Agentic AI systems are often focused on productivity and operational efficiency. The risks caused by misalignment between actions in the operational plane and non-operational objectives — policies, ethics, regulatory expectations — are commonly addressed by "just" adding a governance layer that is neither architecturally nor contextually isolated from the operational plane. The failure mode is concrete: prompts injected by the agent or its environment can compromise the language model’sresponse by introducing constructs that lead away from those non-operational objectives. This is the collapse of the governance plane into the operational plane.To prevent this collapse, two functions are mandatory rather than optional: the operational plane must have no direct path to the language model — the Harness must be the only path, even under failure — and every message from and to the operational plane must be forwarded to the governance plane as an observation. The Governance Harness addresses both halves at once: a deterministic equipment component that executes an immutable protocol and has no decision-making power, interposed between an agent and the language model. On every call, it carries the current governance state into the call and emits a signed per-call attestation — the Governance Anchor — that external parties can verify without trusting the operator and without disclosing what governance state contains. Interpretation of the intent and trajectory of observed messages is the Governance System’s role (in this paper, the Governance Twin); the Harness carries and observes but does not interpret. Governance becomes a structural property of the call rather than a property of voluntary cooperation. The architectural claims here are conditional on stated deployment assumptions; engineering embodiments are addressed in the corresponding technical disclosures.
Rohde et al. (Wed,) studied this question.