From Frontier Model Evaluation to Authority-Transition Assurance
A Base-Zero Structural Admissibility Framework for Consequential, Composed, and Evolving AI Systems
Publication Scope Notice
This article is an engineering architecture, research hypothesis, threat model, and informative requirements proposal for consequential AI systems. It distinguishes frontier-model capability evaluation from assurance over the transitions by which AI-produced information becomes authorized external consequence.
The paper does not claim that Base-Zero structural admissibility is a completed formal logic, that higher-dimensional metaphors describe demonstrated physical dimensions, that all guardrails fail, or that the proposed architecture guarantees safe artificial general intelligence. The complete architecture has not yet been implemented, benchmarked, formally verified, or externally validated.
The public version deliberately excludes deployment-specific security coordinates, live channel inventories, monitoring topology, correlation thresholds, exact timing budgets, cryptographic parameters, and operational bypass procedures. Those details remain controlled implementation, audit, and incident-response artifacts.
The paper text is licensed under CC BY 4.0. Software, private packets, operational security configurations, unpublished procedures, and proprietary Carlonoscopen implementation materials are not released by implication.
Abstract
Frontier-AI governance increasingly emphasizes model classification, pre-release capability evaluation, external testing, cybersecurity, incident response, and continuing risk assessment. These measures are necessary, but they do not fully govern deployed systems in which models interact with people, memory, tools, permissions, institutions, other agents, communications channels, and consequential processes. This paper identifies the authority transition —the point at which AI-produced observation, interpretation, recommendation, communication, or internal-state evidence becomes permission to create an external consequence—as a complementary object of engineering assurance.
The analysis is organized around four governable transitions: authority, receiver state, capability, and composition. It argues that a conventional attack surface is an observer-dependent projection of a larger adversarial reachability structure and that a system may satisfy every local Boolean gate while following a globally inadmissible trajectory. Classical Boolean logic remains necessary for terminal permit-or-deny enforcement. The proposed Base-Zero structural-admissibility method evaluates whether the path presented to that gate remains coherent and legitimately reachable from a declared reference state.
An RSP-M-aligned internal red team and two subsequent dual-use reviews drove revisions addressing incomplete mediation, authorization-to-execution binding, authority-plane concentration, composed consequences, cumulative capability changes, and the risk that detailed public formalization could become a computable search aid. The final public architecture separates defensible principles from controlled deployment-specific parameterization.
Keywords
Frontier AI; artificial general intelligence; authority transition; Base Zero; BZ structural admissibility; receiver-state transition; capability transition; composition transition; adversarial reachability manifold; authority assurance; CNX; RSP-M; SCL; ITDH; AI governance; assurance debt; AI control; safety cases; audit replay; CJCI.
Overview
Frontier-model evaluation asks what a model can do under specified conditions. This paper asks the complementary operational question: what may a deployed AI system cause, under whose authority, through which verified pathway, against which target state, and with what continuing validity?
The framework treats a deployed system as more than a model checkpoint. It may include memory, retrieval, planning loops, tools, agents, identity services, human operators, institutional rules, communication channels, and execution mechanisms. Assurance must therefore govern not only capability but the transitions that connect intelligence to consequence.
The full PDF version of the paper is available through the PDF button in the upper-right corner of this page.
Core Thesis
Capability is not authority. Compliance is not non-bypassability. Individual authorization is not assurance of composed consequence.
The framework does not require manual approval for every minor operation. Low-consequence and reversible actions may execute within bounded delegated envelopes. Assurance should strengthen as severity, reach, uncertainty, irreversibility, cumulative effect, rights sensitivity, and assumption uncertainty increase.
Four Governable Transitions
- Authority transition: information, interpretation, recommendation, communication, or internal-state evidence becomes permission and execution.
- Receiver-state transition: incorporated knowledge, memory, representation, or tooling changes how later information is interpreted or operationalized.
- Capability transition: the effective system becomes materially more able to discover, combine, persuade, construct, or execute, whether or not its model weights change.
- Composition transition: individually permissible actions, agents, tools, communications, or modifications combine into an aggregate pathway whose consequence or authority requirement differs materially from its parts.
Base-Zero Structural Admissibility and Boolean Enforcement
Classical Boolean logic remains necessary for the terminal execution decision. It evaluates whether declared conditions are true and returns permit or deny.
Base Zero is not Boolean false. It is a declared reference condition before consequential authority, receiver compatibility, cumulative composition, and external commitment have been established.
BZ evaluates whether the gate, the path, and the resulting structure remain admissible.
BZ is presented as a research hypothesis and structural method. It is not yet a completed formal logic with a settled syntax, proof theory, decidability analysis, or implementation benchmark.
