Field notes from building the bridge. Written for federal technologists, authorizing officials, program managers, and the occasional curious skeptic. No hype; only what’s load-bearing when a signed decision has to move a payment, a reroute, a release, or a dispatch.
Why the federal risk management framework, as practiced, breaks against models that mutate — and what “Active” actually commits you to architecturally.
Most “sovereign AI” claims fail under a packet capture. Here’s the three-question test your security team should be running, and what architecturally has to be true for a vendor to pass it.
One model can’t counter-test itself. Two models voting yes together can’t either. Why adversarial three-agent architecture is the only shape that clears NCDSMO’s bar — and what “architectural separation” technically commits you to.