No action executes without authorization

The execution layer for AI.

11/11 AI is sovereign runtime infrastructure that governs whether an AI, agent, or autonomous system is allowed to act, before the action reaches the real world. Pre-execution authorization. Fail-closed enforcement. Cryptographic proof on every action.

Live, fail-closed, and post-quantum signed. Not a sandbox demo: send one unauthenticated request and verify a real signed governance decision yourself, no login required.

Ed25519EA-11 Evidence StateEA-11 Merkle RootFail-ClosedDecision HashArtifact HashExecution HashAudit HashLineage RootEvidence Root 15+ USPTO filingsCustomer No. 229939typically <100msPost-Quantum Signed

Not a demo. A public endpoint.

Everyone else ships a demo. We ship proof you can run.

One unauthenticated request returns a real, signed governance decision with its full evidence chain. The signatures verify, including the post-quantum ones. No wrapper, no login, no mockup.

Ed25519 VALIDML-DSA-65 VALIDSLH-DSA VALIDVERIFIED
public proof / no auth / live
$ curl https://control.11aiblockchain.com/v1/public/evidence
{
  "decision": "APPROVED",
  "signatures": {
    "ed25519":      "VALID",
    "ml_dsa":       "VALID",
    "sphincs_plus": "VALID"
  },
  "pq_verification": "VERIFIED",
  "verification_status": "VERIFIED"
}
In plain terms

We are the permission layer between AI and the real world.

An AI decides to do something: move money, change a record, run a command, take an action. Before that action can happen, it asks 11/11: "Am I allowed?" If the answer is no, the action is stopped. If yes, it proceeds and we keep permanent, tamper-proof proof of the decision.

Most AI systems act first and get checked later. By then the damage is done. 11/11 checks first, every time, typically in under a tenth of a second. That is the whole idea.

The missing layer in AI infrastructure

Today's AI executes first and is inspected later.

By the time misuse, drift, or unauthorized action is detected, the action has already occurred. Logs are not authorization. Observation is not enforcement. Post-hoc review is not control.

11/11 reverses the order. We sit between the AI decision and real-world execution, and decide whether it is allowed to happen at all.

WITHOUT 11/11

AI executes on probability

No control, actions occur before approval. Systems observe but do not stop behavior. Logs are not reliable evidence.

WITH 11/11

AI executes on authorization

Identity and policy are checked first. Fail-closed runtime control stops unauthorized behavior. Permanent cryptographic evidence is chained after.

How it works

Evaluated before. Enforced during. Proven after.

Every action is evaluated before it executes, enforced while it runs, and permanently recorded after it completes. There is no path around the control plane.

01 / REQUEST

Submitted

Identity, action, environment, and tenant are bound to the request.

02 / VERIFY

Policy

Evaluated against the tenant's active policy set.

03 / DECIDE

Allow / Deny

An Ed25519 authorization artifact is issued, or denied.

04 / EXECUTE

Runtime

Fail-closed enforcement boundary. No artifact, no execution.

05 / PROVE

Audit

SHA3-512 + BLAKE2b-512 evidence chained, hashed, and published.

POST control.11aiblockchain.com/v1/execute (authenticated: API key required)
# Example decision, authenticated gateway / signed / typically <100ms
{
  "decision": "ALLOW",
  "tenant_id": "t_8f21…",
  "action": "payment.settle",
  "artifact": "ed25519:9b3a…c41",
  "audit": {
    "sha3_512": "f4c1…7e2",
    "blake2b": "a90d…11b"
  },
  "latency_ms": 41
}

# Same endpoint, policy violation
{
  "decision": "DENY",
  "reason": "policy.boundary.exceeded",
  "enforced": true
}

Real decisions, not mockups

The cryptography is named, not implied.

11/11 publishes the exact primitives used at every layer of the control plane. Reviewers do not have to guess. Every governance decision returns a signed, hashed response typically in under 100ms, verifiable against the live machine-readable proof endpoint.

  • Both ALLOW and DENY paths are cryptographically signed and persisted to the audit chain.
  • Multi-tenant isolation enforced per request, no cross-tenant leakage, no replay.
  • Every public claim is reproducible against the live control plane.

Verify it yourself

No API key required.

The execute endpoint above is authenticated, but the verification surface is fully public. Fetch the signing key and a signed evidence record, then verify the signature yourself, reproducible by anyone against the public proof ledger.

