The principles we design every Neksus agent against. They define what it means for an autonomous agent to be accountable, governed and explainable — before a single line of behaviour is written.
Neksus manufactures AI agents that can be held to account.
Every agent we build carries a verifiable identity, a measured capability surface, and a binding to one accountable owner — and acts through a decision process that can be replayed and explained. These axioms are the commitments we hold ourselves to. They are not marketing: they are the constraints our engineering is allowed to move within.
If a later design decision breaks one of these axioms, the design is wrong — not the axiom.
A system that admits an agent on identity alone is an accountability system, not a security system. So an agent needs three separable things, and a verifier must check all three — every action.
A durable, cryptographic identity bound to a hardware-rooted key. It says who is accountable. It says nothing about what the agent will do.
A scoped, time-bounded grant delegated by the owner. Absent a valid grant, the agent may do nothing.
A measured capability surface, bound to a runtime attestation — not a self-declared list. Checked against every consequential action.
Grouped by what they protect: accountability, the separation of identity from authority, durability, verifiable trust, and the deterministic core that governs how a decision is reached.
Every agent is bound, at all times, to exactly one accountable principal — a natural or legal person. There are no orphan agents.
It holds no rights or obligations of its own. Every legal effect of its actions traces to its principal.
The principal is established through an existing high-assurance identity system, at the highest level of assurance available. We verify by reference; we never re-issue human identity.
Who or what an agent is, what it may do right now, and where it came from are distinct facts, each independently verifiable. Conflating them is the most common error in this field.
What an agent may do equals what its principal has explicitly delegated — and it remains revocable at any moment.
Every consequential action is authorized against the agent's measured capability surface and its current grant, re-evaluated each time. Identity brings the agent to the gate; authorization opens it.
The accredited capability surface is bound to a runtime measurement — a hash or attestation. Any change to it requires re-attestation before it can be used.
An agent's cryptographic identity persists across changes of owner. The owner-binding is its own credential — revocable, and re-issued on transfer.
A verifier trusts an issuer because it appears on a known, governed list of trust anchors.
Verification works offline; status is checkable per credential and per subject.
It is authoritative for which agents, owners and issuers exist, and for their current status. Everything else derives from it.
A presentation reveals only the attributes a transaction needs. Binding an agent to its owner never requires broadcasting the owner's full identity.
A model may read intent and draft language; the decision itself is produced by an auditable, deterministic process that traces to the governing rule, policy or law — to clause and version. The identity envelope establishes who may act; the decision layer proves the act was lawful and explainable.
The inputs and outputs of a consequential process are validated, versioned, structured instances — not free text re-interpreted on every run. Conformant data is accepted; non-conformant data is refused at the boundary.
An agent never acts in a vacuum. Trust is mutual and bidirectional: every party is identified, credentialed and accountable, and each authorizes the other per interaction.
Issues credentials about agents and owners and maintains the authoritative register, including revocation. The reference point every verifier checks against.
The natural or legal person accountable for the agent, with the power to create, authorize, scope, suspend and revoke it. The terminus of every accountability chain.
A model-driven, autonomous, goal-directed actor that perceives, reasons, plans and acts through tools and APIs. Its emergent behaviour is exactly why every action is checked against a measured boundary.
The identified, credentialed system the agent acts on — a register, service or tool server. The agent verifies the system; the system verifies the agent and authorizes the specific action. Each re-checks the other, every interaction.
An agent has a durable entity — who or what it is, which changes only by re-manufacture — and a mutable boundary — what it may do, for how long, and whether it is still live. The two are kept cryptographically separate, so the boundary can flex without disturbing the identity.
Together, these form the cryptographic VIN — the agent's birth certificate.
Where security lives. Every part is measured, scoped and revocable.
Software is infinitely copyable, so a logical “agent ID” is a sticker anyone can photocopy. Uniqueness has to be manufactured cryptographically. An agent's VIN binds:
A verifiable identity envelope, wrapped around a deterministic decision core.
Who may act, with what measured capability, revocably — wrapped around a process that proves the act itself was lawful and explainable. Identity makes the actor accountable; deterministic logic makes the act explainable. Neksus builds both halves, because each one completes the other.
Every Neksus agent ships with a birth certificate, a measured capability surface, an owner binding, per-action authorization, and a decision path you can replay.