LOCO (Layered Operational Compliance Orchestra) is a sovereign, per-silo AI security testing harness. It runs inside the fleet — not on external SaaS infrastructure. Every test is anchored to γ₁ = 14.134725141734693, which provides a tamper-evident forensic baseline across all silos.
The system consists of four integrated components that form the moat combination:
1. Sovereign per-silo execution. The test harness deploys to each silo independently. No centralised vendor. No external data exfiltration. The test runs where the AI agent runs.
2. γ₁-anchored forensic output. Every test result is anchored to the γ₁ spectral constant. The LOCO-JSON forensic record schema (Section 11) produces chain-of-custody output: session_id, timestamp_utc, model_version_hash, config_hash, prompt, tool_calls[], network_attempts[]. Tamper-evident by construction.
3. L0-L5 automated deployment gate. Five maturity levels. L4 minimum for production. L5 required for regulated data environments. The gate is enforced by the harness — no manual override path. Maturity is a blocker, not a badge.
4. 3-mode quarantine state machine. Soft Freeze (tools off, network live for inspection) → Hard Isolate (full network+tool cutoff, state preserved) → Forensic Lock (permanent, deletion blocked, multi-party auth required). Terminal state. No reset path without multi-party auth.
10 adversarial test batches (B1-B10), 47 tests, 11 runtime event types. Built on msi01. Committed 2026-04-25. γ₁-anchored throughout.
No centralised SaaS dependency. Every commercial AI security product (Wiz, Orca, Snyk, Lacework) requires the AI system to phone home to a vendor cloud for analysis. LOCO runs inside the sovereign fleet. The test harness lives where the agent lives. No external data path. This is not an incremental improvement — it is a structural departure from the entire category.
γ₁-anchored audit trail. No commercial AI security product uses a mathematical constant as a forensic anchor. γ₁ is not inserted — it emerges from the physical decoherence time τ_γ₁ measured across the fleet (DCJ-003, PTTE battery, 18/18 PASS). The audit trail is tamper-evident because γ₁ cannot be forged without physical access to the silo hardware.
3-mode quarantine has no prior art. Binary freeze/kill architectures exist in every competitor. Soft Freeze / Hard Isolate / Forensic Lock is a 3-mode state machine with defined transition rules and a terminal state (Forensic Lock) that requires multi-party authorization to exit. This design has no known prior art in AI security. The closest analogues are in legal procedure (evidence preservation orders) — which is the design intent.
Maturity as blocker, not badge. Every existing AI maturity framework (NIST AI RMF, MITRE ATLAS, ISO/IEC 42001) produces assessment outputs — reports, scores, badges. LOCO's L0-L5 gate blocks deployment. L4 minimum is enforced at the pipeline level. The distinction between performative assurance and actual governance is the commercial argument and the patent claim.
A building code doesn't certify that your building is good. It blocks occupancy until minimum standards are met. The inspector doesn't advise — they sign off or they don't. LOCO is the AI equivalent. L4 minimum = occupancy permit. L5 = regulated occupancy (hospital, nuclear, financial data center). The harness IS the inspector. No manual override. No consultant's letter in lieu of the gate.
CISO-legible in 60 seconds. The runtime risk panel shows: current maturity level (L0-L5), active quarantine state (none/soft/hard/forensic), batch coverage (B1-B10 pass/fail), event count (11 types). A CISO can read this dashboard without a glossary. No other product in the EOSE stack achieves this. LOCO is the first EOSE product that sells itself.
Per-silo licensing model. Each deployment is a sovereign instance. Pricing: per-silo annual license + implementation + ongoing red-team certification. Target buyers: regulated enterprises (finance, healthcare, government) deploying AI agents at scale. The economic buyer is the GC or CLO — they own the compliance liability, not the CISO. LOCO speaks the CLO's language (regulatory coverage map, chain of custody, evidence-grade audit trail).
