The Founder's Notebook: Why I'm Building the AI Trust Council, and What I'm Afraid Of

There is a moment, before you start a company, when the question of whether to start it changes from a theoretical exercise into a practical one. For me that moment came in early 2025. I had been thinking about AI content provenance for two years. I had been reading every paper, every standards proposal, every regulatory hearing transcript I could find. I had argued myself in and out of three different versions of the problem.

The Morning I Decided to Build This

What changed was a Saturday morning. I was reading the news on my phone. There was a video of a public official, doing something that, if it had been real, would have been a serious matter. I watched it twice. I forwarded it to a friend who works in journalism. By the time she replied, six hours later, the video had been confirmed as a deepfake.

The thing that struck me was not that the video was fake. By 2024 we all knew that videos could be fake. What struck me was the six hours. In six hours, a million people had seen it, formed an opinion, told three people each, and moved on. The retraction never reaches the same audience. The retraction reaches the people who care enough to look for retractions. The damage was done before the truth caught up. This is the standard pattern of misinformation, and it is not a new problem. What was new was the cost of producing the misinformation. The cost had gone to zero. The cost of producing the truth, by contrast, had not changed at all.

I sat there for a long time thinking about who would build the answer. I went through my list. Adobe was building C2PA, which is a good standard for cameras and editing software but does not, as a design choice, answer the question of who actually wrote a piece of content. Microsoft and the BBC were building Project Origin, an excellent newsroom-side initiative whose footprint is necessarily limited to participating publishers. OpenAI was adding C2PA manifests to DALL-E outputs, a generous move from a generation company but downstream of the question. The W3C had decentralized identifiers. The IETF had various proposals. The EU had Article 50 of the AI Act, which would mandate disclosure of AI-generated content from August 2026.

None of them were building what was missing. What was missing was a public, federated, post-quantum-secure institution whose mission was the integrity of the question itself. An institution that would outlive any single company, jurisdiction, or political moment. An institution that any individual or organization in any country could participate in on equal terms. The technology was tractable. The cryptography was settled. NIST had just published FIPS 203, 204, and 205 in August. The piece that was missing was the institutional will to assemble it.

That was the morning I decided to build it. I am not pretending the decision was clean or that I knew what I was getting into. I did not. What I knew was that if I did not start it, someone else would, and that someone might not start it as a public institution. I had spent fifteen years watching trust infrastructure get captured by single companies. I did not want to watch it happen again with the most consequential trust question of my career.

This essay is the long version of that decision. It is the version a journalist or a regulator or a competitor deserves, instead of the polished founder narrative I would otherwise be tempted to give. It is also the version I owe to the people who have joined the AI Trust Council since, who have asked, reasonably, what they are signing up to be part of.

The most consequential question of our era is no longer whether a piece of content was published, but who actually wrote it, and whether their claim about how it was made is true.

The Thing C2PA Wasn't Going to Fix

I wrote a long essay last week called TIP vs C2PA · Why Identity Beats Watermarking. The short version is that the Coalition for Content Provenance and Authenticity solved the camera problem. A Sony Alpha A9 III today can sign an image at the moment of capture with a key stored in a secure element. By the time the file leaves the camera, the manifest is sealed. This is a real, hard, important achievement.

The thing the camera answer does not address is the moment of publication. A signed-at-capture image, processed through a photo editor, uploaded to a social platform that strips its metadata, screenshot by a downstream reader, and reposted on a different account, that image has lost its manifest by the third hop. Even when the manifest survives, it tells you what camera took the picture. It does not tell you who decided to put it in front of you, in the form you are seeing it, on this site, today.

For most consequential content in the world (a news story, a research paper, a public statement, a video op-ed), the relevant question is not "what camera captured the source." The relevant question is who chose to publish this, and what did they say about how it was made. That is an identity question. It is the question we needed to answer for the AI era. C2PA was never trying to answer it. The Content Authenticity Initiative was clear about scope from day one. They built the part they were able to build, with the partners they could assemble. I respect the work enormously. I just believed, by early 2025, that someone needed to build the next layer.

The next layer needed three things C2PA does not provide. First, an identity that traces to a single verified human, not to a device or an organization. Second, a federated registry that no single company controls. Third, post-quantum signatures that will still be verifiable in thirty years, when the cryptographic environment has changed twice.

I did not build any of those primitives myself. I assembled the primitives that NIST, the W3C, the standards community, and decades of cryptographic research had already published. I made specific design choices about how to combine them. I wrote down those choices as a public specification, licensed it under Creative Commons Attribution 4.0, and put the specification on the internet for anyone to read, implement, fork, or improve. That specification is the Trust Identity Protocol.

