• workshop_dense_100#slide 39

An evidence object in RAIDT is a bounded and reviewable set of records that supports or challenges a governance claim about one configured GenAI use. In operational terms, RAIDT instantiates this as the run-level evidence pack: the minimum evidentiary bundle for reconstructing a run. It records context-of-use, configuration provenance, inputs and outputs, integrity markers, and oversight actions. The pack is then interpreted through a score profile across the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). Because RAIDT treats the run as the unit of governance, the evidence object must capture influence methods as governance interventions, not merely final outputs.

A useful example is cybersecurity alert triage. If a GenAI assistant proposes a containment action, RAIDT requires more than the generated recommendation. The evidence object should preserve the alert context, the prompt template ID, the model and retrieval configuration, the retrieved knowledge base snapshot, the output and hash, repeated-run evidence for stability where relevant, and the analyst's approval or escalation. This matters because incident review later depends on inspectable proof rather than memory. The object can be scored with anchors 1=missing / 3=partial / 5=audit-ready, allowing auditors or risk teams to see whether the run was reconstructable, understandable, dependable, and traceable enough for that setting. In RAIDT, the evidence object is therefore the operational link between governance claims and checkable records.

A security operations centre uses GenAI to triage alerts and draft recommended containment steps. One alert later becomes part of a serious incident review. Under RAIDT, reviewers do not rely only on the final recommendation. They inspect the run-level evidence pack for that alert: the prompt template, model version, retrieval snapshot from the internal knowledge base, output hash, repeat-run stability evidence, and the analyst's decision to accept, amend, or escalate the advice.

That concrete evidence object matters because cybersecurity teams need to know not only what the assistant said, but why that recommendation appeared under that configuration at that moment. The bounded record makes post-incident review, audit sampling, and workflow improvement materially easier.

• 08-RAIDT_Foundations_M_V50
• 13-RAIDT-Evidence-Review_M_v10
• 16-RAIDT-Audit-Accountability_M_v05