AI security has been built around a single question: is this output safe? The systems now being deployed answer a different one. Autonomous agents act at machine speed — calling tools, writing to shared memory, taking consequential actions — and defenses that read what a model says cannot see how it was compromised. This paper sets out a methodology for governing autonomous AI at the point of action rather than the point of output. The organizing idea is the Verified Field: instead of trusting individual AI nodes, verify the shared field of state they produce and consume. The field is verified along three perimeters — evidence entering it, computation acting on it, and memory carried across it — each backed by a measured primitive, and every consequential action is sealed into a tamper-evident record a third party can check without trusting the model that produced it. It describes the architecture (the three primitives — Verdict Weight, a runtime Circuit Breaker, and Transitive Taint Propagation; the DSA-PEAS standard that binds them; and the Cerberus reference runtime), the assurance ladder (AL0–AL4) that grades how strong a deployment’s guarantees are, and the operating discipline behind the work: a four-rung maturity ladder (Defined → Demonstrated → Measured → Adopted) and a standing rule to scope every claim to what is demonstrated and to publish the boundary where each guarantee stops. The paper is written in two layers: a plain-language overview for any reader, then technical depth.
Andre Byrd (Thu,) studied this question.