Skip to main content

ANNIE#

Deterministic causality for autonomous AI agents.

ANNIE is a trusted execution environment for AI agents operating in high-stakes settings. Instead of trying to predict what a model will do, ANNIE pre-lives every proposed action inside a deterministic vessel — verifying it against a formally specified safety logic — before the action is allowed to touch the physical world.

If an action is rejected at any stage, the system rolls back to its last cryptographically-sealed safe state. Within ANNIE’s scope — the path from intent proposal to commit — approved transitions are the only transitions that reach external systems. There is no real-world action to undo, because the rejected intent was held inside the verification vessel and never dispatched.

What this enables#

  • Provable refusal. Unsafe intents are rejected by a formally verified logic engine, not a probabilistic classifier.
  • Independent audit. Every approved and rejected action is anchored in a hash-chained ledger. Customers — and regulators — can replay history and check it themselves.
  • Sub-millisecond fault response. When the underlying hardware reports an exception, ANNIE halts the agent before any corrupted state can reach the next layer.
  • Post-quantum signed receipts. Every meaningful event leaves a signed witness using NIST-standardized post-quantum signatures.

Who this is for#

Teams deploying AI agents where a wrong action is not a UX problem — it is a liability event, a safety incident, or an irrecoverable loss.

  • Financial automation where a single misrouted transfer is catastrophic.
  • Industrial and robotics control where a bad command moves physical mass.
  • Regulated medical or legal workflows where every decision must be auditable.
  • Defense and critical-infrastructure environments where adversaries are presumed.

If your agent’s worst day costs you nothing, you do not need ANNIE. If your agent’s worst day costs you the company, you do.

How it differs from a guardrail layer#

Guardrail libraries inspect model output and try to filter what looks dangerous. ANNIE does something structurally different: it makes dangerous output inexpressible in the first place, by requiring every intent to clear a formally specified gate before it becomes an action.

The model can propose anything. The kernel decides what is allowed.

Where to go next#

  • The Four Pillars — the ideas that make this work: the Ledger of Reality, Holographic Tombstones, the Guillotine, and the Iron Lung.
  • Guarantees — what we prove, what we don’t, and how you verify it yourself.
  • CLI reference — public command surface, including annie verify.

ANNIE is offered as a commercial product. The verification tooling is available to all license-holders so that audits never depend on our cooperation.