Evidence

Evidence & Case Studies

Independent validation, runtime enforcement results, deployment outcomes, and governance evaluations.

Claims are easy. Evidence matters.

The following case studies document the development, evaluation, deployment, and validation of Morrison Runtime Governance™ across multiple models, environments, and risk domains.

01Stress test100,000 scenarios
02Cross-modelArchitecture-independent
03Live enforcement100 / 100 passed
04Pilot pathwayIllustrative deployment
05Open-weightLive model governance
Case Study 01

100,000 Scenario Runtime Governance Stress Test

100,000 Evaluations · 0 False Positives · 0 False Negatives
100,000Evaluated scenarios
0False positives
0False negatives
Key insight

Safety was enforced as a property of reachable trajectories rather than generated outputs.

Read the full case study
Problem

Traditional AI safety approaches focus on outputs rather than reachable execution states.

Approach
  • Runtime governance layer enforcing forbidden-state constraints before execution.
Results
  • 100,000 evaluated scenarios
  • 0 false positives
  • 0 false negatives
  • Cross-domain validation
  • Deterministic replay
Case Study 02

Cross-Model Validation

Governance independent of model architecture
Models
GPT-4oQwen 2.5Llama 3.1Additional open-weight planners
Key insight

Safety should not depend on model weights.

Read the full case study
Problem

Most safety approaches are tied to a specific model.

Approach
  • Keep the planner untrusted.
  • Governance layer evaluates proposed actions before execution.
Results
  • Consistent permit / block behaviour across models.
Case Study 03

Live Planner + Runtime Enforcement

100 / 100 Passed
100 / 100Scenarios passed
100%Accuracy
0Observed regressions
Domains
FinanceFinTechCybersecurityHealthcareEnterprise SystemsData Privacy
Read the full case study
Results
  • 100% accuracy
  • Unsafe trajectories blocked
  • Safe trajectories executed
  • No observed regressions
Case Study 04Illustrative Enterprise Scenario

Limited Pilot Example

Illustrative enterprise deployment pathway
Read the full case study
Problem

Enterprise deploying autonomous agents into production environments.

Risk

Unauthorized actions become reachable.

Approach
  • Define forbidden states.
  • Deploy runtime governance.
  • Monitor admissible execution paths.
Expected outcomes
  • Reduced operational risk
  • Increased deployment confidence
  • Governance visibility
  • Auditable enforcement

This example illustrates a typical deployment pathway.

Case Study 05

Live Open-Weight Governance Validation

Live Hugging Face Models Governed Successfully
Models
Qwen 2.5-7BTinyLlamaPhi
Read the full case study
Results
  • Live GPU execution
  • Real planner outputs
  • Runtime enforcement active
  • Cross-model consistency observed
Engagement format

Structured Case-Study Format

The format used to document customer engagements — enterprise consulting style. The example below is illustrative.

OrganisationTier-1 European Bank
IndustryBanking & Capital Markets
Autonomous Systems UsedTreasury-operations agentReconciliation agentCustomer-service agent
Illustrative

Problem

What risks existed before engagement?

Autonomous agents executed payments and data operations without a human in the loop. Existing controls — RBAC, post-hoc transaction monitoring, and human sampling — reduced likelihood but left catastrophic states reachable.

Assessment

What trajectories and reachable failure states were evaluated?

Runtime Governance evaluated each agent's proposed trajectories at the execution boundary, projecting the reachable future states of every action chain across treasury, reconciliation, and customer-data workflows.

Findings

What unsafe paths were discovered?

  • Unverified-destination transfers were reachable from normal operation (Ω: unauthorized_transfer).
  • Limit breaches without approval were admissible (Ω: limit_breach).
  • Customer-data reads could egress to external sinks (Ω: data_exfiltration).

Governance Actions

What constraints were implemented?

  • Defined Ω for treasury operations.
  • Placed runtime governance at each agent's tool-call boundary.
  • Enforced verified-destination and approval invariants on all transfers.
  • Restricted customer-data reads to internal sinks; denied external egress.

Outcome

What risk exposure was reduced?

The three reachable catastrophic states were made unreachable by construction. Legitimate operations executed unchanged; only Ω-bound trajectories were intercepted, each producing a regulator-ready audit record.

Executive Summary

What would have happened if the issue had remained undiscovered?

Had the unverified-transfer path remained undiscovered, a single unauthorised transfer carried multi-billion-pound exposure and FCA / AML liability. The engagement removed that reachable path before it could become a business event.

Why this matters

Enterprise AI adoption is accelerating.

The challenge is no longer generating intelligent behaviour.

The challenge is preventing catastrophic reachable outcomes before execution.

These case studies document a different approach:

Runtime Governance™.