nature demonstrated the same failure mode at the model level. When generated outputs repeatedly influence the next training set, models begin to lose the less common parts of the original distribution and misrepresent reality.
Synthetic data can be valuable. The danger comes from synthetic data that loses its label, source, relationship to original evidence, and route back to a person who can correct it.
Retrieved Does Not Mean Trusted
Many companies think retrieval fixes the trust problem because the model can cite an internal document. Retrieval actually moves the trust boundary into the knowledge base.
The PoisonedRAG researchers showed how significant the risk can become. Their study was focused on planting malicious documents in a RAG knowledge base to manipulate answers. They achieved a 90% attack success rate by adding five malicious texts per target question to knowledge bases containing millions of documents. A small amount of corrupted context steered the system toward attacker-selected answers.
Malice is only one mode of failure. An obsolete policy, unofficial deck, a generated summary, and a duplicated procedure can flow into the same retrieval path. Once agents take action, knowledge governance becomes part of cybersecurity and operational control.
Access is only the first question. The harder questions are:
- Is it authoritative?
- Is it current?
- What superseded it?
- Is it original or derived?
- Can it override a higher-trust source?
- Which actions may rely on it?
The Moat
Owning private data is not enough. For many companies, this is the first time documents and other unstructured content are being used directly as operational data. Those archives were never built for that, nor for the speed, volume, and decisions that will now depend on it. The problems come from stale and duplicated material, contradictory information, and weak permissions. The result is little connection to what happened after a decision was made.
Fixing this can be substantial work. However, the alternative of feeding everything into a model before doing it creates a faster route to confusion.
The stronger advantage is adjudicated data, it’s decision-grade information:
- Authority tells the system which source controls.
-
Provenance shows where the information came from, who owns it, what changed, and when it applies.
-
Correction history records expert changes, disputes, exceptions, and the reasons behind them.
-
Outcome evidence links a recommendation or decision to the result.
The final layer matters; it separates what was approved from what proved effective. A document can record the decision. Outcome evidence shows what happened after the decision was made.
In insurance, this may mean linking the controlling policy and jurisdiction to claims decisions, overrides, and loss experience. In life sciences, it means linking protocol versions and source evidence to clinician corrections, safety events, and patient outcomes. In professional services, it means linking the approved deliverable to the evidence, revisions, client context, and commercial result.
Trust Becomes Infrastructure
The market and regulators are moving in the same direction.
EU AI Act Article 50 transparency obligations apply from August 2, 2026. Providers of systems that generate synthetic text, audio, images, or video must make those outputs detectable as AI-generated in a machine-readable format. Certain deployers have separate disclosure obligations for deepfakes and AI-generated text published to inform the public on matters of public interest.
C2PA version 2.4, released in April 2026, added a machine-readable AI disclosure assertion and support for embedding provenance manifests into HTML and structured text formats, including Markdown, YAML, and source code. Provenance is expanding beyond images and video into documents and software artifacts used throughout the enterprise.
In July 2026, Cloudflare began testing a shift from Pay Per Crawl toward Pay Per Use. Under the experiments, publishers can be paid when their content appears in AI search results or when an agent requests access to premium material. It remains early, but the direction matters, where access rights, traceability, and compensation are becoming part of the content architecture.
Provenance tracks chain of custody and how the information changed. Accuracy still depends on authoritative evidence, review, and results that followed. A record can be perfectly traceable and still be wrong.
The 90-Day Trust Audit
Use this checklist in your next data, architecture, security, or AI governance review.
- Create an authoritative-source register. Name the controlling source, owner, effective date, and escalation route for every critical knowledge domain.
- Classify content at creation. Label human-authored, AI-assisted, AI-generated, external, synthetic, draft, validated, and approved artifacts before they spread.
- Separate evidence from derivatives. Keep original records distinct from summaries, embeddings, generated analyses, and downstream decisions.
- Capture corrections and overrides. Record what changed, who changed it, why, and which model or workflow produced the original result.
- Connect decisions to outcomes. Link AI recommendations and human approvals to the operational or commercial result.
- Secure retrieval inputs. Apply trust tiers, source allowlists, contradiction tests, poisoning tests, version controls, and access policies.
- Update vendor contracts. Specify training rights, retention, deletion, derivative use, portability, provenance, and audit requirements.
The next enterprise AI advantage comes from operating the fastest reliable loop from authoritative evidence, to human correction, to observed outcome.
Ask your team one question: Six months after an agent makes a consequential decision, could we prove which evidence it used, why it was allowed to use it, who corrected it, and what happened next?
A larger model will not fix a missing trust architecture.