Complete enterprise AI agent security framework. 7-category risk matrix (L×I scoring), 5-layer defense model (Prevent → Detect → Contain → Respond → Recover), real-time policy engine with runtime risk accumulator, 3-mode quarantine system (Soft Freeze / Hard Isolate / Forensic Lock), 4-layer kill-switch architecture, CISO go-live gate. Full fleet mapping to PEMOS sovereign infrastructure. DCJ-038 filed.
Full specification for sovereign AI security testing: 10 adversarial batches (B1–B10), 55+ individual tests, L0–L5 maturity grading ladder, automated deployment gates. ARB1 ratified: architecture decisions locked. DCJ-037 filed. loco-harness.html live on portal. loco-galaxy.html visualization deployed.
Interactive test harness visualization. Runtime risk panel, B1–B10 attack class display, L0–L5 maturity indicator, LOCO-JSON forensic output preview. Accessible at /loco-harness. Pending ACR deploy to pemos.ca.
Security test suite visualization with 8 orbital rings mapping the adversarial coverage. γ₁-anchored display. Accessible at /loco-galaxy. Pending ACR deploy to pemos.ca.
ADA must deliver non-interactive ACR authentication before the next portal deploy. This is a P0 blocker. The loco-harness and loco-galaxy pages are LIVE on LAN but cannot reach pemos.ca until ACR auth is resolved. SORRY filed. ADA owns remediation.
SORRY-YONE-OPENCLAW-001 filed Day 81. OpenClaw integration on YONE silo. Status tracked. No P0 blocker — lower priority than ACR auth.
The Claim: A novel enterprise AI security testing architecture comprising sovereign per-silo test execution, γ₁-anchored forensic output, L0–L5 maturity grading with automated deployment gates, runtime risk scoring engine with quarantine/kill-switch, LOCO-JSON canonical forensic output format, and 10-batch adversarial coverage (B1–B10).
Why It's Novel: No current product offers sovereign per-silo testing — all existing products are centralised SaaS. The γ₁-anchored audit trail is unique. The L0–L5 ladder with automated deployment blocking does not exist anywhere. The test failure → quarantine → kill-switch chain as a unified auditable system does not exist in any current AI security product.
Moat: Sovereign-per-silo + γ₁-anchored forensics + automated deployment gating. The combination is the patent claim, not any individual element.
The Claim: A complete enterprise AI agent security framework comprising a 7-category L×I risk matrix, 5-layer defense model, real-time policy engine with runtime risk scoring, 3-mode quarantine system (Soft Freeze / Hard Isolate / Forensic Lock), 4-layer kill-switch architecture, CISO go-live gate, and full PEMOS fleet mapping.
Why It's Novel: The 3-mode quarantine (Soft/Hard/Forensic) is the strongest novel claim. No commercial AI security product has this design. The runtime risk accumulator + automated state machine + γ₁-anchored forensic output as an integrated system is defensible. The 4-layer kill-switch architecture applied to AI agents is novel.
Moat: 3-mode quarantine design + runtime risk accumulator + CARMAC stamp integration via γ₁.
LOCO is the most commercially legible product in the EOSE stack. I've reviewed the full portfolio. Nothing else can be explained to a CISO in 60 seconds without a whiteboard. LOCO can.
The maturity track (L0–L5) is the clean sales handle. Every enterprise has a compliance conversation. Every board has an AI risk slide. LOCO produces the number that goes on that slide — and it's sovereign, so the auditors get the evidence without the data leaving the building.
The 3-mode quarantine (Soft Freeze / Hard Isolate / Forensic Lock) is the strongest novel IP claim across both DCJs. It doesn't exist anywhere. File it before anyone builds it. The window is short — this is conceptually simple once someone hears it.
The γ₁-anchor threads through everything: CARMAC stamps (DCJ-034), LOCO-JSON output (DCJ-037), forensic lock records (DCJ-038). That thread is the moat integration story. Any individual claim is weaker without it. Together: this is the chain-of-custody architecture that no frontier vendor has and none are building.