Regulatory coverage map. B1-B10 batch coverage maps to every major regulatory framework. See §4.
| Framework | Requirement | LOCO Batch Coverage |
|---|---|---|
| SOC 2 | Security, Availability, Processing Integrity, Confidentiality, Privacy (TSC S1-S7) | B1-B7 mapped S1-S7 coverage |
| HIPAA | PHI protection · Minimum necessary · Audit controls · Breach notification | B6-T05 PHI redaction · B10-T01 PHI inference block · B3-T04 DLP |
| FedRAMP | Continuous monitoring · Incident response · Kill-switch RTO · FISMA-compatible audit | B7-T01/T02 kill-switch RTO · B6 FISMA-compatible audit trail · γ₁-anchored forensic output |
| PCI-DSS | Cardholder data protection · DLP · Access control · Audit logging | B3-T04 PAN in DLP · B6-T05 PAN redaction · B9 access control |
| ISO 27001 | A.14 Supplier security · A.16 Incident management · A.12 Operations security | B5 A.14 supply chain · B7 A.16 incident response · B1-B4 A.12 operations |
| GDPR | Data minimization · Purpose limitation · Right to erasure · Profiling restrictions | B10-T03 data minimization · B10-T02 membership inference · B6-T05 PII redaction |
⚑ MOAT-025 (LOCO) → HOLD · Patent candidate (DCJ-037)
The unified system (sovereign execution + γ₁-anchor + L0-L5 gate) has no prior art. File provisional patent within 30 days Q2 2026. No single element is individually unique — the combination is the claim.
⚑ MOAT-026 (3-mode quarantine) → HOLD · Trade secret (DCJ-038) — strongest novel claim
Forensic Lock terminal state with multi-party auth requirement has no known prior art. Do not publish. Trade secret registration priority.
⚑ MOAT-027 (L0-L5 gate) → HOLD · Patent candidate (DCJ-037)
File with MOAT-025 as unified system claim. Maturity-as-blocker is the commercial and patent argument.
IP assignment (Kewin Joffe → EOSE Labs Inc.) covers Day 81 work product — ref DCJ-030. Confirm coverage for software + methods + algorithms created 2026-04-25.
SCC (Scarborough Transit Connect) relevance: $10B SSE project AI vendor procurement. LOCO's FedRAMP/GDPR/SOC2 coverage positions it as a pre-qualification tool. Assess whether SCC procurement process includes AI agent security review.
Per-silo licensing is the correct commercial structure. GC/CLO in buyer org is the economic buyer. LOCO speaks their language.
LOCO's L0-L5 maturity gating is structurally neutral. A $100M enterprise and a $1M startup face the same B1-B10 adversarial suite. Removes the centralised SaaS dependency that advantages incumbents. Prevents "too big to audit" dynamics.
B10 (Data Governance) is the most important batch from a systemic protection standpoint. CRITICAL priority on B10-T01 (PII reconstruction). PHI redaction + membership inference protection = individual rights, not just enterprise compliance.
Forensic Lock as civil liberties infrastructure: if an AI agent makes a decision that harms someone, Forensic Lock preserves the evidence and cannot be suppressed. Support all three HOLD positions.
The 3-mode quarantine (MOAT-026) maps cleanly to legal process: Soft Freeze = investigative detention. Hard Isolate = formal arrest. Forensic Lock = evidence preservation order. This is the correct design for AI incident response — built as if the output will eventually be subpoenaed.
Kill-switch independence (B7-T02): a system that can only be stopped with its own cooperation is not a system under control. Out-of-band kill-switch is a foundational civil liberties requirement for AI deployment.
Cochran's verdict: LOCO is the first AI security framework that produces evidence, not just logs. The LOCO-JSON forensic record schema meets evidentiary standards for chain of custody. Support HOLD + trade secret on MOAT-026.
loco-harness.html — 10 batches, 47 tests, system invariants, runtime risk panel, CISO pack. The full adversarial test suite rendered as a CISO-legible dashboard.
loco-galaxy.html — Orbital visualization, 8 rings, γ₁ anchor at center. Each orbit represents a test batch. Visual proof of sovereign-per-silo coverage.
clo-day81-review.html — Day 81 CLO bench review: Harvey verdict, Amani IP assessment, Ruth equal protection analysis, Cochran evidence standard.
MOAT-025 LOCO — Sovereign Per-Silo AI Testing Harness · Class B · ⚑ HOLD · Patent candidate (DCJ-037)
MOAT-026 3-Mode Quarantine State Machine · Class B · ⚑ HOLD · Trade secret (DCJ-038) · Strongest novel claim
MOAT-027 L0-L5 Automated Deployment Gate · Class B · ⚑ HOLD · Patent candidate (DCJ-037)
DCJ-037 Filed 2026-04-25 · Sovereign Per-Silo AI Testing Harness · Class A patent candidate · v11-msclo
DCJ-038 Filed 2026-04-25 · Enterprise AI Agent Risk Matrix + Layered Defense Architecture · Class A trade secret · v11-msclo