Questions

Why can't GPT or Claude do this themselves?

A language model can describe what an audit should check, but it cannot install a tool, intercept its TLS traffic, and prove what it actually sent. That needs execution and capture — an external observation layer the model doesn't have.

What is evidence coverage?

The share of an audit's claims that are backed by independently captured evidence rather than assertion. Five claims, one proven → 20% coverage.

What is an unsupported claim?

An assertion with no verifiable evidence behind it — the audit says it, but nothing observed confirms it. Canary flags these and holds a verdict that rests on them.

How is the Integrity Score calculated?

From real, checkable attributes: a passed capture self-test, intercepted traffic behind each claim, an adversarial disclosure check, a tamper-evident signature, and an exact version pin — normalised to 0–100. See the Integrity Score page.

Can a high-confidence audit still have low integrity?

Yes — that is the central failure mode. Confidence is generated from text; integrity is computed from evidence. Confidence is not evidence.

Does Canary audit the auditor?

Yes. It scores the audit itself on evidence, and signs its own verdicts so its scoring is auditable in turn.