  • Public Ed25519 verification key via JWKS
  • Signed evidence record from the live ledger
  • Verify the signature, no credentials needed

Open-source verifier: clone and run in 30 seconds

verify-live-proof status
public verification / no auth
# 1) public Ed25519 verification key
GET control.11aiblockchain.com/.well-known/jwks.json

# 2) signed evidence record
GET control.11aiblockchain.com/v1/public/evidence

# 3) verify the signature against the JWKS key
# reproducible by anyone, no API key needed

Built as a control plane

Four layers. One enforcement boundary.

Where execution governance matters

Infrastructure for systems that cannot afford to execute first.

Sector FAQ

Answers for the systems that cannot fail.

How execution governance applies where the stakes are highest: defense, finance, and healthcare.

Defense & Sovereign AI

How does 11/11 support sovereign or mission-critical compute?
It provides fail-closed authorization enforcement for regulated, sovereign, and mission-critical environments. Every action is gated by cryptographic execution controls before it runs, with tenant-scoped isolation suitable for mission-critical and national systems.
Can every decision be proven later for audit?
Yes. Every decision, allow or deny, is Ed25519 signed and chained with SHA3-512 and BLAKE2b-512, producing permanent, independently verifiable evidence.
Does it govern autonomous defense systems?
It gates tool calls, model actions, and orchestration events so autonomous systems execute only within approved policy and runtime boundaries.

Financial Infrastructure

Can it authorize transactions before they settle?
Yes. Each transaction or settlement action is authorized before it executes, with per-tenant isolation and a signed, verifiable record of the decision. Direct payment-rail and stablecoin integrations are on the roadmap.
How fast is a governance decision?
Every decision returns signed and hashed typically in under 100 milliseconds from the production gateway.
How is one client isolated from another?
Every request binds to a tenant. Policy, authorization artifact, audit chain, and decision hash are all tenant-scoped, with no cross-tenant leakage and no replay.

Healthcare & Clinical AI

Is 11/11 suitable for clinical AI?
It enforces decision boundaries before patient-impacting actions occur, with deterministic authorization, audit lineage, and fail-closed controls. MedPlane AI is the governed medical control-plane filing.
Does it support compliance requirements?
Governed execution introduces HIPAA-aligned decision boundaries and immutable audit lineage, so regulated medical workflows can demonstrate authorization on every action.
What happens if authorization is missing?
The action does not proceed. Fail-closed semantics mean the default is deny.

Intellectual property & chain of title

A new category, defensibly owned.

11/11's architecture is protected by a portfolio of USPTO filings recorded under Customer No. 229939. Core governance and medical control-plane filings are assigned to the 11 AI Blockchain Developments Land and IP Trust.

15+
U.S. patent filings
100%
Fail-closed by default
<100ms
Typical signed decision latency
Immutable audit lineage
ANCHOR FILING

AI Cryptographic Governance

Non-provisional governance and execution authority architecture.

ANCHOR FILING

Execution Authority Continuation

Expanded enforcement boundary and runtime authorization claims.

ANCHOR FILING

MedPlane AI

Governed medical and clinical execution infrastructure.

Execution Governance™ / Governed Execution™ / EA-11™ / Execution Arithmetic™ / Execution Evidence State™ / U.S. Patent Pending. Core governance, authorization, lineage, and fail-closed execution systems.

Mission

"Execution is impossible without authorization. This is enforced, not observed."

11/11 is not building another AI application. We are building the infrastructure layer designed to govern AI execution itself, the way identity, networking, and encryption became foundational layers of the modern internet.

Why "AI security" doesn't govern anything

Security watches. Governance decides.

Every observability, monitoring, and "AI security" tool shares one assumption: the action already happened, now let's inspect it. By then it's real. 11/11 makes the decision before the action reaches the world, and refuses it if it isn't authorized.