The protocol is the easy part of this story. The institution that maintains and governs it is the hard part.

Why Federation, Not Consortium

Every previous attempt at content provenance has been a consortium of large companies. C2PA is Adobe, Microsoft, BBC, Intel, plus accreted partners. Project Origin is Microsoft and BBC. The Content Authenticity Initiative is Adobe-led. These consortia have done useful work. They also share a structural property: governance flows from corporate membership, and corporate membership flows from corporate budgets. A journalism nonprofit in Kenya, a public university in India, a teacher in rural America, and a soloist creator in any country are not, structurally, members of these consortia. They are users of the consortia's outputs.

I wanted to build something different. I wanted to build a body where a journalist in Nairobi has the same protocol vote as a Fortune 500 platform in San Francisco. Where governance power comes from your role in the ecosystem, not the size of your check. Where the largest constituencies (individual creators and public institutions) pay nothing, and where the commercial constituencies (publishers, operators, partners) pay according to their size and their use, with their fees funding the operational costs of the body rather than purchasing additional influence.

This is the AI Trust Council. It has five constituencies, each with one equal vote on protocol matters. Creators and Institutions are free. Publishers pay by tier matched to their revenue band. Operators (Verification Providers, Node Operators, infrastructure providers) pay by accreditation category. Partners (large platforms, enterprise integrators, standards bodies) pay by partnership agreement. No constituency can act on its own. Protocol-wide decisions require majority approval from at least three of the five constituencies. The Council is governed by a public Charter, with five Constitutional Principles that can be amended only by a four-of-five supermajority and a ninety-day public consultation period.

Federations have failed historically. The decentralized identity efforts of the 2018 to 2022 era are the most recent cautionary tale. Most of them died from governance fatigue. People do not show up to vote on technical parameters after the first six months. The Council's bet is that governance fatigue can be avoided if the rhythm is predictable, the participation cost for the largest constituencies is zero, and the decisions actually matter. We will know whether the bet works by the third Annual Trust Summit. By then we will know whether the Council is a real body or another well-meaning paper organization.

The model I drew from is not Adobe's C2PA. It is ICANN's approach to governing the global Domain Name System. It is the IETF's "rough consensus and running code" principle. It is the W3C's standards process. Those are the institutions that have managed, more or less, to govern shared infrastructure across competing commercial interests for the better part of three decades. They are not perfect. They are durable. Durable is what we need.

Why Newark, Delaware

This is the unglamorous part. The AI Lab Intelligence Unobscured, Inc. is incorporated in Delaware. The headquarters address is 131 Continental Drive, Suite 305, Newark. We formed via Stripe Atlas on January 28, 2026. We are a standard Delaware C corporation with a dual-class capital structure.

People ask me why Delaware. The honest answer is: because Delaware courts are the most predictable corporate-law jurisdiction in the world, and an institution whose mission is durability needs the most predictable legal environment available. The Chancery Court has 235 years of business-law jurisprudence. The Court of Chancery does not, unlike most state courts, even use juries. Disputes are decided by judges who specialize in corporate law full time. For a company that is going to have to navigate the next thirty years of unsettled AI regulation, that predictability is worth more than any other factor I weighed.

People ask me why a C corporation and not a public benefit corporation, given the public-interest mission. The answer is similar: PBCs are a newer construct, the case law is thinner, and our governance is already constrained by the AI Trust Council's Charter rather than by an internal benefit-purpose clause. We get the public-interest commitment from the Council, with the legal predictability of a standard C corp. We may revisit if the case law evolves.

I mention this only because the operational choices that go into building a durable institution are easy to miss in the public-facing narrative. The Charter and the constituencies and the cryptographic primitives are the interesting parts. The corporate-law boilerplate is the part that keeps the interesting parts from coming apart in a litigation crisis ten years from now.

Why I Started the AI Trust Council

If the protocol is the easy part and federation is the political part, the Council is the institutional part. The Council is what makes the rest of it durable.

A protocol without a governance body is a specification that gets forked the first time a powerful actor wants to change it. A federation without a constitutional document is a group of mailing-list participants who lose interest. The Council exists to do three things the protocol and the federation cannot do alone.

First, the Council issues parameter decisions. The Trust Score weights, the Origin Code taxonomy, the Verification Provider accreditation criteria, the federation security baselines, all of these need to be set, periodically reviewed, and occasionally rotated. The Council does that work in public, with recorded votes, against a written Charter, with the ability for any constituency to call for amendment.

