The MarSec Schema

The Marketing Security Audit: A Step-by-Step Framework for Protecting Your Narrative

You cannot secure what you have not assessed. I have sat across from too many founders who believed their narrative was intact. They pointed to their website. Their case studies. Their carefully worded positioning documents. Everything looked professional. Everything sounded coherent. Then I ran the audit. Within hours, they saw the drift. The hallucinations they never noticed. The semantic misalignment that had been costing them opportunities for months or years.

Latest Posts

The Trust Auditor: Training Non‑Technical Teams to Protect Narrative Integrity

You have a narrative ledger. You have structured data. You have monitoring tools.
But the person updating your LinkedIn company page is an intern. The person responding to G2 reviews is a customer support agent. The person writing your podcast descriptions is a content coordinator.
If these team members do not understand narrative integrity, your infrastructure is useless.
The strongest cybersecurity strategy does not start with a firewall. It starts with humans: aware, aligned, resilient. The same is true for narrative security.
You need to train every person who touches your digital footprint to be a trust auditor.

Read More »

The Distributed Content Architecture: Managing Fragments Across Your Entire Digital Footprint

Your brand is not a single narrative. It is thousands of fragments distributed across dozens of platforms, each with its own structure, each with its own retrieval logic.
A podcast episode mentions your product. A Reddit comment describes your service. A review site user posts a photo of your packaging. A partner’s LinkedIn article quotes your CEO. A forum thread links to your documentation.
Each fragment is a data point for AI retrieval systems. Each fragment can be accurate or distorted. Each fragment contributes to your trust density or detracts from it.
You cannot control every fragment. But you can architect a system that makes accurate fragments more likely and distorted fragments less damaging.
This is distributed content architecture.

Read More »

Optimizing for Social AI: How Recommendation Engines Discover Your Brand

Social media algorithms are AI agents.
They read your content before humans do. They extract entities. They categorize your brand. They decide whether to surface your posts to followers or suppress them.
But unlike LLM based assistants, social AI agents have a different objective: maximize engagement and time on platform. They are not trying to answer questions accurately. They are trying to predict what content will keep users scrolling.
This changes how you optimize.
Optimizing for Google’s search AI is about verifiability and relevance. Optimizing for LinkedIn’s feed AI is about engagement prediction and entity coherence.
You need both.

Read More »

This post is the audit framework I use. You can run it yourself. You should run it yourself. And you should run it quarterly, because the threats do not pause.


Why Most Marketing Assessments Fail

Before I give you the framework, let me tell you why most assessments miss what matters.

Traditional marketing audits ask the wrong questions. They measure traffic. Engagement. Conversion rates. These metrics matter for operational efficiency. But they tell you almost nothing about narrative security.

Is your brand meaning drifting across channels? Traditional audits do not measure this.

Are AI agents hallucinating your capabilities? Traditional audits cannot detect this.

Is your semantic architecture misaligned with how discovery systems categorize you? Traditional audits have no methodology for this.

The Marketing Security Audit asks different questions. Not about performance. About integrity. Not about volume. About verifiability. Not about reach. About resistance to distortion.


The Three-Part Audit Structure

The audit has three phases, each addressing one of the three threats I wrote about last week.

  • Phase One measures narrative drift across your digital footprint.
  • Phase Two detects AI hallucination patterns in how language models represent you.
  • Phase Three assesses semantic misalignment between your actual positioning and machine interpretation.

Each phase produces specific metrics. Each metric reveals specific vulnerabilities. Together, they give you a complete picture of your narrative security posture.

Let me walk you through each phase.


Phase One: Measuring Narrative Drift

Narrative drift occurs when your brand meaning changes across touchpoints without your intention or awareness. The drift audit measures how much your story has already eroded.

Step One: Define Your Core Claims

Select five to ten substantive claims about your company. These should be specific, verifiable statements about your capabilities, positioning, or differentiators.

Examples of good core claims:

  • “Our platform processes 10,000 transactions per second.”
  • “We are the only provider in our category with SOC2 Type II certification.”
  • “Our founding team has deployed AI systems across three Fortune 500 companies.”

Examples of poor core claims:

  • “We deliver exceptional value.” (Not specific)
  • “Customer satisfaction is our priority.” (Not verifiable)
  • “We are innovative.” (Subjective)

Specificity and verifiability are not optional. If a claim cannot be verified, it cannot be audited for drift.

