AIIAN proves when an AI agent is allowed to receive temporary execution capability — before an external permission, API mutation, or operational instruction is issued.
Not a log. Not a flag. A scoped, time-limited authorisation proof — bound to an approved policy, the proposed action, the execution route, and time.
No admissibility proof. No permission issued. No execution path opened.
The chain-of-command problem
A Singapore clearing agent receives an instruction from a Tokyo orchestrator. It can verify the instruction came from another agent. It cannot verify that a human authorised it, that the amount is within limits, or that the counterparty passed sanctions screening — unless something upstream enforced those checks and left proof.
Four failure modes. All silent. All undetectable at the execution boundary.
Tokyo Orchestrator Agent
"Execute settlement · ¥420,000,000 · Counterparty XY"
Singapore Execution Agent
Identity verified. But: sanctions? Limits? Human approval?
No way to know. No proof exists.
External Settlement System
Executed. Irreversible. £2,800,000 moved.
The authorisation network model
In mature transaction networks, execution does not depend on a participant remembering to comply. It proceeds only through a controlled authorisation path.
AIIAN applies that pattern to AI agents. Before an agent can mutate an external system — settle, procure, instruct, publish — it must present signed authorisation evidence that required conditions were evaluated and passed.
The execution boundary doesn't ask. It checks the proof.
Agent requests execution
AIIAN evaluates — Default-Deny
Authorisation proof issued · time-limited
auth_a3f7c2…· valid 5 min · action-boundWithout a valid authorisation proof, the execution boundary stays closed.
01
When an agent proposes a high-consequence action, it calls AIIAN first. AIIAN evaluates the request against an approved policy pack defining authorisation scope, risk limits, counterparty rules, and human-approval thresholds.
If all conditions pass, AIIAN issues a scoped, time-limited authorisation proof. The execution boundary verifies the proof — and only then allows the action to proceed.
Policy is never inside the prompt.
Signed evidence written regardless of outcome
Enforcement strength spectrum
Agent calls AIIAN SDK. Calls without authorisation proof stop before reaching the API.
Your API verifies the signed authorisation proof. No AIIAN dependency at runtime.
Agents do not receive direct execution access. Requests pass through a controlled authorisation boundary.
Counterparty doesn't need to change anything. You route through AIIAN.
02
Start with the SDK — connect an existing agent in hours, no infrastructure changes. Progress to network-level enforcement at your own pace.
At full deployment, high-risk execution paths are routed through a controlled boundary. No valid authorisation proof, no route to the external system.
03
Multiple agents share a single governed risk budget. When one agent consumes capacity, all others see the updated ceiling in the next evaluation — not on the next reporting cycle.
Shared limits are enforced consistently across concurrent agents. AIIAN prevents aggregate limit breaches before execution, instead of reporting them after the fact.
Risk budget — FX settlement
£ 10M
Consumed
£ 7.2M
REVIEW · settlement.execute
£2,800,000 · Counterparty XY
AUTHORISED · fx.instruct
EUR/GBP · €4,200,000
04
Authorise and block decisions are written to a tamper-evident signed audit record at the moment of evaluation. Not reconstructed after the fact.
Above-threshold actions pause in a Governor Review Queue. Human reviewers approve or reject via a secure interface. Every review is countersigned and QR-linked to a verifiable evidence page.
05
AIIAN sits above agent runtimes. It doesn't matter whether your agents run on Claude Code, LangChain, AutoGen, Microsoft Agent Framework, or a custom stack. The authorisation check is at the execution boundary — not in the prompt.
Connect via PreToolUse hook, MCP server, REST API, or SDK import. The same governance layer applies across every agent, every framework, every counterparty.
Tool call
git push origin main --forceDelegated scope chain
Orchestrator Agent A
action_types: [settlement, fx, procurement]
max_amount: £10,000,000
Execution Agent B
action_types: [settlement] ⊆ parent
max_amount: £3,000,000 ≤ parent
expires_at: 8h from now ≤ parent
06
When an orchestrator spawns a sub-agent, it delegates only a bounded scope. The child's permitted action types, amount ceiling, and expiry must remain a strict subset of the parent's authority.
AIIAN verifies the chain before every authorisation. A child agent cannot claim authority its parent was never granted — and cannot exceed the limit set when it was spawned.
Framework-neutral
AIIAN sits above agent frameworks, not inside them. The same authorization network — whether your agents run on Claude Code, LangChain, Microsoft Agent Framework, Azure AI Foundry, AutoGen, or any MCP-compatible stack.
Single-use, time-limited proof that an action has passed policy, risk, authority, and route checks. Cannot be replayed against a different instruction.
Agents ask AIIAN before they act. Actions are denied by default — only explicitly authorised operations within defined risk budgets are released. Policy is never inside the prompt.
Every authorise and block decision is written to a tamper-evident signed event at the moment of decision. Ready for regulatory review, underwriter verification, or internal audit.
Shared risk limits are enforced consistently across concurrent agents. When one agent consumes capacity, other agents are evaluated against the updated limit before execution.
DORA, EU AI Act, MiFID II, J-SOX — compliance flags attached to every decision event automatically. Built for finance and trading. AI-initiated transactions with machine-verifiable internal control evidence.
Drop a single hook into your Claude Code setup. Every tool call — Bash, Write, git push, API mutation — evaluated against your approved policy before it runs. Zero prompt changes.
Get started
AIIAN is in active pilot with regulated financial institutions. If your agents execute high-consequence transactions — settlement, FX, procurement, contract commitments — we want to talk.
Pilot access is by invitation. We respond to every request personally. No sales funnel.
Initial focus: financial institutions operating under DORA, Basel III, MiFID II, and J-SOX.