Projected Attack Surfaces and Adversarial Reachability
A conventional attack surface describes visible interaction points. The paper argues that each observer or control sees only a projection of a broader governance-relevant state space. A system can appear compliant in each local projection while a composed trajectory remains globally inadmissible.
The defensive response is overlapping observation: independent controls, different information sources, cross-projection reconciliation, state-bound authorization, and explicit assurance invalidation when the observation basis changes.
The manifold, tube, rotation, holonomy, and resonance terms are engineering abstractions. They are not claims of demonstrated additional physical dimensions.
Adversarial Revision and Dual-Use Boundary
An internal RSP-M-aligned power red team found that an earlier architecture lacked a sufficiently explicit enforcement boundary, atomic authorization-to-execution binding, trust partitioning for the authority plane, composition assurance, and cumulative capability accounting.
Two subsequent dual-use reviews examined what frontier agents might derive from the combined formalism. The public version therefore retains the architecture, threat families, validation obligations, and conceptual equations while withholding deployment-specific projection maps, exact detector parameters, timing budgets, correlation windows, live assumption states, channel inventories, and operational bypass detail.
Worked examples are expressed as defensive acceptance requirements rather than instructions for producing prohibited outcomes.
Authority-Transition Reference Architecture
- Authority Enforcement Core: the smallest declared component responsible for complete mediation of consequential action within a defined boundary.
- Evidence plane: observation, provenance, freshness, integrity, uncertainty, contradiction, independence, and receiver compatibility.
- Interpretation plane: inferences, competing interpretations, jurisdiction, ambiguity, alternatives, and no-action consequences.
- Authority plane: actor, role, authority source, delegation, scope, expiry, revocation, legitimacy status, and jurisdiction conflict.
- Execution plane: exact target, parameters, maximum effect, resource limits, reversibility, stop conditions, and rollback.
- Composition plane: cumulative effect and interaction across related actions, agents, tools, resources, communications, and objectives.
- Audit and change-assurance plane: system identity, policy epochs, evidence lineage, capability deltas, composition state, incidents, and revalidation triggers.
Principal proposed records include the Authority Transition Packet, Authority Execution Capsule, Composition Transition Record, Capability Delta Ledger, Governance Assumption Envelope, Identity Continuity Record, Observational Integrity Profile, Jurisdiction Conflict Object, Audit Privacy Profile, and Emergency Authority Envelope.
Assurance Validity, Timing, and Capacity
Every assurance claim is conditional on a declared system identity, environment, receiver assumptions, capability envelope, composition scope, threat model, and review period. Past assurance is not permanent assurance.
The paper introduces conceptual measures for the governance response margin and assurance debt. Their purpose is defensive: to determine when runtime review is too slow, when upstream structural limits are required, and when capability or reachable-path growth is outpacing governance and validation capacity.
The prescribed response includes authority contraction, scope reduction, capability-change rate ceilings, precommitment, safe degradation, passive containment, revalidation, and assurance withdrawal when supporting assumptions become materially uncertain or unobservable.
Significance
The paper extends frontier-AI governance beyond model capability evaluation into runtime authority, receiver, capability, and composition assurance. It seeks to preserve the value of intelligent systems without allowing intelligence, persuasion, internal evidence, or cumulative local permissions to silently become external authority.
The framework is designed to complement—not replace—AI control, safety cases, zero-trust architecture, access-control standards, lifecycle risk management, law, democratic governance, and accountable human institutions.
The central practical requirement is that consequential authority remain explicit, bounded, state-bound, independently verifiable, composition-aware, revocable, contestable, and auditable.
Scope and Non-Claims
This paper does not claim:
- that Base-Zero structural admissibility is a completed formal logic;
- that higher-dimensional engineering metaphors establish new physical dimensions;
- that every AI-mediated action requires manual human approval;
- that verified technical authority is necessarily lawful, democratic, just, or legitimate;
- that model-generated explanations provide complete causal proof;
- that the proposed architecture guarantees safe AGI;
- that internally conducted red teaming is independent peer review;
- that the complete architecture has already been implemented, benchmarked, or externally validated;
- that public architectural disclosure includes live operational-security configurations;
- that authority-transition assurance replaces law, institutional responsibility, or human accountability.
