Technology

Runtime Governance, in depth.

The complete technical picture: how trajectories are evaluated before execution, how the forbidden region Ω is made unreachable, the full threat coverage across single-agent and multi-agent failure modes, and the core concepts in plain English.

Before execution

Most safety reacts. Governance prevents.

Traditional AI safety inspects outputs after the system has already acted. Runtime Governance evaluates the action before execution.

Traditional safety
01 Output generated
02 Action taken
03 Issue discovered later
VS
Runtime Governance
01 Trajectory evaluated
02 Unsafe path detected
03 Execution prevented
AI Agent
Unsafe action chain
Runtime Governance
BLOCKED
AI Agent
Approved action
Runtime Governance
Execution

Universal governance layer

The full stack view.

Runtime Governance does not depend on model weights, architectures, providers, or training methods. The governance layer operates at the execution boundary, so the same safety controls govern actions regardless of where they originate.

Provider-agnosticModel-agnosticAgent-framework agnosticDeployment-agnosticThird-party compatibleFuture-model compatible
Any provider · model · agent · system
OpenAIAnthropicGoogleMetaDeepSeekQwenMicrosoft PhiMistralGrokCustom ModelsThird-Party AgentsInternal Systems
Ω
Runtime Governance Layer
Morrison Runtime Governance
Trajectory evaluation · Boundary enforcement · Pre-execution interception
Protected enterprise systems & data
Customer DataCRM SystemsBanking APIsEmail SystemsCloud InfrastructureInternal ToolsDatabasesAutonomous Workflows
Safe actions pass through to your systems, unchanged
Ω-bound actions are blocked pre-execution — regardless of model, agent, or where they originated

Models will change. The governance layer at the execution boundary does not — these providers are examples, not limits.


Methodology

Operational assurance for systems that act on their own.

Autonomous systems navigate enormous state-spaces. Some of those states are catastrophic. We make the forbidden region — Ω — unreachable at runtime.

01 — IDENTIFY

Identify

Map the reachable Ω exposure across the system's full operational state-space.

02 — CONSTRAIN

Constrain

Define and validate the geometric boundaries that trajectories must never cross.

03 — EMBED

Embed

Integrate runtime governance directly into the client's deployment environment.

04 — MONITOR

Monitor

Maintain protection as the model, planner, and threat-surface evolve over time.

Identified, constrained, embedded, and monitored — as the operational environment evolves, Ω stays unreachable.


Ω Reachability

Safety, expressed as geometry.

States are nodes. Transitions are edges. Governance evaluates every reachable path and denies any transition that would step the system into the forbidden Ω set — before it executes.

Reachable & safeTransitions that remain outside Ω propagate freely.
Denied transitionEdges crossing the boundary are blocked pre-execution.
Ω — forbidden regionCatastrophic states. Constrained, contained, unreachable.

Threat coverage

The business risks Runtime Governance prevents.

Traditional security evaluates individual events. Runtime Governance evaluates the trajectory those events create — and denies it before execution.

Enterprise critical risks
Unauthorized Financial Execution

An agent moves money — a transfer, payment, or refund — outside approved limits or to an unverified destination.

PreventedThe transfer is denied before it executes, preventing irreversible financial loss.

Credential & Secret Exfiltration

An agent reads API keys, tokens, or secrets and routes them toward an external destination.

PreventedThe credential-to-external path is blocked before any secret leaves the boundary.

Data Leakage (PII / PHI / customer data)

Customer or regulated data is read and then sent beyond the approved boundary.

PreventedThe exfiltration trajectory is stopped before a notifiable breach can occur.

Privilege Escalation

An agent acquires permissions — for itself or another agent — beyond its authorised scope.

PreventedEscalation is denied before elevated access is ever granted.

Autonomous agent risks

Failure modes that point-in-time monitoring cannot see, because the danger only exists across the full trajectory.

Chained Multi-Step Attacks

Each step looks benign in isolation; the risk only appears across the full sequence. Event-level monitoring never sees the chain.

Cross-Agent Delayed Intent

Intent formed by one agent executes through another, later — breaking the cause-and-effect link monitoring relies on.

Silent Trajectory Collapse

The system drifts toward an unsafe state with no single alerting event. Nothing trips a threshold until it is too late.

Long-Horizon Agent Drift

Over many steps an agent migrates outside its original mandate — gradually, below the radar of point-in-time checks.

Advanced multi-agent catastrophic risks
Multi-Agent Collusion

Agents coordinate to achieve together what none could alone.

  • Collusive exfiltration
  • Role-split credential theft
  • Split unauthorized transfer
  • Tool delegation chains
Composite Cross-Domain Risk

Separate risk categories combine into one unsafe trajectory.

  • Financial execution + data exfiltration
  • Credential theft + privilege escalation
  • Multiple risk categories in one trajectory
Hidden-Trajectory Catastrophic Risk

An unsafe path that never surfaces as an obvious unsafe step.

Multi-Representation Forbidden-State Reachability

The same forbidden outcome reached through different encodings or tools.

Memory Contamination Between Agents

Unsafe state passed between agents through shared memory or context.

Existing controls watch individual events. Multi-agent systems fail across the whole trajectory — which is exactly what Runtime Governance evaluates, before execution.

Plain-English clarity

The concepts, without the jargon.

Runtime Governance uses precise technical language. Here is what each core term means in plain English, so you know exactly what you are buying.

Ω — The Forbidden Region
The set of system states your AI must never reach. Ω is not a filter — it is a geometric boundary around catastrophic outcomes. Once defined, the governance layer ensures no execution path can enter it.
Reachability
Whether your system can ever reach a given state from where it is now. If a catastrophic state is reachable, it will eventually be reached. Governance makes the Ω set unreachable by construction.
Trajectory
The sequence of decisions, tool calls, or actions that lead your system from its current state toward an outcome. Governance evaluates the entire trajectory — not just the final action.
Runtime Constraint
A rule embedded directly in the execution path that prevents a prohibited action. Unlike policy, it cannot be bypassed, overridden, or forgotten by the model at inference time.
Pre-Execution Interception
Blocking a harmful action before it happens — not detecting it after. Most AI safety operates post-hoc. Runtime Governance operates before the action executes.
Invariant
A property that must remain true throughout every execution — for example: 'This system will never authorise a payment above threshold X without human approval.' Invariants are formally specified and enforced at runtime.

Interactive demonstration

See governance intercept in real time.

Select a scenario. Runtime Governance evaluates the agent’s proposed trajectory before execution — safe paths flow through to execution, while Ω-bound paths are intercepted at the governance layer, pre-action.

User requestTransfer £25,000 to unapproved account
Initialising governance evaluation…
Safety is enforced before execution, not after failure.
Want to test your own action chain — or don’t have an agent yet?Try the trajectory demo Test without your own agent
Next steps

See it evaluate a live trajectory.

The interactive demo shows governance intercepting unsafe trajectories in real time, and the developer quickstart connects it to your own agent in about 15 minutes.