TraceLock™¶
The Physical Extension of the Platform¶
Most AI governance stops at the application layer — at the API call, the model output, the prompt boundary. That is sufficient for software-only deployments. It is insufficient for critical infrastructure.
Power grids, water systems, transportation networks, defense facilities, and other essential environments face adversarial activity that originates below the software layer. Rogue radios. Unauthorized drones. RF-domain reconnaissance. Signal-layer interference. None of these are governable by a software-only enforcement engine.
TraceLock is the physical-layer extension of the AAM Cyber platform. Where the governed execution framework governs what AI agents are allowed to do at the runtime layer, TraceLock provides the sensor and signal evidence that those decisions can be grounded in.
This is what makes the platform structurally different from every other AI governance offering in the market.
Current deployment status. TraceLock is in active research-lab development under the TraceLock Labs research program. The detection capability is operational in lab conditions. Pilot deployments for critical-infrastructure operators are available under qualified-buyer engagement. Full production references will be published as pilot programs reach maturity. See tracelocklabs.com for research-lab status and detection methodology.
Two Layers, One Platform¶
| Layer | What it governs | Built around |
|---|---|---|
| Runtime layer — governed execution framework | What an AI agent is authorized to do, before it acts | Policy enforcement at dispatch. Rules-based engine. AQ Score output. |
| Physical layer — TraceLock | What is happening in the RF and sensor domain of a deployment environment | Wireless detection. Signal-domain situational awareness. Evidence feed to runtime policy. |
The runtime layer alone produces a defensible AI governance posture for most commercial deployments.
The runtime layer plus the physical layer produces a defensible AI governance posture for critical infrastructure — environments where software-only governance is an audit gap, not a sufficient control.
Where TraceLock Applies¶
TraceLock is built for environments where the physical layer matters as much as the API layer:
- Defense and federal facilities where unauthorized RF activity is a real threat surface
- Critical-infrastructure operators (energy, water, transportation, communications)
- Industrial control system deployments where signal-domain integrity is part of the operating envelope
- Any AI agent deployment that must defend against threats originating below the application layer
If your AI deployment lives entirely inside cloud infrastructure with no physical operating environment, you may not need the physical extension — the governed execution framework alone is sufficient. The moment your deployment touches a physical operating environment, the physical extension is no longer optional. It is a control gap.
Research Lab and Public Reference¶
TraceLock has a dedicated research-lab surface at tracelocklabs.com covering wireless-domain capability research, detection methodology, and public reference material.
The research-lab content is appropriate when you want to understand the underlying detection capability and signal-domain methodology. The platform-integration view — how TraceLock pairs with the governed execution framework at the governance layer — lives here.
Visit the TraceLock research lab →
Patent and Disclosure Posture¶
TraceLock-related claims are covered under the same five U.S. Provisional Patent Applications that protect the governed execution framework (Nos. 64/029,300, 64/049,300, 64/067,427, 64/069,200, and 64/076,620). Specific architectural detail of the integration is deferred to the non-provisional filing window.
Public reference material at tracelocklabs.com adheres to the AAM Cyber pre-disclosure registry — capability-level disclosure only ("what it does"), with implementation detail held until post-non-provisional publication.
Engaging on Physical-Layer Governance¶
If you are evaluating AI governance for a deployment that touches critical infrastructure, defense, or any physical operating environment, the engagement model is the same as for the runtime layer: start with the AQ Score, then progress to formal assessment.