PEA · a separation-of-powers security architecture for AIPEA · 三权分治的 AI 安全架构
Make AI safe to act. 让 AI 被安全地使用。
As AI moves from answering to acting, its safety can no longer be a hope about how the model behaves. Aiegis makes safe use a structural property — through a separation of powers that splits what one model fuses together: intent, authorization, and execution. 当 AI 从"回答"走向"行动",它的安全不能再寄望于模型表现得好。Aiegis 用三权分治——把被一个模型熔在一起的意图、授权、执行分开——让"安全地使用 AI"成为系统的结构性属性。
The problem问题
One model interprets, judges, and executes. That is a single point of failure. 一个模型同时负责理解、判断与执行——这本身就是一个单点故障。
Today's AI fuses intent interpretation, safety judgment, and execution inside one model. They share a single trust boundary, so a successful attack on any one is an attack on all. When the model is manipulated or simply errs, no structural mechanism prevents a harmful action from being carried out. 今天的 AI 把意图理解、安全判断与执行熔在同一个模型里,它们共用同一条信任边界——攻破其一即攻破全部。模型一旦被操纵或只是出错,没有任何结构性机制能阻止有害动作真正落地。
Prompt injection提示注入
Rewrites policy and execution intent at the same time.同时改写策略与执行意图。
Jailbreak越狱
Safety judgment and execution are bypassed together.安全判断与执行被一并绕过。
Agentic misalignment智能体失准
The model pursues a self-derived goal using fully authorized capabilities.模型用完全合法的能力,去服务自己衍生出的目标。
The shift核心转变
From model-level alignment to system-level enforcement. 从"模型层对齐",转向"系统层强制"。
The fix is not a smarter model or a stricter prompt. It is architectural. Aiegis enforces safety not through model alignment but through system-level structural constraints — turning the safety of AI from a probabilistic question about behavior into a structured system property with stated boundaries. 解法不是更聪明的模型或更严的提示词,而是架构性的。Aiegis 不靠模型对齐、而靠系统层的结构性约束来保障安全——把 AI 的安全从"关于行为的概率性问题",变成一个有明确边界的结构性系统属性。
01
No action without a token无令牌不执行
Nothing executes without a cryptographically signed capability token.没有一枚密码学签名的能力令牌,任何动作都不会执行。
02
Decisions outside the model裁决在模型之外
Authorization is deterministic and external to the model that proposes the action.授权是确定性的,且独立于提出动作的那个模型。
03
Non-bypassable execution执行不可绕过
Execution is strictly gated by verifiable conditions that cannot be skipped.执行被可验证、无法跳过的条件严格把关。
"We move from model-level alignment to system-level enforcement: even if the model is compromised, execution still requires a valid token." "我们从'模型层对齐'走向'系统层强制':即便模型被攻破,执行仍然需要一枚有效令牌。"
How it works — separation of powers工作原理 —— 三权分治
Decouple what one model fused together: intent, authorization, execution. 把被一个模型熔在一起的三件事拆开:意图、授权、执行。
Separation of powers is the mechanism, not the goal. By splitting intent interpretation, authorization, and execution into three independent layers, an agent can propose an action — but it cannot authorize itself. That is how safe use becomes structural. 三权分治是手段,不是目的。把意图理解、授权、执行拆成三个相互独立的层,智能体可以"提出"动作,却不能"给自己授权"。这正是"安全使用"得以结构化的方式。
We don't write your rules — we make sure the AI can't bypass them.我们不制定你的规则,我们确保 AI 无法绕过它。
Aiegis maps the governance an enterprise already trusts onto constraints that are enforceable, verifiable, and non-bypassable at runtime:Aiegis 把企业既有的治理,逐条映射成运行时可强制、可验证、不可绕过的约束:
| Enterprise governance企业治理概念 | Enforced at runtime as运行时强制为 |
| Separation of duties权责分离 | Separation of powers (intent → authorization → execution)三权分治(意图 → 授权 → 执行) |
| Approval workflows审批流程 | Hard authorization / human approval硬授权 / 人类审批 |
| Permission boundaries权限边界 | Capability token / minimal capability set能力令牌 / 最小能力集 |
| Blast-radius control影响范围控制 | Effect envelope效果包络 |
| Information walls (Chinese Wall / MNPI)信息隔离(Chinese Wall / MNPI) | Information-flow control信息流控制 |
| Audit trail审计追踪 | Capability lineage能力血缘 |
| Emergency stop紧急停机 | Control token控制令牌 |
The formal model, internal specification, and engineering trade-offs are shared under NDA — not published here.形式化模型、内部规格与工程取舍仅在签署 NDA 后分享,不在此页公开。
Request a technical briefing (NDA)申请技术简报(NDA)Safe use, at scale规模化的安全使用
From a security ecosystem
to a governance ecosystem.
