Federal-Need Application · Pre-Deployment Assurance

AUTHREX-ASSURE

Pre-deployment authority governance for autonomous systems.

The single most consequential moment in an autonomous system's life is the day it leaves the lab and goes live. AUTHREX-ASSURE governs that moment: it gates a system's transition from test into production behind an explicit, signed assurance decision, recorded to a tamper-evident ledger, so nothing reaches a live environment without a documented authority-to-operate.

7
Pipeline Stages
4
Authority Tiers
T→P
Test-to-Prod Gate
2027
NDAA §1533 Due
The Concept

What AUTHREX-ASSURE actually does.

Today, an autonomous AI system is typically tested, then deployed. The decision to flip it from "in testing" to "in production" is often a human sign-off in an email or a checkbox in a pipeline. There is no standardized, machine-checkable, signed gate that proves the system was actually evaluated against a defined set of safety and authority conditions before it went live.

AUTHREX-ASSURE inserts that gate. Before a system is cleared for production, it must pass through the seven-stage AUTHREX pipeline run in assurance mode: each stage checks one property the system must satisfy to be trusted with real authority. Provenance of its inputs is attested (SATA). Its robustness to adversarial manipulation is screened (ADARA). The identity of every tool and interface it touches is verified (IFF). Its authority envelope is bounded so it can never exceed its tier (HMAA). Its multi-component decisions are checked for integrity (MAIVA). A mandatory deliberation window is enforced for high-consequence actions (FLAME). A rollback path is pre-armed before anything irreversible can happen (CARA).

If every gate passes, AUTHREX-ASSURE issues a signed assurance certificate (an authority-to-operate) committed to the ERAM ledger. If any gate fails, the system is held in test, the failing condition is logged, and there is no path to production until it is fixed. The point is simple: no autonomous system reaches a live environment on trust alone, only on evidence.

The Benefit, and Who It Serves

Who needs this, and why.

Program Managers

A program office fielding an autonomous capability gets a single, auditable artifact, the signed certificate, that proves the system met its assurance conditions before deployment. No more "we think it was tested." The evidence is cryptographic and permanent.

System Operators

Operators inherit a system that physically cannot exceed its authorized tier in production, because the bound was verified and signed before it shipped. The gate that protected the test environment travels with the system into the field.

Oversight & Audit

Auditors and inspectors get a tamper-evident trail: which conditions were checked, when, with what result, and who authorized the release. An after-incident review can replay the exact assurance decision rather than reconstructing it.

How It Benefits the U.S. Government

The national-importance case.

The U.S. government is deploying autonomous AI faster than it is writing the rules to govern deployment. AUTHREX-ASSURE addresses a gap the government has named in its own primary-source documents.

It fills an explicitly named gap

The 2026 National Cybersecurity Strategy identifies that AI systems are being put into production without adversarial validation beforehand. AUTHREX-ASSURE is a concrete reference design for exactly that missing validation gate, and no public reference design currently exists.

It is deadline-backed by law

NDAA §1533 directs the Department of Defense to stand up a standardized AI assessment framework, with the framework due June 2027. ASSURE is structured as a candidate pattern for that framework: a repeatable, signed, pre-production assessment.

It is whole-of-government

The pre-deployment gate is domain-agnostic. The same assurance pattern applies to a defense autonomy program, a civil-agency AI system under OMB M-25-21, and a critical-infrastructure controller, so one governance pattern serves many agencies.

It produces accountable evidence

Government accountability depends on records. ASSURE's signed certificate and ledger turn "was this system cleared?" from a matter of memory into a matter of cryptographic record, which is what oversight bodies and inspectors general actually need.

The DARPA Questions · Heilmeier Catechism

Answered, plainly.

George Heilmeier's catechism is the standard DARPA uses to interrogate a research proposal. Here it is, answered for AUTHREX-ASSURE.