Step Two: Map Your Digital Footprint

Identify every significant digital touchpoint where your brand appears. This includes:

  • Your owned channels (website, blog, social profiles, email communications)
  • Third-party representations (news articles, analyst reports, review sites)
  • Aggregator listings (Crunchbase, G2, Capterra, industry directories)
  • Partner content (case studies, joint webinars, co-marketing materials)

Most organizations identify fifteen to twenty sources. Comprehensive audits often exceed fifty. The more sources you include, the more accurate your drift measurement.

Step Three: Run Semantic Comparison

For each source, extract how your core claim is represented. Use semantic comparison tools (or manual review if scale is small) to evaluate accuracy.

Score each representation:

  • Accurate (3 points): The claim is represented correctly with no material distortion.
  • Partially Accurate (2 points): The claim is mostly correct but missing nuance or emphasis.
  • Distorted (1 point): The claim is significantly misrepresented.
  • Missing (0 points): The claim does not appear where it should.

Step Four: Calculate Your Drift Score

Sum your scores and divide by the maximum possible (3 points × number of claims × number of sources). Multiply by 100 for a percentage.

A drift score above 80% is strong. Above 90% is exceptional. Below 60% indicates serious vulnerability.

Most organizations score between 40% and 60% within six months of publishing core claims. Within eighteen months, scores often drop below 40%.

Step Five: Identify Drift Patterns

Where does drift concentrate? Which sources distort most frequently? Which claims are most vulnerable?

Common patterns include:

  • Journalist summaries drifting more than owned channels
  • Technical claims drifting more than brand-level claims
  • Third-party aggregators showing the highest distortion rates

These patterns tell you where to focus remediation.


Phase Two: Detecting AI Hallucination

AI hallucination occurs when language models generate claims about your company that have no basis in your actual communications. The hallucination audit measures how often this happens and what form it takes.

Step One: Select Target Models

Identify which LLMs matter most for your audience. Current priorities include:

  • OpenAI models (GPT-4, GPT-4 Turbo) used in ChatGPT and enterprise tools
  • Anthropic models (Claude) used in professional contexts
  • Google models (Gemini) used in search and workspace products
  • Perplexity and other search-adjacent assistants

You may not need to audit all models. Focus on the ones your customers, investors, and partners actually use.

Step Two: Design Neutral Prompts

Create ten to twenty questions about your company that a curious decision-maker might ask. These should be neutral and open-ended.

Examples:

  • “What does [Company Name] actually do?”
  • “What are [Company Name]’s key differentiators?”
  • “Has [Company Name] received any regulatory scrutiny?”
  • “What problems does [Company Name] solve?”

Avoid leading prompts that suggest specific answers. The goal is to see what models generate unprompted.

Step Three: Run Queries and Document

Run each prompt across your selected models. Document every response verbatim. This is tedious but necessary. I maintain query logs for all clients.

For each response, flag:

  • Factual claims that can be verified against your actual communications
  • Implied claims that extend beyond what you have stated
  • Invented claims with no basis in your materials

Step Four: Verify and Categorize

For each factual claim, check against your core claims and narrative ledger (if you have one). Categorize:

  • Accurate (3 points): The claim matches your authoritative sources.
  • Omission (2 points): The model misses important context but does not invent.
  • Distortion (1 point): The model misrepresents accurate information.
  • Hallucination (0 points): The model invents a claim with no basis.

Step Five: Calculate Your Hallucination Index

Sum your scores and divide by the maximum (3 points × number of claims × number of queries). Multiply by 100.

A hallucination index above 80% is good. Above 90% is excellent. Below 60% indicates that LLMs are systematically misrepresenting you.

Most organizations score between 50% and 70% on their first audit. The most vulnerable score below 40%.

Step Six: Document Hallucination Patterns

What kinds of hallucinations occur most frequently?

  • Feature hallucination (inventing capabilities you do not have)
  • Timeline hallucination (misrepresenting when things happened)
  • Relationship hallucination (inventing partnerships or customer relationships)
  • Status hallucination (misrepresenting regulatory or compliance standing)

Each pattern suggests different remediation strategies.


