NOVACOV • Agentic AI execution control

Verifier → Permit → Fail‑Closed Gateways

One‑line: Agents stay blocked from real actions (egress / device I/O / accelerator dispatch) until they present a verifiable, scoped, expiring permit — with audit‑ready receipts.

Request security deep dive Download 1‑pager Deck (PDF)
Why now Security boundary

Model output becomes action

Agentic systems introduce a new failure mode: “allow by default” paths appear under drift, misconfig, or bypass. NOVACOV is built for pre‑action control, not post‑hoc storytelling.

The posture Fail‑closed

No permit, no side effect

Missing/stale/unverifiable prerequisites deterministically map to HOLD/QUARANTINE/DENY and block the action — enforced at chokepoints designed to be non‑bypassable.

Architecture (3 control primitives)

Simple to explain. Hard to bypass.

Download deck (PDF)
1Verify‑to‑Activation

Freshness + inclusion + consistency

Runtime validates that the committed deployment logic is included under a current signed head and that the log evolved append‑only.

2Permit‑before‑Action

Mint only after PASS

On PASS, mint a short‑lived permit bound to audience (agent/tenant/mission), record a receipt, and require it at execution time.

3Fail‑Closed gateways

Enforce at chokepoints

Gateways require a valid permit identifier before network egress, device I/O, or accelerator dispatch — otherwise fail closed.

Where enforcement lives

Non‑bypassable chokepoints. Pick one for a pilot.

Control pointsNon‑bypassable
  • Kernel egress / dispatch intercept (syscall paths, cgroups/eBPF, network gateways)
  • Driver path (queue/doorbell before device or accelerator action)
  • Firmware / microcode (before dispatch)
  • Hypervisor intercept (VM‑exit / egress gateway)
Security invariantsTested
  • Fail‑closed default: missing permit → DENY
  • Revocation overrides allow (immediate + provable)
  • TTL enforced (short‑lived permits)
  • Bypass attempts (loopback/proxy) deterministically denied

The 60‑second proof

What we show in the meeting — optimized to earn the security‑attended deep dive.

1
No permit → DENY (fail closed)
2
Bypass attempt (loopback/proxy) → DENY
3
Verifier mints permit → permit installed
4
TCP/UDP egress → ALLOW (in scope)
5
Revocation overrides allow → DENY
6
TTL expiry → DENY

Meeting outputs

A short report plus machine‑readable receipts (e.g., JSONL) and readable deny reasons — designed for Security review.

Procurement kit Request deep dive

Design partner offer (6–12 weeks)

Start with one gateway. Prove non‑bypassable control + receipts. Expand after.

Phase 0Weeks 0–2

Align on scope

  • Threat model + highest‑risk action surface
  • Evidence schema + reason codes + acceptance tests
Phase 1Weeks 3–6

Sandbox proof

  • Verifier MVP integration
  • Permit‑before‑egress (or dispatch) + receipts export
Phase 2Weeks 7–12

Hardening plan

  • Move enforcement deeper (driver/firmware/hypervisor)
  • Production hardening backlog + pilot‑to‑prod option
Request NOVACOV NDA package Patents & licensing Request deep dive