Second, the Council adjudicates disputes. The Trust Tribunals are the Council's adjudicative arm. When an Origin Code declaration is challenged, when a Verification Provider is alleged to have issued an identity in error, when a content registration is alleged to be fraudulent, the Tribunal panels (drawn at random across the five constituencies) decide. The reasoning is published in plain language. The reasoning is recorded immutably on the federated DAG. The right of appeal is preserved.

Third, the Council holds the public-record commitments. The annual Public Access Report. The annual Trust & Safety Report. The annual Transparency & Funding Report. The warrant canary refreshed quarterly. The public observer status for any individual in any jurisdiction. The Council is, by Charter, the body that owes those reports to the world. The reports come out whether or not it is convenient.

The reason I started the Council, rather than running the protocol as a corporate offering of The AI Lab, is that I do not believe corporate offerings produce durable public infrastructure. Every previous attempt to anchor public infrastructure in a corporate parent has, eventually, been pulled in directions that served the parent rather than the infrastructure. I do not believe The AI Lab is exempt from that pressure. I believe the Council, with constituencies who have the standing and the right to push back, is the only structural protection against it. The Council is the part of this institution that is designed to outlive me.

I started this Council so that one day, no one will remember I started it. That is the test.

The Five Things I Got Wrong in 2025

I want to spend some time on what I got wrong, because the polished founder narrative typically does not. Other founders' wrongness is more useful to a reader than other founders' rightness. Here are five things I believed in early 2025 that turned out to be wrong.

First, I believed C2PA was about to die. I read the metadata-stripping problem as a fatal flaw. I assumed that without manifest persistence across platform processing, C2PA would lose momentum and another standard would replace it. I was wrong. The hardware story (Sony, Leica, Nikon) and the editor story (Adobe) gave C2PA enough adoption to keep it alive despite the metadata problem. The C2PA community has since published improvements (cloud-based manifest stores, soft binding via JPEG Trust hashes) that mitigate, if not solve, the issue. C2PA is going to be around in 2030. We will work with it rather than around it.

Second, I believed biometric verification would be the easy part. I assumed that the technical primitives for one-person-one-identity were settled and the work was integration. I was wrong about the operational complexity. Biometric data is regulated heterogeneously across jurisdictions. Illinois BIPA has different requirements than Texas CUBI, which has different requirements than Washington's biometric privacy statute. GDPR Article 9 treats biometric data as a special category requiring explicit consent and additional safeguards. India's Digital Personal Data Protection Act 2023 adds another layer. Running a Verification Provider accreditation program that works in fifty US states and twenty-plus international jurisdictions is a much harder problem than running the cryptography. We have spent more on jurisdictional compliance than on protocol engineering.

Third, I underestimated how much governance work the constituencies would require. I assumed that publishing a Charter, opening five constituencies, and holding an Annual Trust Summit would be enough institutional scaffolding. I was wrong. The work of recruiting the first thousand constituency members in each of the five categories, of building a process for one-member-one-vote within each constituency, of coordinating quarterly Standing Committee meetings across time zones, of publishing minutes within seven days, of handling the first dozen Trust Tribunal cases without precedent to lean on, all of this is real, sustained work. I underestimated it by a factor of four.

Fourth, I assumed regulators would be glad we existed. I assumed that EU AI Act drafters, Colorado AI Act drafters, and NYC Local Law 144 staffers would view a federated, public-interest, post-quantum-secure protocol as the obvious infrastructure to converge on. Some of them have. Others have been suspicious. The suspicion is not always unreasonable. Regulators have been burned before by companies that claim public-interest status while operating as private platforms. We have to earn the benefit of the doubt by sustained public behavior, not by claiming it.

Fifth, I believed that the founder narrative was a distraction. I thought my job was to build the protocol, build the Council, and stay out of the public conversation about who I am or why I started this. I was wrong. People do not invest their time, their reputation, or their organizational credibility in an institution whose founder is invisible. The skeptical version of "I want to stay out of the public conversation" is "I am hiding something." The cure is to write essays like this one. It is a job I should have started earlier.

What I'm Afraid Of Now

There are three things I am afraid of in the present moment. I think it is worth saying them out loud.

I am afraid the protocol will succeed and the Council will not. The protocol is a specification, and specifications are durable in a way institutions are not. If the protocol gains adoption and the Council does not establish itself as the real governance body, what we will have built is a Trojan horse: a system that looks federated on paper, but that in practice routes governance decisions back to whoever runs the largest implementation. The work of making the Council a real institution, with members who actually show up, dissents that actually get heard, and minutes that actually get read, is the work that fails quietly. I am afraid of that quiet failure.