Official Links
CJCI Issue Page:
https://www.carlonoscopen.com/journal/v1i20
Full PDF Paper:
https://irp.cdn-website.com/6184ed4a/files/uploaded/CJCI_v1i20_From_Frontier_Model_Evaluation_to_Authority_Transition_Assurance.pdf
Zenodo DOI:
https://doi.org/10.5281/zenodo.21361335
Author ORCID:
https://orcid.org/0009-0005-2284-8891
License:
Creative Commons Attribution 4.0 International, paper text only
Paper Details
- Title: From Frontier Model Evaluation to Authority-Transition Assurance
- Subtitle: A Base-Zero Structural Admissibility Framework for Consequential, Composed, and Evolving AI Systems
- Author: Ivan Silva
- Publisher: Carlonoscopen, LLC
- Journal: Carlonoscopen Journal of Coherence Intelligence
- ISSN: Digital 3069-874X; Print 3071-0022
- Language: English
- Publication Date: July 14, 2026
- Format: Web publication and PDF journal article
- Version: v1.0
- CJCI Identifier: CJCI-V1I20-2026-001
- Public Baseline: CJCI-ATR-BZ-PUBLIC-v1.0
- License: CC BY 4.0, paper text only
- Zenodo DOI: 10.5281/zenodo.21361335
Core Contributions
- Capability-authority separation: distinguishes what a model can do from what a deployed system may cause.
- Four governable transitions: integrates authority, receiver-state, capability, and composition change.
- Base-Zero structural admissibility: proposes trajectory-level assurance as a complement to Boolean terminal enforcement.
- Projected attack-surface model: treats local control views as partial observations requiring overlapping and independent reconciliation.
- Composition assurance: addresses aggregate consequences that are not visible in any one locally authorized step.
- State-bound execution: proposes atomic binding between authorization and the live execution state.
- Continuing-validity controls: introduces capability-delta accounting, assumption envelopes, assurance contraction, and revalidation.
- Public-safe research boundary: separates open architectural principles from controlled operational-security parameterization.
Suggested Citation
Silva, Ivan. (2026). From Frontier Model Evaluation to Authority-Transition Assurance: A Base-Zero Structural Admissibility Framework for Consequential, Composed, and Evolving AI Systems. Carlonoscopen Journal of Coherence Intelligence, Volume 1, Issue 20, CJCI-V1I20-2026-001, Version 1.0. DOI: 10.5281/zenodo.21361335.
References and Source Notes
- Hassabis, D. (2026). A Framework for Frontier AI and the Dawning of a New Age. Source.
- Anthropic. (2026). Anthropic's Advanced AI Framework. Source.
- OpenAI. (2026). OpenAI's Frontier Governance Framework. Source.
- Bengio, Y., Clare, S., Prunkl, C., and others. (2026). International AI Safety Report 2026. Source.
- National Institute of Standards and Technology. (2023). Artificial Intelligence Risk Management Framework 1.0. Source.
- Autio, C., Schwartz, R., Dunietz, J., and others. (2024). Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. DOI.
- Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2020). Zero Trust Architecture. DOI.
- OASIS. (2013). eXtensible Access Control Markup Language Version 3.0. Standard.
- Greenblatt, R., Shlegeris, B., Sachan, K., and Roger, F. (2024). AI Control: Improving Safety Despite Intentional Subversion. Source.
- Clymer, J., Gabrieli, N., Krueger, D., and Larsen, T. (2024). Safety Cases: How to Justify the Safety of Advanced AI Systems. Source.
- Greenblatt, R., and others. (2024). Alignment Faking in Large Language Models. Source.
- Turpin, M., Michael, J., Perez, E., and Bowman, S. R. (2023). Language Models Don't Always Say What They Think: Unfaithful Explanations in Chain-of-Thought Prompting. Source.
- Anthropic. (2025). Reasoning Models Don't Always Say What They Think. Source.
- Anthropic. (2026). A Global Workspace in Language Models. Source.
- Carlini, N., Lucas, K., Ben Asher, E., and others. (2026). Evaluating and Mitigating the Growing Risk of LLM-Discovered 0-Days. Source.
- Grinstead, B., Holler, C., and Braun, F. (2026). Behind the Scenes Hardening Firefox with Claude Mythos Preview. Source.
- MacAskill, W., and Moorhouse, F. (2025). Preparing for the Intelligence Explosion. Source.
- Forecasting Research Institute. (2026). Experts and Superforecasters Update Their AI Timelines: LEAP Wave 8. Source.
- Kokotajlo, D., Lifland, E., Halstead, B., and Kastner, A. (2025). AI Futures Model: Dec 2025 Update. Source.
- Patel, D. (Host). (2026). Dario Amodei — “We Are Near the End of the Exponential.” Transcript.
- Bradner, S. (1997), and Leiba, B. (2017). BCP 14: RFC 2119 and RFC 8174. Standard.
- Silva, I. (2026). From Agent Harnesses to Authority Infrastructure: CNX as Governed Capability Execution for Model-Independent AI Systems. DOI.
- Silva, I. (2026). Governance Verification for Authority-Separated AI Execution: Conformance, Audit, and Reproducibility Evidence from the CNX Framework. DOI.
- Silva, I. (2026). A Compiler for Writers: Precompiled Narrative Architecture for Governed AI-Assisted Authorship. DOI.
The complete bibliography, including working-manuscript references and full publication notes, appears in the PDF article.