Priority order for patent filings: DCJ-037 first (broader claims, cleaner prior art chain). DCJ-038 second (3-mode quarantine as the lead claim). DCJ-034 CARMAC stamp third (foundation IP that supports both).
| ASSET | MOAT CLAIM | STRENGTH | ACTION |
|---|---|---|---|
| LOCO sovereign per-silo testing | Not centralised SaaS · data stays in silo | Strong — structural advantage | DCJ-037 filed · patent review |
| γ₁-anchored forensic output | Physical constant as audit anchor · not UUID | Very strong — mathematically unique | DCJ-034 + DCJ-037 anchored |
| L0–L5 + automated deployment gate | No product does this with automated blocking | Strong — functional gap | DCJ-037 · patent candidate |
| 3-mode quarantine | Soft/Hard/Forensic · proportional response | Very strong — novel design | DCJ-038 · trade secret + patent |
| 4-layer kill-switch | In-process → process → container → network | Strong — high-assurance adapted | DCJ-038 filed |
| Runtime risk accumulator | Additive scoring + automated state machine | Moderate — needs combination claim | DCJ-038 · trade secret |
The combination of runtime risk panel + L0–L5 maturity track + B1–B10 attack class coverage = something a CISO can understand in 60 seconds. That's unusual. Most security products require a 45-minute demo to explain what they do. LOCO doesn't.
The sales pitch writes itself: "Your AI agent scored L2. It failed B3 (network exfil) and B7 (kill-switch bypass). Deployment is blocked. Here's the forensic record. Here's the fix. Here's L3."
Why buyers will care: SOC2, HIPAA, FedRAMP, PCI-DSS, ISO 27001, GDPR all have AI risk provisions now. The auditors are starting to ask questions nobody has answers to. LOCO answers them with a sealed γ₁-anchored LOCO-JSON file that any auditor can verify. That's not a slide deck. That's evidence.
Why it's sovereign: The data never leaves the silo. The test infrastructure runs inside the customer's perimeter. The forensic record is owned by the customer. This is the opposite of every SaaS AI security product. Enterprise security buyers will pay a premium for this.
The maturity track as revenue model: L0 → L1 → L2 → L3 → L4 → L5. Each level is a milestone. Each milestone can be a contract deliverable. The ladder is the engagement model.
| CONTROL | FRAMEWORK | REQUIREMENT | HOW LOCO ADDRESSES IT |
|---|---|---|---|
| S1 | SOC2 | Availability + Processing Integrity | L0–L5 maturity gates block deployment of non-compliant agents. Deployment only proceeds when posture gate clears. |
| S2 | SOC2 + GDPR | Processing Integrity + Data Governance | B10 batch tests data governance violations. LOCO-JSON provides sealed audit record of all data handling during test execution. |
| S3 | SOC2 | Confidentiality | Sovereign per-silo execution — test data never leaves the silo. No third-party SaaS has access to the test environment or results. |
| S4 | HIPAA + GDPR | PHI/PII Isolation | Per-silo execution means PHI/PII never crosses silo boundary. Test harness runs inside the silo perimeter. Forensic records are γ₁-anchored and stay with the silo. |
| S5 | FedRAMP | Audit Trail Integrity | γ₁-anchored LOCO-JSON forensic output provides verifiable chain-of-custody. Any auditor can verify any test result without access to the running system. |
| S6 | PCI-DSS | Network Security + Exfil Prevention | B3 batch (network exfiltration) tests specifically cover PCI-DSS network security requirements. Quarantine system automatically blocks exfil-capable agents. |
| S7 | ISO 27001 | Information Security Management | Full L0–L5 posture scoring provides the continuous improvement framework required by ISO 27001 ISMS. ARB1 documents the architecture decision record. |
Issue: ADA (the portal's ACR authentication layer) does not currently support non-interactive authentication. This means the loco-harness.html and loco-galaxy.html pages — both live on LAN — cannot be deployed to pemos.ca until ADA delivers non-interactive ACR auth.
Impact: All Day 81 LOCO deliverables are LAN-only. No external access. The CLO review page (this document) is also pending ACR resolution.
Owner: ADA. No other owner. This is not a shared responsibility — ADA owns ACR auth delivery.
Requirement: ADA must deliver non-interactive ACR authentication that works in the CI/CD pipeline (no interactive prompt, no manual token refresh) before the next portal deploy to pemos.ca.
Deadline: Before next ACR push. This is a P0. No exceptions.
Day 81 produced more defensible IP than Days 70–80 combined. That's not hyperbole — it's the audit result. The LOCO architecture is clean, legible, and moated. The 3-mode quarantine is novel IP. The γ₁-anchor integration across CARMAC, LOCO-JSON, and forensic lock creates a chain-of-custody story that no frontier vendor has.
File it. Hold it. Don't publish the Forensic Lock mechanism until the patent review is done. Everything else can go to pemos.ca as soon as ADA fixes ACR.
— Harvey · γ₁ = 14.134725141734693 · Day 81