Generative artificial intelligence has fundamentally changed how content is now produced. It has enabled how high-fidelity text, images, audio, and videos are created, modified, and redistributed at near-zero marginal cost. This shift exposes enterprises and ecosystems to a number of risks across four reinforcing authenticity layers -- authenticity, provenance, integrity, and accountability -- that traditional controls are inadequate to address in isolation. We introduce the concept of authenticity debt: the cumulative institutional liability that accumulates when organizations deploy AI-generated content without preserving verifiable origin, integrity, and accountability, deferring exposure that surfaces under regulatory, legal, or market scrutiny. This paper presents a comprehensive, multi-dimensional taxonomy of generative AI harms and attack vectors, surveys the capabilities and failure modes of technical controls including digital watermarking, provenance frameworks (C2PA, Adobe CAI), and detection technologies, and argues that no single mechanism is sufficient in open, adversarial, and evolving environments. Drawing on Zero Trust Architecture principles and enterprise governance frameworks, we propose a layered reference architecture that integrates cryptographic provenance, human-in-the-loop verification, and continuous governance to sustain defensible authenticity at scale. We further examine the regulatory landscape (EU AI Act, U.S.\ FTC, NIST AI RMF) and identify practical guiding principles for organizations seeking to build authenticity as institutional infrastructure rather than an afterthought.

翻译：生成式人工智能已从根本上改变了内容的生产方式。它使高保真文本、图像、音频和视频能够以近乎为零的边际成本进行创建、修改和重新分发。这一转变使企业和生态系统面临一系列贯穿四个相互强化的真实性层级——真实性、溯源、完整性和问责性——的风险，而传统控制手段单独应对这些风险已显不足。我们提出了"真实性负债"这一概念：指组织在部署AI生成内容时未保留可验证的来源、完整性和问责性，从而累积的机构性责任，这种责任在监管、法律或市场审查下才会暴露出来。本文提出了一个全面的、多维度的生成式AI危害与攻击向量分类体系，考察了技术控制措施（包括数字水印、溯源框架（C2PA、Adobe CAI）和检测技术）的能力与失效模式，并论证了在开放、对抗性和不断演进的环境中没有任何单一机制是足够的。借鉴零信任架构原则和企业治理框架，我们提出了一种分层参考架构，该架构集成了加密溯源、人在环验证和持续治理，以在规模上维持可辩护的真实性。我们进一步审视了监管环境（欧盟AI法案、美国联邦贸易委员会、NIST AI风险管理框架），并为寻求将真实性打造为制度性基础设施而非事后补救措施的组织确定了实用的指导原则。