# FAQ

Clear answers about what Mighty is, what it is not, and how to use it before the AI layer.

Source URL: https://trymighty.ai/docs/faq

## Is Mighty A Misinformation Or Truth Scoring Layer?

No.

Mighty is not a truth oracle, fact checker, misinformation detector, or content truthiness score.

Mighty is a security, safety, and multimodal inspection layer. It helps your app decide whether untrusted material should reach AI, OCR, storage, agents, automation, or users.

## What Does Mighty Stop?

Mighty helps detect and route security and safety risks such as:

- Prompt injection.
- Instruction injection hidden in text, files, images, PDFs, OCR output, or tool output.
- Attempts to exfiltrate secrets or private data.
- Unsafe model output before users see it.
- Poisoned OCR or IDP output.
- Hidden document risk.
- Steganography-style hidden payload attempts when detected.
- Suspicious AI-generated or altered evidence signals.

The product route is what stops the risk. Mighty returns three distinct fields:

- `action` is one of `ALLOW`, `WARN`, or `BLOCK` — switch on this for routing.
- `scan_status` is one of `pending`, `complete`, or `failed` — async lifecycle, separate from routing.
- `authenticity.verdict` is one of `likely_real`, `likely_ai_generated`, `ai_generated`, or `indeterminate` — forensics on the file itself, separate from routing.

Your app routes on `action`. `indeterminate` is a forensics verdict, not a routing action.

Illustration: Mighty is a security checkpoint, not a truth oracle. Use it before AI, OCR, storage, agents, automation, or users trust untrusted material.

## What Is Deterministic Input Sanitization?

It means you put a server-side scan step before the AI layer.

```text
user input or file -> Mighty scan -> route result -> AI layer
```

The model does not decide whether the input is safe to read. Your server scans first, then only passes routed material into the model, OCR system, agent, tool, or workflow.

## Where Should Mighty Sit?

Put Mighty before the first trust boundary:

| Surface | Put Mighty before |
| --- | --- |
| Chat prompt | Model call. |
| Uploaded file | Storage, OCR, extraction, or indexing. |
| OCR output | Extracted fields become trusted workflow data. |
| Model output | Users or downstream tools see it. |
| Agent tool output | Tool output enters model context. |
| Damage photo | Claim, repair, or payment decision. |
| Invoice or estimate | Approval, payment, or AI summary. |

## Does Mighty Prove Fraud?

No.

Mighty can flag suspicious evidence, hidden instructions, unsafe output, or authenticity signals. Your team and product policy make the final business decision.

Use this wording:

- Mighty flagged this for review.
- Mighty blocked this route.
- This result needs more evidence.
- This result is indeterminate.

Do not say:

- Mighty proved fraud.
- Mighty proved the document is real.
- Mighty proved the statement is true.

## Does Mighty Replace App Security?

No.

Keep your normal security controls:

- Authentication.
- Authorization.
- Rate limits.
- File size limits.
- Malware scanning when required.
- Audit logs.
- Human review for high-risk decisions.

Mighty handles the untrusted material inspection layer before AI and automation trust it.

## Does Mighty Support Multimodal Inputs?

Yes.

Mighty supports one scan contract across:

- Text.
- Images.
- PDFs.
- Documents.
- OCR and IDP output.
- Model output.
- Agent tool output.
- Audio transcripts today. Audio file scanning is closed beta.

Use [Multimodal Support](/docs/integrate/multimodal-support) to choose settings.

## What Should My App Store?

Store these fields when returned:

- `scan_id`
- `request_id`
- `scan_group_id`
- `session_id`
- `action`
- `risk_score`
- `risk_level`
- `threats`
- `content_type_detected`
- `redacted_output`

This gives support, billing, review, and audit teams enough context to understand the route.

## What Should I Give My AI Coding Agent?

Use this prompt.

### Explain Mighty correctly

```text
Use Mighty as a security, safety, and multimodal inspection layer before AI.

Do not implement Mighty as:
- a truth oracle
- a fact checker
- a misinformation classifier
- a source-of-truth system

Implement Mighty as:
- server-side input scanning before the AI layer
- output scanning before users or tools see generated text
- multimodal scanning for text, images, PDFs, documents, OCR output, model output, and agent tool output
- routing on action (ALLOW, WARN, BLOCK), scan_status lifecycle (pending, complete, failed), and authenticity.verdict (likely_real, likely_ai_generated, ai_generated, indeterminate)

Security risks to route:
- prompt injection
- instruction injection
- data exfiltration attempts
- secret leakage
- poisoned OCR or IDP output
- unsafe model output
- steganography-style hidden payload attempts when detected

Acceptance criteria:
- Untrusted material is scanned before AI, OCR, storage, agents, or automation trusts it.
- The app does not claim Mighty proves fraud or truth.
- The app stores scan_id, request_id, scan_group_id, session_id, action, and risk_score.
- Tests cover ALLOW, WARN, BLOCK, scan failure, and output scanning.
```