The execution layer for AI.
11/11 AI is sovereign runtime infrastructure that governs whether an AI, agent, or autonomous system is allowed to act, before the action reaches the real world. Pre-execution authorization. Fail-closed enforcement. Cryptographic proof on every action.
Live, fail-closed, and post-quantum signed. Not a sandbox demo: send one unauthenticated request and verify a real signed governance decision yourself, no login required.
Not a demo. A public endpoint.
Everyone else ships a demo. We ship proof you can run.
One unauthenticated request returns a real, signed governance decision with its full evidence chain. The signatures verify, including the post-quantum ones. No wrapper, no login, no mockup.
$ curl https://control.11aiblockchain.com/v1/public/evidence { "decision": "APPROVED", "signatures": { "ed25519": "VALID", "ml_dsa": "VALID", "sphincs_plus": "VALID" }, "pq_verification": "VERIFIED", "verification_status": "VERIFIED" }
We are the permission layer between AI and the real world.
An AI decides to do something: move money, change a record, run a command, take an action. Before that action can happen, it asks 11/11: "Am I allowed?" If the answer is no, the action is stopped. If yes, it proceeds and we keep permanent, tamper-proof proof of the decision.
Most AI systems act first and get checked later. By then the damage is done. 11/11 checks first, every time, typically in under a tenth of a second. That is the whole idea.
The missing layer in AI infrastructure
Today's AI executes first and is inspected later.
By the time misuse, drift, or unauthorized action is detected, the action has already occurred. Logs are not authorization. Observation is not enforcement. Post-hoc review is not control.
11/11 reverses the order. We sit between the AI decision and real-world execution, and decide whether it is allowed to happen at all.
AI executes on probability
No control, actions occur before approval. Systems observe but do not stop behavior. Logs are not reliable evidence.
AI executes on authorization
Identity and policy are checked first. Fail-closed runtime control stops unauthorized behavior. Permanent cryptographic evidence is chained after.
How it works
Evaluated before. Enforced during. Proven after.
Every action is evaluated before it executes, enforced while it runs, and permanently recorded after it completes. There is no path around the control plane.
Submitted
Identity, action, environment, and tenant are bound to the request.
Policy
Evaluated against the tenant's active policy set.
Allow / Deny
An Ed25519 authorization artifact is issued, or denied.
Runtime
Fail-closed enforcement boundary. No artifact, no execution.
Audit
SHA3-512 + BLAKE2b-512 evidence chained, hashed, and published.
# Example decision, authenticated gateway / signed / typically <100ms { "decision": "ALLOW", "tenant_id": "t_8f21…", "action": "payment.settle", "artifact": "ed25519:9b3a…c41", "audit": { "sha3_512": "f4c1…7e2", "blake2b": "a90d…11b" }, "latency_ms": 41 } # Same endpoint, policy violation { "decision": "DENY", "reason": "policy.boundary.exceeded", "enforced": true }
Real decisions, not mockups
The cryptography is named, not implied.
11/11 publishes the exact primitives used at every layer of the control plane. Reviewers do not have to guess. Every governance decision returns a signed, hashed response typically in under 100ms, verifiable against the live machine-readable proof endpoint.
- ✓ Both ALLOW and DENY paths are cryptographically signed and persisted to the audit chain.
- ✓ Multi-tenant isolation enforced per request, no cross-tenant leakage, no replay.
- ✓ Every public claim is reproducible against the live control plane.
Verify it yourself
No API key required.
The execute endpoint above is authenticated, but the verification surface is fully public. Fetch the signing key and a signed evidence record, then verify the signature yourself, reproducible by anyone against the public proof ledger.
- ✓ Public Ed25519 verification key via JWKS
- ✓ Signed evidence record from the live ledger
- ✓ Verify the signature, no credentials needed
Open-source verifier: clone and run in 30 seconds
# 1) public Ed25519 verification key GET control.11aiblockchain.com/.well-known/jwks.json # 2) signed evidence record GET control.11aiblockchain.com/v1/public/evidence # 3) verify the signature against the JWKS key # reproducible by anyone, no API key needed
Built as a control plane
Four layers. One enforcement boundary.
Who is acting
Every actor is cryptographically bound to the request before anything proceeds.
What is allowed
Tenant policy is evaluated before execution begins, deterministically.
Fail-closed enforcement
The action does not proceed without authorization. Default is deny.
Verifiable evidence
Ed25519 signed, SHA3-512 plus BLAKE2b-512 chained, public proof endpoint.
Where execution governance matters
Infrastructure for systems that cannot afford to execute first.
AI Agents & Autonomous Systems
Gate every tool call, model action, and orchestration event before it occurs. Deterministic authorization keeps autonomous systems inside approved policy, trust, and runtime boundaries.
Explore Governed AI →Defense & Sovereign AI
Fail-closed authorization for regulated, sovereign, and mission-critical compute. Cryptographic execution controls for mission-critical AI and strategic national infrastructure.
Financial Infrastructure
Gate high-value transactions and settlement actions before they execute, with per-tenant isolation and signed proof of every decision. Direct payment-rail and stablecoin integrations are on the roadmap.
Critical Infrastructure
Cryptographic authorization and deterministic governance for industrial control systems, automation, and grid-adjacent compute environments.
