Making AI-Assisted Grant Evaluation Auditable without Exposing the Model

TL;DR

This paper introduces a TEE-based architecture for auditable AI-assisted grant evaluation that maintains confidentiality of models and scoring logic while enabling external verification.

Contribution

It presents a novel remote attestation framework that links evaluation inputs and outputs without exposing proprietary information, enhancing transparency and accountability.

Findings

The architecture allows verification of model and rubric usage without revealing weights.

It includes a canonicalization layer to prevent prompt injection attacks.

The approach enables external verification but does not guarantee evaluation fairness.

Abstract

Public agencies are beginning to consider large language models (LLMs) as decision-support tools for grant evaluation. This creates a practical governance problem: the model and scoring rubric should not be exposed in a way that allows applicants to optimize against them, yet the evaluation process must remain auditable, contestable, and accountable. We propose a TEE-based architecture that helps reconcile these requirements through remote attestation. The architecture allows an external verifier to check which model, rubric, prompt template, and input representation were used, without exposing model weights, proprietary scoring logic, or intermediate reasoning to applicants or infrastructure operators. The main artifact is an attested evaluation bundle: a signed, timestamped record linking the original submission hash, the canonical input hash, the model-and-rubric measurement, and the evaluation output. The paper also considers a scenario-specific prompt injection risk: applicant-controlled documents may contain hidden or indirect instructions intended to influence the LLM evaluator. We therefore include a canonicalization and sanitization layer that normalizes document representations and records suspicious transformations before inference. We position the design relative to confidential AI inference, attestable AI audits, zero-knowledge machine learning, algorithmic accountability, and AI-assisted peer review. The resulting claim is deliberately narrow: remote attestation does not prove that an evaluation is fair or scientifically correct, but it can make part of the evaluation process externally verifiable.