The protocol layer that makes autonomous AI reviewable before it acts.
VEX puts a control point between what the agent suggests and what actually runs, then preserves verifiable evidence for governed actions.
Actor, scope, and decision basis.
Proposed action as structured context.
Principal bound to the evidence record.
Outcome preserved as cryptographically verifiable evidence for review.
VEX changes the contract between an agent and a privileged system.
Instead of asking whether a model looked aligned after the fact, VEX places an explicit governance layer between suggested action and real consequence.
Proposal is no longer permission
The agent can propose an action, but proposal alone does not authorize execution. Consequential work has to cross an explicit control point first.
Authorization moves outside the model
Policy, scope, identity, and risk are evaluated by infrastructure the model cannot rewrite, flatter, or reason its way around.
The result becomes a reviewable record
Every allowed, blocked, or escalated action can produce evidence that security and governance teams can inspect later.
What an artifact looks like
Governed execution events in VEX produce cryptographically verifiable evidence. Here is an illustrative example of what the evidence structure can look like.
Four steps between model output and consequence.
VEX is intentionally small at the control point. Its job is to make the execution boundary explicit, enforceable, and inspectable before the system acts.
Proposal
The agent proposes an action, target, and intended effect. Proposal is captured before any privileged execution begins.
Scope check
Runtime context, resource constraints, and execution scope are checked against the declared request.
Independent authorization
Policy controls outside the agent boundary determine whether the action is permitted before any privileged execution begins.
Evidence preservation
Execution outcome and decision basis are preserved as reviewable evidence — including denied, escalated, or blocked paths where relevant.
VEX is the control point, not the entire stack.
ProvnAI contributes across adjacent governance work, but VEX has a narrow and valuable role: it sits where proposed action becomes real execution and makes that boundary externally governable.
The execution boundary layer where proposed action is independently authorized and preserved as verifiable evidence in governed flows.
Policy models and control assumptions that define what actions are permitted and who can authorize them.
External authority and review services that complement governed execution.
Clean lines between what is shipped and what is in pilot.
The protocol story is strongest when it is precise. This roadmap distinguishes what is available today from what we are actively piloting with design partners.
- Controlled execution scope
- Cryptographically verifiable evidence
- Portable verification artifacts
- Local verification tooling
- Enterprise deployment patterns
- Design partner integrations
- Policy and review workflows
Built for environments where AI consequence is material.
VEX is not a general-purpose chatbot feature. It is for teams that need a protocol surface around real execution, policy, and evidentiary review.
Enterprise platform teams
Teams deploying internal agents that can touch repositories, tickets, data stores, cloud APIs, or operational workflows.
Public sector and regulated environments
Organizations that need explicit authorization, review paths, and evidence records before autonomous systems create real-world consequences.
Research, standards, and assurance collaborators
Groups exploring verifiable execution, auditability, and protocol-level controls for increasingly autonomous AI systems.
Secure your
autonomous AI agents
We are accepting a limited number of design partners and pilot deployments for secure agent execution. Tell us what you are building.
Enterprise & Startup Pilots
Deploy controlled execution for your agent stack. We work directly with your security and platform teams.
Public-Sector & Consortium
Standard-setting conversations for secure AI in regulated environments. EU AI Act, DORA, SOC2 alignment.
Architecture Collaboration
Formal verification, ZK proof systems, and protocol-level trust. We support open academic and institutional collaboration.
We read every submission and reply within two business days.
A cryptographic evidence construct that preserves the governance context of governed execution events.
Authorization policies that govern which tools and actions an agent is permitted to execute.
The binding of agentic sessions to authorized goals — ensuring actions remain within the declared scope.
Tamper-evident execution records preserving what crossed the boundary during governed actions.
Cryptographic integrity mechanism for execution logs, making post-hoc modification detectable.
Hardware-enforced runtime isolation that protects agent context from host-level extraction.
The formally defined perimeter that VEX enforces for every agent session.