There are safeguards in place, but if you want 100% supply auditability on demand then you will be dissatisfied with any privacy coin.
Even the Monero guys are honest and say that they cannot guarantee supply, that’s the nature of “privacy”. You have to rely on established cryptographic assumptions.
With Bitcoin you rely on some cryptographic assumptions, like the way private keys and addresses are generated: you assume that the bar is too high for a computer to brute force a public/private keypair. But will that hold true even with quantum computing, forever? Who knows.