I don't get how this AI slop would realistically work for compliance? It's not like the proof bundle has hardware-backed attestation, any malicious AI agent/person can just, y'know, forge a hash chain and sign it with their key