From client brief to verifiable AI delivery: how agencies run jobs in Archibal

Most AI creative work falls apart at one simple question: "How was this made?"

You usually know the answer. You know which AI model produced the hero shot, which reference images went in, who approved which version, and what changed at the last minute. The problem is that all of that lives in your head, a few Slack threads, and a ComfyUI graph nobody outside your team can read.

So when a client - or their legal team, or a platform reviewing AI-generated ads - asks you to show your AI production workflow, "trust me, it was handled" is often the only thing you can produce on short notice.

Archibal is the place that record gets built while you work, instead of as a separate documentation chore after the fact. Here's what an AI job actually looks like from the agency / studio side.

Work arrives as an incoming AI brief

If a client commissions you through Archibal, their AI brief shows up under Incoming in your sidebar - and as a card on your home dashboard so you don't miss it. Open it and you see the actual spec you'll be judged against:

• Territories where the AI content will run
• Channels (social, broadcast, streaming, web, OOH)
• Use category and stakes
• Deadlines and legal or brand notes

You get two buttons: Review & accept or Decline.

• Accept spins up a new project with the brief's details already filled in. You're not re-typing the territory list or disclosure notes the client already gave you, and the project carries a clear "Commissioned by [brand]" banner so anyone on your team can see where it came from and click back to the brief.
• Decline if it's not a fit; the brand is notified and can move on.

You don't need an incoming brief to start, either. You can open a project cold and run the exact same workflow. The brief path just removes a lot of back-and-forth about scope and keeps your AI creative scope, territories, and disclosure assumptions explicit from day one.

Build with the AI provenance record switched on

This is the part that matters for AI compliance and future questions: the provenance trail builds itself as you add work, not as a separate "fill in the spreadsheet" step at the end.

Upload your shots and every file is scanned automatically:

• Existing C2PA manifests
• Generator metadata and embedded prompts
• EXIF software fields and hidden watermarks
• Other AI detection signals that matter for disclosure

If you work in ComfyUI, you can go one step further: the Archibal callback node sits at the end of your graph and, when you hit Queue, it pushes the final image, the full workflow, every model in the pipeline, and the prompts straight into the project.

Either way, each shot ends up with its model attribution and workflow context attached - the thing you will be glad you have when someone asks "what exactly made this frame?" six months later.

There's also Quick Check on the dashboard - the lightning-bolt button - for times when you just want to scan one AI asset, see its risk band and provenance in a few seconds, and decide whether it's safe to ship. No project required; you can promote it into a full job if it turns into one.

Set the context that decides which AI rules apply

AI compliance isn't a single global toggle. It depends on where and how the work runs. Before delivery, you set the project's context, which is what drives the risk rules:

• Territory - where the content is distributed. Adding EU, for example, turns on GDPR and EU AI Act checks.
• Channel - social, broadcast, theatrical, web, internal. Disclosure expectations and platform rules differ.
• Use - commercial, editorial, political, internal, educational, etc.
• Stakes - how aggressively borderline rules get flagged.
• Copyright / authorship - pure AI, AI-assisted, or human-created.

Get this right and the risk register and AI disclosure checks actually reflect the markets you're shipping to. "Compliant" with no territory or channel attached doesn't mean anything, and any client with a switched-on legal team will ask "compliant where, and for what use?"

Optional: built-in legal review for AI content

Some jobs don't need formal legal review; some absolutely do. Archibal doesn't force it, but it makes it easy to add when required.

If the job needs a lawyer's eyes, invite one to the project as a reviewer - they don't take up a creative seat. They see the project in their In Legal Review queue, read the risk register (with each rule's legal basis visible), leave annotations on specific AI assets, and then Sign Off when they're satisfied.

That sign-off is:

• Recorded with their identity and timestamp
• Locked; it can't be edited afterward
• Attached to the final certificate that goes to the client

For you, this turns "our lawyer saw it" from a vague statement into a provable part of the AI production workflow.

Deliver AI work the client can verify themselves

When the work's ready, you either:

• Send for acceptance (if there's a client in the loop), or
• Mark complete (for internal jobs or white-label scenarios)

Either way, Archibal signs every unsigned shot and generates the compliance certificate in one atomic move. If a shot fails to sign, the whole operation rolls back with the failing shot named - you never end up with half of the AI assets signed and half floating.

What comes out the other side is a delivery designed for client-side verification of AI work:

• A public verification page at /verify/[token] - no login, permanent - showing the risk verdict, AI models detected, jurisdictions assessed, sign-off record, and SHA-256 fingerprints that prove the files haven't changed since you delivered them.
• A certificate PDF plus the signed C2PA manifests, downloadable by anyone you share the link with.

If the project started from a client brief inside Archibal, you don't email zips or hunt for links. The delivery lands in the brand's Archibal inbox automatically, tied back to the brief they sent. They open it, verify it themselves, and either accept or request changes - which comes back to you as a notification on the project with their note.

From their side, this looks like "AI deliverables we can actually prove." From your side, it's just your normal workflow with signing and compliance built in.

Why agencies and studios bother doing AI provenance right

There are two real reasons to bother, and neither is "because a tool nagged you."

The first is liability. In most regimes, the primary disclosure and provenance obligation attaches to the publisher - the brand or media owner - under rules like Article 50 of the EU AI Act and emerging US state AI disclosure laws. But when something goes wrong, the brand's first call is to you.

We went deeper on how that liability actually distributes in the guide to AI creative liability. The short version: contemporaneous provenance - records made at the time the AI work happened - is the difference between a five-minute answer and a bad week of reconstruction.

The second reason is simple business. More RFPs and master services agreements now include language like "vendor must provide AI provenance" or "vendor must support verifiable AI disclosures." Being the shop that hands over a verifiable AI delivery instead of a folder of PNGs is a real advantage, and that edge grows every quarter as compliance teams tighten requirements.

Being able to say "every AI commercial, visual, or asset we ship comes with a verification link, certificate, and signed manifest" is starting to decide who wins the work.

The bottom line: keep making the work, let the record keep itself

You're already doing the hard part: making the creative calls, wiring up the workflows, deciding when and how to use AI models.

Archibal's job is to capture that AI production record as you go, so it exists the moment you deliver - not reconstructed later under pressure from a client, regulator, or platform.

Accept the brief, build like you normally would, set the context, deliver. The proof, provenance, and AI compliance story come out the end on their own - and your clients can verify every AI asset without calling you in a panic.