Get in touch

ZTI doctrine

Don't trust AI.
Verify it.

A principle-first framework for governed AI execution. Before organizations can govern AI, they must agree on what governance means.

Read the full doctrine Explore the mechanism →

The problem

AI action is invisible by default.

When AI agents act in your systems, the default state is opacity. No trace of what ran. No record of what was authorized. No evidence of what changed.

Invisible outputs

No trace of what ran. No intent captured. The action happened — but there is no record that could be inspected, audited, or challenged.

Unverifiable outputs

You cannot know if the output matches the original intent. Correctness is assumed, not confirmed. A result that looks right may not have been authorized.

Unauditable actions

There is no evidence store. No chain of custody. When something goes wrong — or when compliance asks — there is nothing to show.

UNVERIFIED OUTPUT
actiondeploy_service
actorunknown
policynone evaluated
receipt∅ none
⚠ ungovernable · not auditable
ZTAP GOVERNED
actiondeploy_service
actorci-bot@org ✓
policyprod-deploy ✓
receiptsigned · a3f9...
✓ governed · auditable · compliant

The consequence: Every unverified AI action is an undocumented risk. In regulated environments, this is not a technical debt — it is a liability.

Core principles

What the ZTI doctrine holds to be true.

These are not aspirations. They are operating assumptions. Organizations that accept them can reason clearly about AI governance.

Principle 01

Trust is not a control.

Trusting an AI system to behave correctly is not a governance strategy. Trust assumes correctness. Verification ensures it. An organization that relies on trusting AI has no mechanism to detect, challenge, or remediate when that trust is violated. Governance requires verification — not faith.

Principle 02

Output is not evidence.

A result appearing correct does not prove it was authorized, expected, or within scope. Evidence is a signed record of what was requested, what policy was applied, and what was executed. Without that record, the output is legally and operationally unverifiable. Compliance requires evidence — not outcomes.

Principle 03

Execution without verification is risk.

Every AI action that executes without a verification step is an unbound risk event. In governed systems, risk must be bounded, documented, and traceable. The speed of AI execution does not change this requirement — it makes it more urgent. Velocity without governance is acceleration toward unknown outcomes.

ZTI is

  • A shared belief system for AI governance
  • A set of testable, falsifiable principles
  • A foundation for protocol design
  • Transport-agnostic and tool-agnostic
  • Open — not proprietary

ZTI is not

  • A product or platform
  • A compliance framework or regulation
  • Specific to any AI model or provider
  • A philosophy without implementation

If this is true…

A new mechanism is required — one that makes AI action visible, bounded, and auditable by design.

ZTI tells you what to believe. ZTAP tells you how to act on it. The protocol is the mechanism.

Explore the mechanism: ZTAP