SECURITY / OBSERVABILITY

detect after execution

  • Acts first, inspects later. Damage is already done
  • Logs and alerts: a record, not a decision
  • Probabilistic anomaly scoring, not deterministic allow/deny
  • Can observe a bad action; cannot stop it
  • "Fails open": when it breaks, execution continues
  • Evidence assembled after the fact, mutable, disputable
11/11 EXECUTION GOVERNANCE

authorize before execution

  • Evaluated before the action reaches the real world
  • A signed allow/deny artifact: an enforced decision
  • Deterministic policy evaluation, typically <100ms
  • No artifact, no execution: the boundary holds
  • Fail-closed: when in doubt, default is deny
  • Ed25519-signed, hash-chained proof on every decision

Logs are not authorization. Observation is not enforcement. Post-hoc review is not control. If a system can only tell you what an AI did, it never governed it.

The hard questions, answered first

What happens when something goes wrong?

Reviewers in defense, finance, and healthcare don't ask whether the happy path works. They probe the failure modes. Here are the ones we get asked most, and what the architecture actually does.

IF THE CONTROL PLANE IS UNREACHABLE

The action does not proceed. Fail-closed means absence of authorization is a denial, not a default-allow. Downtime degrades to "nothing executes," never to "everything executes."

CAN THE ENFORCEMENT BOUNDARY BE BYPASSED?

There is no path around the control plane to execution. Without a valid signed artifact bound to the request, the runtime boundary refuses to act. No artifact, no execution.

CAN THE PROOF CHAIN BE FORGED OR ALTERED?

Each decision is Ed25519-signed and chained with SHA3-512 + BLAKE2b-512. Tampering breaks the chain and is independently detectable against the public proof endpoint.

CAN ONE TENANT SEE OR REPLAY ANOTHER'S DECISIONS?

Every artifact binds to a tenant at issuance. Policy, audit chain, and decision hash are tenant-scoped, with no cross-tenant leakage, no replay.

What 11/11 is not

Not a model, an agent, or another AI application

Not a firewall, SIEM, or monitoring dashboard

Not post-hoc logging dressed up as control

Not a guarantee an action is wise, only that it was authorized

Not a guardrail you can prompt your way around

Not "best-effort", the default is deny, by construction

Operating, not slideware

A live system with a public record.

No demo wrapper, no anonymized logos we can't back up. The evidence is the thing itself: a real authenticated gateway plus a public verification endpoint, a patent estate, and an open research corpus anyone can reproduce.

<100ms
Typical signed decision latency
15+
USPTO filings · Customer No. 229939
55+
DOI-registered records across 8 tracks
100%
Fail-closed by default
VERIFY IT YOURSELF

Public health and proof endpoints are live. Every homepage claim is reproducible against the running control plane. verify public proof →

DEFENSIBLE CATEGORY

Anchor filings for AI Cryptographic Governance, Execution Authority, and MedPlane AI, assigned to the 11 AI Blockchain Developments Land & IP Trust.

PUBLISHED CADENCE

An ongoing briefing series documenting live runtime authorization, denial, and lineage events. read the briefings →

DUNS 144921555  ·  UEI GHEZH441JN51  ·  CAGE 1A1G9  ·  USPTO Cust. 229939  ·  ORCID 0009-0003-0688-4265

We wrote the standard, not just the patent

Read the doctrine. Reproduce the proofs.

Categories are owned by whoever writes the spec. The Execution Governance doctrine is published openly, eight sequenced principles, a 55+ record research corpus, and the live proof to back them.

EXECUTION GOVERNANCE DOCTRINE · 8 / OPEN ON ZENODO
01No action without authorizationExecution is impossible without an issued authorization.
02Authorize before executeGovernance is evaluated before the action runs.
03Fail-closed operational semanticsDefault is deny when policy, identity, or proof is absent.
04Immutable execution lineageEvery decision chained, hashed, permanently recorded.
05Named cryptography, not impliedEd25519, SHA3-512, BLAKE2b-512, stated at every layer.
06Multi-tenant isolation by constructionNo cross-tenant leakage, no replay.
07Governed AI orchestrationAgent workflows run only inside approved boundaries.
08Execution Governance as infrastructureA mandatory layer for advanced AI.
55+ DOIs

RFC specs, lineage architecture, doctrine, and reference implementations, published for review and reproduction.

Open the corpus on Zenodo →
Briefings

Operational write-ups of live authorization, denial, and lineage events across the control plane.

Read the briefings →

Control AI execution before it happens

Verify the system yourself.

Every public claim is reproducible against the live control plane, no demo wrapper, no slide-only diagram. Health and proof endpoints are public; the execute endpoint requires an API key.