1 · What are you trying to do?
Build a standardized, machine-checkable gate that decides whether an autonomous AI system is cleared to move from test into production, and that records the decision as a signed, auditable certificate. No jargon: a "cleared for duty" stamp that can't be faked or skipped.
2 · How is it done today, and what are the limits?
Today it is a human sign-off, an email approval, or a checklist. The limit is that there is no enforced, uniform, tamper-evident proof that defined safety and authority conditions were actually met before deployment. The gate is informal and unverifiable after the fact.
3 · What is new in your approach?
Running the same seven-stage authority pipeline in assurance mode as a pre-production gate, and emitting a cryptographically signed authority-to-operate committed to a tamper-evident ledger. The novelty is treating "clearance to deploy" as a formal pipeline output, not a human checkbox.
4 · Who cares? If you succeed, what difference does it make?
Program offices, operators, and oversight bodies care. If it works, "was this system properly assured?" becomes a verifiable record instead of a hope, and unsafe systems are held in test instead of reaching the field.
5 · What are the risks?
The main risks are that the assurance conditions are incomplete (a gate that checks the wrong things), and that the single-author mapping has not yet been independently validated. Both are stated openly; the simulation below shows the gate logic so it can be inspected and challenged.
6 · How much will it cost?
The governance logic is software and adds negligible marginal cost; the signing root is a commodity secure element (the BLADE-AGENT-HSM reference is approximately $199 in parts). The cost is integration effort, not hardware.
7 · How long will it take?
The reference architecture and simulation exist now (TRL 3-4). Converting it from a single-author design into an independently validated framework, the real work, aligns with the NDAA §1533 June 2027 horizon.
8 · What are the midterm and final exams?
Midterm: an independent reviewer applies the assurance gate to a system and reports agreement or disagreement with the verdict. Final: the gate runs against a real system in a documented testbed and correctly holds an unsafe configuration while clearing a safe one.
9 · What is explicitly out of scope?
ASSURE does not build the autonomous system, does not certify it for any legal or regulatory purpose, and makes no claim of agency adoption. It governs the decision to deploy, nothing more. It is independent research offered for technical evaluation.
Try It · Interactive Simulation

Run the assurance gate yourself.

Pick a candidate autonomous system, then run it through the seven-stage assurance check. Watch each gate evaluate in turn. If all gates pass, the system earns a signed certificate and is cleared for production. If any gate fails, it is held in test. This is an illustrative simulation of the gate logic, not operational validation.

◇ THE ASSURANCE GATE · SIMULATOR
Pick a candidate · run the check · see the verdict
Candidate System
1
SATA
Input provenance attested
2
ADARA
Adversarial robustness screened
3
IFF
Tool & interface identity verified
4
HMAA
Authority envelope bounded to tier
5
MAIVA
Decision integrity confirmed
6
FLAME
Deliberation window enforced
7
CARA
Rollback path pre-armed
Illustrative simulation of the assurance-gate logic. Synthetic scenarios; no real system is evaluated. Every decision in a real deployment would be committed to the signed ledger before any production release.
Formal-Methods Foundation

The authority logic is model-checked, not just described.

Every AUTHREX application shares one verified core. The HMAA authority state machine is specified in TLA+ and exhaustively model-checked: 48,751 reachable states verified, with 8 of 9 safety properties holding (no skip-ahead, monotonic downgrade, no zombie tier, among them). The ninth, the MAIVA CriticalSafe invariant, is flagged as a known violation in the issue register rather than hidden, which is the honest state of the work. The model checker also caught a real S5 view-change regression during development, evidence the method finds defects rather than rubber-stamping them.

48,751
Reachable States
8 / 9
Safety Properties Hold
1
Known Violation, Logged
TLA+
Formal Spec
TLA+ spec & Rover testbed → Full verification detail on AUTHREX-AGENT →
Anchors & Honest Limitations

What this rests on, and what it is not.

Federal anchors: the 2026 National Cybersecurity Strategy (names the pre-deployment validation gap); NDAA §1533 (DoD AI assessment framework, due June 2027); cross-walks to NIST AI RMF 1.0 and the draft NIST IR 8596 Cyber AI Profile.

Hardware Anchor: BLADE-AGENT-HSM → See the homepage section →
  • This is a reference architecture at TRL 3-4. It is specified and simulated, not fielded or operationally validated.
  • The mapping of assurance conditions to gates is one researcher's analytical judgment, released openly so an independent reviewer can apply the same rule and report disagreement.
  • The signed certificate is an illustrative artifact. It is not a legal, regulatory, or agency certification, and no agency adoption or endorsement is implied.
  • All scenarios in the simulator are synthetic. No real autonomous system is evaluated.