AICP · AI Control Plane

The control surface that decides what the AI is allowed to do.

It sits in front of every AI action. Before the action can fire, AICP checks it against the rules it must never break, the invariants. If one would break, the action does not fire. Either way, it writes a signed Decision Receipt.

Talk to us about AICP See how it works→

Closes F4 · Prevent · the failure where governance watches outputs instead of stopping the action

Admission DecisionPre-action

Banking · Servicing

actiontransfer_funds($4,200)

calleragent.ops.fin.v3

invariantdaily_external < 5,000

verdictADMITTED

gate latency2.1 ms

Admittedsigned · key we don't hold

The failure it closes

Your AI took an action it never should have. You found out from the log, after.

That is F4, governance that watches outputs instead of stopping the action. AICP closes it. It sits in front of every call, evaluates the rules that call must satisfy, and refuses the ones that would break, before the action fires, not after. It is not a guardrail you bolt on top. It is the seat the call passes through, and nothing else is exposed to the caller.

Intercepts every action

The model is reachable only through AICP. There is no second path, so nothing fires without passing the gate first.

Evaluates invariants at runtime

The rules that matter to your business, your contracts, and your regulator, expressed as math and checked on every call.

Fails closed on violation

When an invariant would break, the action is refused with attribution. No silent fallback, no quiet override.

Mediates agent permissions

Every agent declares what it intends to touch. AICP decides per call, per rule, per user. Allow once, deny, or set policy.

Emits a signed Decision Receipt

Every call writes a receipt: inputs, invariants checked, verdict, signature. Replayable on a clean machine. See one.

Hosts the other operators

SAGE and MAE embed inside AICP, sharing identity, policy, and receipts. One control plane governs the whole stack.

Where it runs

One runtime. Four surfaces. Same governance everywhere.

AICP ships through several surfaces depending on who is using it and where. The math, the policy, and the receipts are identical across all four.

Embedded

Inside your own application

Linked as a library into the software you already ship. The control plane lives where your code lives.

Studio

Desktop app for individuals

Mac, Windows, Linux. Practitioners running their own governed flows, unmanaged, full personal agency.

Enterprise Client

The same app, managed

Same Studio binary with Operation Center active. Policies pushed from the org, telemetry returns.

Mobile

The personal AI firewall

Native iOS and Android. The surface where a person decides what AI agents may touch their real apps.

Authoring and staging governed rules in AICP

Author a rule in plain language. AICP turns it into a proven constraint and gates every action against it.

Put the gate in front of your hardest action.

An action is an action. The gate does not care what is on the other end of it.