“Let the inspector inside — both of you benefit”

Cleaner wrasse establish fixed "cleaning stations" on coral reefs where client fish — including apex predators — come to be cleaned of parasites. The cleaner enters the client's mouth and gill chambers, the most vulnerable access possible. The relationship is maintained by mutual benefit (clients get parasite removal, cleaners get food) and reputation enforcement (cheating cleaners lose clients, fish that eat cleaners lose service). Cleaning mutualisms evolved independently on reefs across all tropical oceans — convergent evolution confirming the structural optimality of the arrangement.

Independent auditors (Big Four firms, regional audit firms) receive access to a company's most sensitive financial records — the corporate equivalent of entering the predator's mouth. The auditor's role is formalized by regulation, protected by professional standards, and maintained by reputation. The company benefits from a credible assurance signal (clean audit opinion); the auditor benefits from fees and reputation. Arthur Andersen's destruction after Enron demonstrated the enforcement mechanism: the reputational cost of cheating is existential.

Penetration testers receive authorized deep access to a company's systems — the same access a malicious hacker would exploit. The relationship works because both sides benefit: the company discovers vulnerabilities before attackers do; the tester earns fees and reputation. Bug bounty programs extend this to a broader community, creating a recognized role for anyone who finds and responsibly discloses security flaws. The "responsible disclosure" norm is the digital equivalent of a cleaner wrasse's behavioral code.

Endoscopy, colonoscopy, and invasive biopsies grant a physician deep physical access to a patient's internal organs — access that could cause harm if misused. The relationship is structured identically to a cleaning station: the patient benefits from diagnosis impossible without internal access; the physician benefits professionally; and the relationship is protected by licensure, malpractice liability, and professional reputation. Patients tolerate the vulnerability because the alternative (undiagnosed disease) is worse.

Inspector General offices exist in theory as the government's cleaner wrasse — authorized to access agency records, interview employees, and investigate waste, fraud, and abuse. But many lack the access powers that make cleaning stations work: subpoena authority is often limited, real-time data access is rare, and agencies can delay or obstruct investigations. The structural solution is to formalize deep, unannounced access rights — making the IG relationship more like a true cleaning mutualism and less like a scheduled inspection that the "client" can prepare for.

As AI systems make consequential decisions about hiring, lending, medical diagnosis, and criminal justice, the need for independent auditing is acute — but the cleaner-station relationship doesn't exist yet. An effective AI auditor would need access to training data, model architecture, weights, decision logs, and performance metrics across demographic groups. No established role, professional standard, or regulatory framework currently enables this level of access. The AI industry is a reef full of parasites with no recognized cleaners.

Most supply chain auditing relies on scheduled visits that factories can prepare for — the Potemkin village problem. Effective supply chain cleaning requires unannounced deep access: inspectors who can arrive at any time, access all areas of the facility, interview workers privately, and examine records without advance notice. Some brands are moving toward this model, but the structural incentives are still poorly aligned — the factory often pays the auditor, creating a conflict of interest that cleaner wrasse never face (the parasite doesn't pay the cleaner).