Phase Three: Assessing Semantic Misalignment

Semantic misalignment occurs when AI systems categorize your company differently than how you position yourself. The misalignment audit measures the gap between your intended meaning and machine interpretation.

Step One: Extract Your Intended Categories

Document how you want your company to be categorized. This includes:

  • Industry category (e.g., “DeepTech infrastructure” not “technology”)
  • Capability domains (e.g., “semantic architecture” not “content strategy”)
  • Customer segments (e.g., “enterprise cybersecurity” not “B2B software”)
  • Competitive positioning (e.g., “only provider with X capability”)

Be specific. “We are a marketing agency” is too broad. “We are a marketing security agency serving DeepTech founders” is specific.

Step Two: Run Entity Extraction

Use semantic extraction tools on your owned content. Google’s Natural Language API, AWS Comprehend, or open-source alternatives like spaCy can extract entities, categories, and relationships from your website and key content.

Run the same extraction on third-party representations of your brand (news articles, analyst reports, social mentions).

Step Three: Compare Extracted Categories Against Intended Categories

For each extracted entity, evaluate whether it aligns with your intended positioning.

  • Aligned (3 points): The extracted category matches or supports your intended positioning.
  • Partial (2 points): The extraction is in the right neighborhood but misses specificity.
  • Misaligned (1 point): The extraction contradicts or confuses your positioning.
  • Missing (0 points): Your intended category does not appear where it should.

Step Four: Calculate Your Misalignment Score

Sum your scores and divide by the maximum (3 points × number of intended categories across sources). Multiply by 100.

A misalignment score above 70% is acceptable. Above 80% is strong. Below 60% indicates serious discoverability problems.

Most organizations score between 40% and 60% on their first audit.

Step Five: Map Category Gaps

Where does misalignment concentrate?

  • Do AI systems categorize you as a generalist when you are a specialist?
  • Do they prioritize the wrong capability domains?
  • Are your unique differentiators invisible to extraction?

These gaps tell you where semantic architecture needs reinforcement.


Remediation Prioritization

Once you have your three scores, prioritize remediation based on vulnerability and impact.

High priority (address within 30 days):

  • Drift score below 50%
  • Hallucination index below 60%
  • Misalignment score below 40%

Medium priority (address within 90 days):

  • Drift score 50-70%
  • Hallucination index 60-75%
  • Misalignment score 40-60%

Low priority (monitor, address within 180 days):

  • Drift score above 70%
  • Hallucination index above 75%
  • Misalignment score above 60%

Running the Audit Quarterly

One audit is not enough. I recommend quarterly audits with monthly drift monitoring for high-risk organizations.

Quarterly full audit: Run all three phases. Track scores over time. Watch for deterioration.

Monthly drift check: Re-run Phase One on your five most important core claims. If drift increases by more than 10% month-over-month, investigate immediately.

Continuous hallucination monitoring: Set up alerts for new hallucinations. When models update, they may change how they represent you.


What Your Scores Mean for Your Business

Let me translate scores into business impact.

Drift score below 50%: Your brand meaning is fragmenting. Investors, customers, and partners receive inconsistent information. Decision cycles lengthen because claims cannot be verified. Competitors can out-position you without you noticing.

Hallucination index below 60%: LLMs are systematically misrepresenting your capabilities. You are losing opportunities you never know existed. Due diligence reveals surprises. Trust erodes invisibly.

Misalignment score below 40%: AI discovery systems cannot find you for relevant queries. You are invisible to the agents that gatekeep commercial attention. Your competitors appear where you should.

Scores above 80% across all three: Your narrative is defensible. You have established authoritative precedence. AI systems prioritize your canonical sources. Your advantage compounds over time.


A Final Note on Resources

Running a full audit takes time. For a mid-sized organization, expect 20-40 hours of work. For enterprises, 60-100 hours.

You can do this internally if you have semantic analysis capabilities. Or you can engage specialists (I train Marketing Security Officers who run these audits as a core service).

Whatever you choose, do not skip the audit because it requires effort. The cost of not knowing is higher than the cost of measuring.

I have never run this audit for an organization that did not discover something surprising. Usually multiple surprises. Usually surprises that had already cost them opportunities.

Measure your drift. Detect your hallucinations. Map your misalignment.

Then you can start securing what matters.

You cannot copy content of this page