The Substrate-Layer Threat Model (SLTM) defines a non-enumerative, drift-centric framework for agentic AI systems in open-world environments. SLTM replaces enumerated threats with substrate dynamics, behavior classification with affordance mapping, and static telemetry with substrate-anchored evidence. The Substrate-Native Threat Model (SNTM) is the APR-Series instantiation of SLTM, extended for deployments where governance is not merely a surrounding control layer but a continuous, stateful, operator-authored substrate. In these deployments—the architecture class implemented by APR-Series—the threat surface is the governance relationship itself: the topology of norm-authority, the density of expectation coverage, and the coherence between authored intent and runtime behavior. SNTM introduces five threat primitives that are evaluable only in deployments with authored expectations and formation-contextual telemetry: Topology Drift, Norm Vacancy, Expectation Gap, Backfill Collapse, and Authority Inversion. These primitives describe governance failures that SLTM’s general dynamics can produce but cannot name without formation context. SNTM does not enumerate threats, classify behaviors, assign autonomy tiers, or require context-free telemetry. It requires that the governance substrate be authored, queryable, and formation-tagged. This paper describes behavioral conditions and governance failure modes. It does not describe architectural decisions, implementation thresholds, or inter-model relationships within APR-Series.
Narnaiezzsshaa Truong (Fri,) studied this question.