AIIAN proves when an AI agent is allowed to receive temporary execution capability — before a payment credential, API mutation, or external instruction is issued.
Not a log. Not a flag. A single-use signed authorisation proof — bound to an approved policy, the proposed action, the execution route, and time.
No admissibility proof. No credential issued. No execution path opened.
The chain-of-command problem
A Singapore clearing agent receives an instruction from a Tokyo orchestrator. It can verify the instruction came from another agent. It cannot verify that a human authorised it, that the amount is within limits, or that the counterparty passed sanctions screening — unless something upstream enforced those checks and left proof.
Four failure modes. All silent. All undetectable at the execution boundary.
Tokyo Orchestrator Agent
"Execute settlement · ¥420,000,000 · Counterparty XY"
Singapore Execution Agent
Identity verified. But: sanctions? Limits? Human approval?
No way to know. No proof exists.
External Settlement System
Executed. Irreversible. £2,800,000 moved.
The authorisation network model
A merchant cannot process a VISA transaction without authorisation from the VISA network. The control isn't a request to comply — it's a physical constraint on the execution path.
AIIAN is the same model for AI agents. Before an agent can mutate an external system — settle, procure, instruct, publish — it must present a signed authorisation proof that every required condition was evaluated and passed.
The execution boundary doesn't ask. It checks the proof.
Agent requests execution
AIIAN evaluates — Default-Deny
Authorisation proof issued · single-use
auth_a3f7c2…· valid 5 min · action-boundWithout a valid authorisation proof, the execution boundary stays closed.
01
When an agent proposes a high-consequence action, it calls AIIAN first. AIIAN evaluates the request against an approved policy pack defining authorisation scope, risk limits, counterparty rules, and human-approval thresholds.
If all conditions pass, AIIAN issues a signed, single-use authorisation proof. The execution boundary verifies the proof — and only then allows the action to proceed.
Policy is never inside the prompt.
Signed evidence written regardless of outcome
Enforcement strength spectrum
Agent calls AIIAN SDK. Calls without authorisation proof stop before reaching the API.
Your API verifies the signed authorisation proof. No AIIAN dependency at runtime.
AIIAN holds downstream credentials. Agents call AIIAN. No direct path to external systems.
Counterparty doesn't need to change anything. You route through AIIAN.
02
Start with the SDK — connect an existing agent in hours, no infrastructure changes. Progress to network-level enforcement at your own pace.
At full deployment, AIIAN becomes the only path to external execution. Agents call AIIAN. AIIAN calls downstream. No valid authorisation proof, no route. The same architecture a payment network uses.
03
Multiple agents share a single governed risk budget. When one agent consumes capacity, all others see the updated ceiling in the next evaluation — not on the next reporting cycle.
Authorisation issuance is atomic. A race between two concurrent agents cannot produce two valid approvals that together exceed the limit. The second agent is blocked, not warned after the fact.
Risk budget — FX settlement
£ 10M
Consumed
£ 7.2M
REVIEW · settlement.execute
£2,800,000 · Counterparty XY
AUTHORISED · fx.instruct
EUR/GBP · €4,200,000
04
Authorise and block decisions are written to a tamper-evident signed audit record at the moment of evaluation. Not reconstructed after the fact.
Above-threshold actions pause in a Governor Review Queue. Human reviewers approve or reject via a secure interface. Every review is countersigned and QR-linked to a verifiable evidence page.
05
AIIAN sits above agent runtimes. It doesn't matter whether your agents run on Claude Code, LangChain, AutoGen, Microsoft Agent Framework, or a custom stack. The authorisation check is at the execution boundary — not in the prompt.
Connect via PreToolUse hook, MCP server, REST API, or SDK import. The same governance layer applies across every agent, every framework, every counterparty.
Tool call
git push origin main --forceDelegated scope chain
Orchestrator Agent A
action_types: [settlement, fx, procurement]
max_amount: £10,000,000
Execution Agent B
action_types: [settlement] ⊆ parent
max_amount: £3,000,000 ≤ parent
expires_at: 8h from now ≤ parent
06
When an orchestrator spawns a sub-agent, it delegates only a bounded scope. The child's permitted action types, amount ceiling, and expiry must remain a strict subset of the parent's authority.
AIIAN verifies the chain before every authorisation. A child agent cannot claim authority its parent was never granted — and cannot exceed the limit set when it was spawned.
Framework-neutral
AIIAN sits above agent frameworks, not inside them. The same authorization network — whether your agents run on Claude Code, LangChain, Microsoft Agent Framework, Azure AI Foundry, AutoGen, or any MCP-compatible stack.
Single-use, time-limited proof that an action has passed policy, risk, authority, and route checks. Cannot be replayed against a different instruction.
Agents ask AIIAN before they act. Actions are denied by default — only explicitly authorised operations within defined risk budgets are released. Policy is never inside the prompt.
Every authorise and block decision is written to a tamper-evident signed event at the moment of decision. Ready for regulatory review, underwriter verification, or internal audit.
Shared risk limits enforced atomically across concurrent agents. When one agent consumes capacity, the ceiling updates immediately. No race condition can produce an over-limit authorisation.
DORA, EU AI Act, MiFID II, J-SOX — compliance flags attached to every decision event automatically. Built for finance and trading. AI-initiated transactions with machine-verifiable internal control evidence.
Drop a single hook into your Claude Code setup. Every tool call — Bash, Write, git push, API mutation — evaluated against your approved policy before it runs. Zero prompt changes.
Get started
AIIAN is in active pilot with regulated financial institutions. If your agents execute high-consequence transactions — settlement, FX, procurement, contract commitments — we want to talk.
Pilot access is by invitation. We respond to every request personally. No sales funnel.
Initial focus: financial institutions operating under DORA, Basel III, MiFID II, and J-SOX.