AI agents are running code and touching databases, but there's no standard way to prove they did it correctly.
A paper published on arXiv proposes a framework called Proof of Execution (PoE) that treats an agent's entire run as a verifiable object. Each execution bundles a contract, a causal event stream, and a replay context into a triple that validators can check against five invariants: authorization, path compliance, null effect on denied actions, history integrity, and replayability. The system issues an Execution Attestation Certificate only when all checks pass. In a TypeScript prototype, the overhead is about 2.7 ms on a minimal flow and 4.4% on concurrent batch workloads — low enough to be practical.
The significance here is that most AI governance talk stops at outputs: did the model say something harmful? PoE shifts the question to the execution trace itself — was each tool call sanctioned, and can an auditor reconstruct exactly what happened? That matters most in regulated industries where "it seemed fine" is not a legal defense.
The authors are careful to say PoE does not replace consensus protocols, trusted execution environments, or zero-knowledge proofs — it sits alongside them, binding authorization and history into one runtime-checkable record. Whether enterprise buyers will adopt yet another attestation layer before standards bodies settle on one is the question the paper does not answer.