Healthcare & Clinical AI
Enforce HIPAA-aligned decision boundaries before patient-impacting actions occur, with audit lineage and fail-closed operational controls.
Government & Regulatory
Cryptographic execution controls for public-sector AI and regulatory automation requiring sovereign accountability and policy-bound execution.
Sector FAQ
Answers for the systems that cannot fail.
How execution governance applies where the stakes are highest: defense, finance, and healthcare.
Defense & Sovereign AI
How does 11/11 support sovereign or mission-critical compute?
Can every decision be proven later for audit?
Does it govern autonomous defense systems?
Financial Infrastructure
Can it authorize transactions before they settle?
How fast is a governance decision?
How is one client isolated from another?
Healthcare & Clinical AI
Is 11/11 suitable for clinical AI?
Does it support compliance requirements?
What happens if authorization is missing?
Intellectual property & chain of title
A new category, defensibly owned.
11/11's architecture is protected by a portfolio of USPTO filings recorded under Customer No. 229939. Core governance and medical control-plane filings are assigned to the 11 AI Blockchain Developments Land and IP Trust.
AI Cryptographic Governance
Non-provisional governance and execution authority architecture.
Execution Authority Continuation
Expanded enforcement boundary and runtime authorization claims.
MedPlane AI
Governed medical and clinical execution infrastructure.
Execution Governance™ / Governed Execution™ / EA-11™ / Execution Arithmetic™ / Execution Evidence State™ / U.S. Patent Pending. Core governance, authorization, lineage, and fail-closed execution systems.
Mission
"Execution is impossible without authorization. This is enforced, not observed."
11/11 is not building another AI application. We are building the infrastructure layer designed to govern AI execution itself, the way identity, networking, and encryption became foundational layers of the modern internet.
Why "AI security" doesn't govern anything
Security watches. Governance decides.
Every observability, monitoring, and "AI security" tool shares one assumption: the action already happened, now let's inspect it. By then it's real. 11/11 makes the decision before the action reaches the world, and refuses it if it isn't authorized.
detect after execution
- ✗ Acts first, inspects later. Damage is already done
- ✗ Logs and alerts: a record, not a decision
- ✗ Probabilistic anomaly scoring, not deterministic allow/deny
- ✗ Can observe a bad action; cannot stop it
- ✗ "Fails open": when it breaks, execution continues
- ✗ Evidence assembled after the fact, mutable, disputable
authorize before execution
- ✓ Evaluated before the action reaches the real world
- ✓ A signed allow/deny artifact: an enforced decision
- ✓ Deterministic policy evaluation, typically <100ms
- ✓ No artifact, no execution: the boundary holds
- ✓ Fail-closed: when in doubt, default is deny
- ✓ Ed25519-signed, hash-chained proof on every decision
Logs are not authorization. Observation is not enforcement. Post-hoc review is not control. If a system can only tell you what an AI did, it never governed it.
The hard questions, answered first
What happens when something goes wrong?
Reviewers in defense, finance, and healthcare don't ask whether the happy path works. They probe the failure modes. Here are the ones we get asked most, and what the architecture actually does.
The action does not proceed. Fail-closed means absence of authorization is a denial, not a default-allow. Downtime degrades to "nothing executes," never to "everything executes."
There is no path around the control plane to execution. Without a valid signed artifact bound to the request, the runtime boundary refuses to act. No artifact, no execution.
Each decision is Ed25519-signed and chained with SHA3-512 + BLAKE2b-512. Tampering breaks the chain and is independently detectable against the public proof endpoint.
Every artifact binds to a tenant at issuance. Policy, audit chain, and decision hash are tenant-scoped, with no cross-tenant leakage, no replay.
✗ Not a model, an agent, or another AI application
✗ Not a firewall, SIEM, or monitoring dashboard
✗ Not post-hoc logging dressed up as control
✗ Not a guarantee an action is wise, only that it was authorized
✗ Not a guardrail you can prompt your way around
✗ Not "best-effort", the default is deny, by construction
Operating, not slideware
A live system with a public record.
No demo wrapper, no anonymized logos we can't back up. The evidence is the thing itself: a real authenticated gateway plus a public verification endpoint, a patent estate, and an open research corpus anyone can reproduce.
Public health and proof endpoints are live. Every homepage claim is reproducible against the running control plane. verify public proof →
Anchor filings for AI Cryptographic Governance, Execution Authority, and MedPlane AI, assigned to the 11 AI Blockchain Developments Land & IP Trust.
An ongoing briefing series documenting live runtime authorization, denial, and lineage events. read the briefings →
DUNS 144921555 · UEI GHEZH441JN51 · CAGE 1A1G9 · USPTO Cust. 229939 · ORCID 0009-0003-0688-4265
We wrote the standard, not just the patent
Read the doctrine. Reproduce the proofs.
Categories are owned by whoever writes the spec. The Execution Governance doctrine is published openly, eight sequenced principles, a 55+ record research corpus, and the live proof to back them.
Control AI execution before it happens
Verify the system yourself.
Every public claim is reproducible against the live control plane, no demo wrapper, no slide-only diagram. Health and proof endpoints are public; the execute endpoint requires an API key.