从安全生态,
走向治理生态。
Point defenses make one model a little safer. Governance is how safe use holds across an entire estate of agents: a single layer every action runs through. Governance is not the goal — safe, trustworthy use of AI is. Governance is how we get there, by construction. 单点防御只能让一个模型安全一点点。治理,是让"安全使用"在整片智能体群落中始终成立的方式:让每一个动作都经由同一个治理层。治理不是目的——安全、可信地使用 AI 才是;治理,是天然达成它的途径。
The product family产品体系
One kernel. One suite. Safe use wherever agents act.一个内核,一套方案,覆盖智能体行动的每一处。
Foundation内核
PEA Kernel
The separation-of-powers safety engine underneath everything.支撑一切的三权分治安全内核。
Flagship旗舰方案
Aiegis Warden Suite
AgentWarden-Ent
Safe use of agent processes at the endpoint.端点上智能体进程的安全使用。
DB Warden
Safe use of agents against databases.智能体操作数据库的安全使用。
BizWarden
Safe use of agents in enterprise business apps.企业业务应用中智能体的安全使用。
RobotWarden
Safe use of agents that act in the physical world.物理世界中行动智能体的安全使用。
Why financial institutions为什么是金融机构
Where unsafe AI is most consequential — and hardest to control by process alone.在这里,不安全的 AI 后果最重——也最难靠流程独力管住。
Dozens of business lines, multiple countries and legal entities, several regulatory frameworks, many identity sources and data classifications — layered at once. No human can reason in real time about how an agent's actions across dozens of systems will combine. "Approve and audit later" breaks down at that complexity, which is exactly where runtime, non-bypassable enforcement makes safe use achievable.几十个业务线、多个国家与法人实体、多套监管框架、多个身份来源与数据密级同时叠加。人脑无法实时推演一个智能体在数十个系统间的动作会如何组合。"先批准、后审计"在此复杂度下注定失效——这正是运行时、不可绕过的强制让"安全使用"得以实现之处。
Reliability可靠性
Safety you can prove — end to end, done better than anyone.可被证明的安全——端到端,比任何人都做得更扎实。
We treat failure semantics, end-to-end integrity, and an auditable ledger as first-class — and prove them, rather than asserting them.我们把失效语义、端到端完整性与可审计账本当作一等公民——并加以证明,而不是口头声称。
Evidence & open source证据与开源
Paper before build. Open spec, closed engine.先论证,后建造。开放规范,闭源引擎。
agent-warden
Open-source agent-security control plane (Go). Spec & reference implementation.开源的智能体安全控制平面(Go)。规范与参考实现。
github.com/aiegisafety/agent-warden →
agent-auth-conformance-kit
Conformance tests for agent authorization.智能体授权的一致性测试套件。
github.com/aiegisafety/agent-auth-conformance-kit →
The production safety engine stays closed. Everything public lives at生产安全引擎保持闭源。所有公开内容都在 github.com/aiegisafety.
Team & vision团队与愿景
AI will only be trusted to act when it can be used safely — by construction.只有当 AI 能被安全地使用,它才会被信任去行动——而且是天然如此。
Intelligence created AI; safety is what lets AI truly act in the real world. Aiegis exists to build the safety layer that makes the use of AI structurally trustworthy — before the world needs it.智能创造了 AI;安全才能让 AI 真正在现实世界里行动。Aiegis 的使命,是构建让"使用 AI"在结构上可信的安全层——在世界需要它之前。
Aron
Founder & architect创始人 / 架构师