AUTHREX is one governance framework, a single verified authority pipeline. It ships as one product, AUTHREX-AGENT, and is applied to five documented U.S. federal needs as five worked-example applications, so this page presents the product plus five applications, six sections in all. They are not six products; they are one idea shown six ways, each anchored to a real DOI-registered platform and a simulation you can run. Lead with two: ASSURE and ICS-GATE carry the strongest, deadline-backed national-importance cases. The other three applications show the framework's reach.
These two have the clearest, most defensible national-importance arguments: a federal gap named in primary-source guidance, a statutory deadline, and a clean distinction from everything else on the market.
Gates a system's transition from test to production behind a signed assurance decision. Fills the validation gap the 2026 National Cybersecurity Strategy names; NDAA §1533 framework due June 2027.
Open ASSURE & run the gate →Authorizes the deterministic safety logic for AI in OT; never makes the safety decision itself. Anchored to the CISA/NSA AI-in-OT principles (3 Dec 2025). Public-safety framing.
Open ICS-GATE & run the gate →The same pipeline applied to three further domains. Each is real and runnable; together they demonstrate that one governance pattern generalizes across very different problems.
Governs whether an autonomous cyber-reasoning system may patch a live controller. Anchored to DARPA AIxCC and Five Eyes agentic-AI guidance. Governance only, no offensive function.
Open →Signal delay removes the human from the loop, so authority is governed onboard. Anchored to NASA SBIR EXPAND.3.S26B and SPD-5.
Open →Governs the test environment itself so evaluation is bounded, audited, and reversible. Matches NDAA §1534's AI sandbox task force. Feeds ASSURE downstream.
Open →The product and the five applications below, each with the diagram that frames how its authority decision works. Open any page to run its live simulation.
The same seven-stage pipeline that governs autonomous aircraft and self-driving vehicles, instantiated as a software shim around LLM-based agents. AUTHREX-AGENT wraps any agentic AI runtime with the SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA pipeline. No FPGA, no SBC, no model retraining required.
Reference architecture aligned with CISA + NSA + Five Eyes joint guidance Careful Adoption of Agentic AI Services (1 May 2026). This is the product; the five applications below are this same pipeline pointed at documented federal needs.
The same seven-stage pipeline that governs autonomous aircraft and agentic AI, applied to the single most consequential moment in an autonomous system's life: the transition from test into production. AUTHREX-ASSURE gates that transition behind an explicit, signed assurance decision, recorded to the ERAM ledger, so no autonomous system reaches a live environment without a documented authority-to-operate.
Reference architecture aligned with the 2026 National Cybersecurity Strategy, which explicitly names the pre-deployment validation gap, and NDAA §1533, which directs a standardized DoD AI assessment framework due June 2027.
The same pipeline that governs agentic AI, instantiated at the IT/OT boundary. When an AI system proposes an action on a live power-grid or water-treatment controller, AUTHREX-ICS-GATE decides whether that action is authorized at the current tier, with what evidence, and with a pre-armed rollback, before it reaches the controller. The cleanest distinction in the package: it authorizes the deterministic safety logic, it never makes the safety decision itself.
Reference architecture aligned with the CISA / NSA "Principles for Secure Integration of AI in Operational Technology" (3 Dec 2025). Cross-walks to NIST SP 800-82, ISA/IEC 62443, and NERC CIP.
After DARPA's AI Cyber Challenge (DEF CON 33, 2025), autonomous cyber-reasoning systems can patch critical-infrastructure software at machine speed. AUTHREX-AGENT-CYBER governs the missing question: may an autonomous system patch a live water-treatment or power-grid controller, at what authority tier, and with what rollback? The cyber-reasoning system is treated as a black box; AUTHREX governs the action only, with no offensive function.
Reference architecture aligned with the Five Eyes "Careful Adoption of Agentic AI Services" (1 May 2026), DARPA AIxCC, and NDAA §1513. Folds in AUTHREX-ZTAGENT and AUTHREX-MCPGOV as cited variants.
The same pipeline, instantiated onboard a spacecraft where ground control is light-seconds away. Signal delay removes the human from the loop, so authority must be governed onboard. AUTHREX-SPACECYBER decides what the vehicle may do for itself, at what tier, and when it must wait for a ground uplink before acting. A stale-data anomaly does not trigger an autonomous burn; it triggers a governed hold.
Reference architecture aligned with NASA SBIR 2026 BAA subtopic EXPAND.3.S26B (autonomous onboard health management for small spacecraft) and Space Policy Directive 5.
The same pipeline, applied not to production but to the sandbox itself. AUTHREX-SANDBOX governs what an AI under evaluation is permitted to do inside the test environment, so evaluation is bounded, audited, and reversible. Every action is capped at test-tier, no irreversible step runs without review, and the environment resets between runs.
It is the controlled setting an AI must pass through before any AUTHREX-ASSURE decision can clear it for production. Reference architecture aligned with NDAA §1534 (DoD AI sandbox-environments task force, due 1 Apr 2026) and NDAA §1533.
The product and all five applications above run the same seven-stage AUTHREX authority pipeline. The core is model-checked in TLA+: 48,751 reachable states verified, 8 of 9 safety properties holding, with the one known violation logged in the issue register rather than hidden. That single verified core is why these are one idea shown six ways, not six separate bets.
SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA · ERAM signed ledgerFor honesty about scope: two of the names in the AUTHREX vocabulary are cited variants folded into AGENT-CYBER, and two are features, not standalone applications. They are listed here so the count is never inflated.
These five applications are reference architectures at TRL 2-4, specified, simulated, and anchored to DOI-registered hardware designs. They are not deployed, not operationally validated, and not adopted or endorsed by any agency. The mapping of each federal need to the AUTHREX pipeline is one researcher's analytical work, released openly so an independent reviewer can apply the same reasoning and report disagreement. Citations to federal guidance, law, and solicitations refer to publicly available primary sources. This is independent research offered for technical evaluation.