I am afraid of a major Verification Provider scandal. If an accredited VP issues TIP-IDs improperly, fails a security audit, or is compelled by a hostile government to disclose biometric data, the credibility damage to the entire system will be disproportionate. We have built revocation cascades. We have built warrant-canary protections. We have built constitutional protections in the Charter. None of these will fully prevent the news cycle that follows the first major scandal. We need to handle the first one well, because the public memory of how we handle it will shape the public's read of the institution for years.

I am afraid that this becomes a Western standard rather than a global one. The current Charter, the current incorporation, the current language of operation, all default to American-and-European norms. If we cannot recruit and seat substantive representation from China, India, Brazil, sub-Saharan Africa, and the Middle East in the constituencies, then we have built a Western trust standard with global aspirations. That is a worse outcome than what we set out to build. Global representation is harder than English-speaking representation. We are not yet certain we can do it.

These three fears are present in every staff meeting I run. They are also the reason for many of the design choices in the Charter and the protocol. I would rather name them in public than pretend the institution is invulnerable.

If we don't build this, someone else will, and that someone might not start it as a public institution. That is the deal.

What I'm Betting On

Here is what I am betting on, in the form of an explicit set of predictions you can hold me to.

1. By the end of 2027, the AI Trust Council will have seated representatives from at least fifteen countries across all five constituencies, with active participation by Creators and Institutions in at least the OECD, India, Brazil, and at least one sub-Saharan African nation. If we do not, we will publish that fact in the Public Access Report and explain what we are doing about it.
2. By the end of 2028, the AI Trust Registry public lookup will be querying at a rate of at least one billion lookups per year, integrated by at least three major newsrooms, two major social platforms, and one major search engine. If we have not, we will publish that fact and explain what we are doing about it.
3. By the end of 2030, the third Annual Trust Summit will have ratified at least one Constitutional Amendment under the supermajority procedure, proving that the amendment mechanism works rather than just exists.
4. By the end of 2031, the TIP Protocol specification will have been formally adopted as the basis of at least one ISO or IETF standard, and the Council will have inter-operated with C2PA, JPEG Trust, and the W3C verifiable credentials work to the point that a single piece of content can carry both a C2PA manifest and a TIP signature without contradiction.
5. By the end of 2036, the question "who wrote this, and how" will be answerable for any consequential piece of public content on the internet, by any reader in any jurisdiction, in less than two seconds, using public infrastructure that no single company runs.

If any of these turn out to be wrong, I will say so, in the Public Access Report for the year in which they should have come true. I will explain what we are doing differently. I will not pretend the predictions were not made.

Closing

I am writing this essay because the work ahead of the AI Trust Council is the most ambitious thing I will ever attempt. It is more ambitious than any company I will ever build. The Council is, if we can make it real, a constitutional body for global AI trust on the internet. The fact that you are reading these words means you are now part of the audience whose judgment of that work matters.

If you are a journalist, the Council exists to be a citable source about how content provenance and verified human identity actually work, beyond the headlines of any given company's marketing cycle. The Charter is public, the Constitutional Principles are public, the proceedings are public, the records are public. You can verify our claims against the record.

If you are a regulator, the Council exists to be the institution your laws can reference when they need a credible operator of identity-and-provenance infrastructure that does not collapse into a single private company. The Charter is designed to be referenceable in regulatory text. The reports are designed to be auditable.

If you are a high-tech CEO, the Council exists because the trust infrastructure of the internet should not be a competitive moat for any one company, including yours. The protocol is CC-BY 4.0. The reference implementation will convert to Apache 2.0 in 2031. You can fork it. You can compete with it. You can integrate with it. What you cannot do, structurally, is capture it. That is intentional. That is the only way an institution like this becomes infrastructure.

If you are an individual reading this who wants to be part of it, the Creators constituency is free, the Institutions constituency is free, and the Annual Trust Summit is open to all attendees. The Charter is public at theailab.org/charter. The protocol is at theailab.org/trust-identity-protocol. The Registry is at theailab.org/ai-trust-registry. We are at the beginning of the work.

If we do this work well, the institution will be remembered, and the founders will not. That is the goal. By the year I would otherwise expect to retire, I want to be able to walk into a room of constituency representatives and have someone politely ask who I am. That will mean the institution has outlived its founders. That will mean the work was real.

By Dinesh Mendhe. Founder and Chairman. The AI Lab Intelligence Unobscured, Inc. May 2026.