ZTI ecosystem
Doctrine defines why. Protocol defines how. Platform makes it real.
Open · Governed · End-to-end verifiable
Three layers explained
ZTI Doctrine
WHY
Before you can govern AI, every person in the organization must agree on what governance means. ZTI provides that shared belief system.
Without a shared doctrine, every team develops its own interpretation of "safe" and "verified." The result is inconsistency — which is ungovernable.
"Trust is not a control.
Output is not evidence.
Execution without verification is risk."
ZTAP Protocol
HOW
Accepting the doctrine creates a requirement: a mechanism for verification. ZTAP is that mechanism — an open, standard protocol for governed AI action.
Any implementation that conforms to ZTAP is interoperable. Any audit tool that speaks ZTAP can read any ZTAP receipt. The protocol is the common language.
envelope → hash → policy → execution → receipt
ZTI Core
WHERE
Having a protocol is not enough. Someone must operate a policy engine. Someone must store receipts. Someone must provide the audit interface. ZTI Core is that operational system.
Enterprise teams should not rebuild ZTAP enforcement infrastructure from scratch. ZTI Core provides it — production-ready, auditable, and ZTAP-native.
Policy engine · Agent registry
Execution receipts · Audit logs
End-to-end trace
Follow a single AI-generated action — deploy to production — from creation to evidence.
Layer: ZTI Doctrine
Organization believes: AI execution must be verified.
Policy exists: ci-bot may deploy to production only during business hours with signed approval.
Layer: ZTAP Protocol
ci-bot creates envelope: action=deploy_service, target=prod/api
Integrity hash computed: sha256:a3f9c2b1d7e4...
Policy evaluation: prod-deploy-policy → ALLOWED
Execution proceeds. Service deployed within authorized scope.
Receipt generated and signed. Hash: a3f9...c7b2
Layer: ZTI Core Platform
Receipt stored in audit log. Evidence persisted.
Queryable by compliance. Immutable. References envelope hash, policy reference, actor identity, and outcome.
Inevitability
Without ZTI (the doctrine)
No shared definition of what "governed" means. Every team decides independently. Inconsistency is ungovernable. Auditors find policy gaps. Compliance fails.
Without ZTAP (the protocol)
No standard format for governed action. Every implementation uses its own schema. Receipts are incompatible. Audit tools can't read them. Governance is bespoke and fragile.
Without ZTI Core (the platform)
The protocol exists but nothing enforces it. No policy engine. No receipt store. Each team builds their own — or nothing. Governance is documentation, not control.