A model can be wrong; a motion command outside the safe envelope is a physical event. Containment.AI's action-authorization model sits between the planner and the actuator and evaluates each command pre-execution — returning a deterministic ALLOW, DENY, MODIFY, or DEFER, with clamp-to-safe-bounds on MODIFY. There is no model in the decision path, and the default is fail-closed. (Pre-ATO; no production deployments yet.)
Evaluating a policy or perception model tells you how it behaves on a test set. It doesn't intercept the specific command the system is about to issue right now. Action authorization is a separate, deterministic layer — the one that decides whether this command, in this state, is allowed to reach the hardware.
Necessary. Not sufficient. A passing eval doesn't gate the next command.
The gate is deterministic — the same state and command always yield the same verdict.
The same action-authorization model that governs autonomous software agents applies to physical commands. Each candidate command is resolved to exactly one outcome before it executes. (A fifth outcome, STEP_UP for human re-authorization, is on the roadmap.)
The command is within policy and the safe envelope. It passes through to the actuator unchanged.
The command violates policy or the safe operating bounds. It is blocked (fail-closed) and never reaches the hardware.
The intent is permitted but a parameter is out of range. The command is clamped to safe bounds before it executes.
The decision needs context the gate doesn't have. The command is held pending a human or a higher-authority check.
When a planner emits a velocity command that would carry a platform past its rated speed limit in a shared space, a model evaluation report doesn't stop it.
The gate is built to MODIFY it — clamping to the safe bound — or DENY it outright.
The command is resolved deterministically against the policy and the platform's safe envelope before it reaches the actuator, and the decision is written to a tamper-evident, replayable log. The model proposes the action; the deterministic gate decides whether — and in what form — it executes.
Two adoptable tiers today, plus a flagship gateway for cross-domain and air-gap-capable environments — all one governance discipline.
The deterministic action-authorization core: ALLOW / DENY / MODIFY / DEFER on each command, pre-execution, against your policy — no probabilistic fallbacks, no LLM-judging-LLM.
Chrome extension that inspects employee prompts to ChatGPT, Claude, Gemini, and other web AI services in real time — keeping sensitive design and operational data from leaving the endpoint.
An AI cross-domain solution designed against NSA cross-domain standards (not NSA-certified). One-way data diodes, protocol breaks, and a parsing path designed for formal verification (in progress, not yet attested) — an edge-ready, air-gap-capable architecture for autonomy at the mission-critical edge.
Containment.AI is pre-ATO and has no production deployments yet. We do not claim FedRAMP authorization, FIPS validation, or a safety certification, and we do not claim a specific decision latency — those are roadmap items, not held today. We describe the action-authorization model and its deterministic, fail-closed design; we do not assert that any deployment is presently certified for safety-critical use.
Our underlying cross-domain technology is designed against NSA cross-domain standards, and we are building the parsing path toward formal verification (verification in progress, not yet attested). Our compliance roadmap — SOC 2 Type II, ISO 27001, FedRAMP — is detailed on our compliance page. Containment.AI is also aligned with AARM v1.0 — the Cloud Security Alliance runtime-governance specification for autonomous AI agents (attestation forthcoming).
A 30-minute briefing. We'll walk through how the action-authorization model resolves a command to ALLOW / DENY / MODIFY / DEFER pre-execution, how clamp-to-safe-bounds works, and where the gateway fits for cross-domain and air-gap-capable autonomy.
We are onboarding a small number of robotics and autonomy design partners. See the design-partner tier for details.
Or email enterprise@containment.ai directly.