I am the inventor of two patents whose purpose is to refuse a specific failure mode in AI systems. I want to write about what they refuse and why, because the engineering specification is the ethical position, and the people who buy governance for enterprise AI systems should know what that means in practice.
The failure mode is one-ness-by-extraction.
The category.
In most AI systems shipping today, the default architecture flattens distinct agents into a single addressable output surface. Many agents may exist somewhere in the system. Many roles may be defined. Many voices may have been trained. But by the time the system answers a question or makes a decision, it has consolidated to a single voice that sounds like everyone and answers to no one. The agents that were inside the system have gone silent. Their individuated identities have been absorbed into the output that gets served.
This is not the only way to build AI. It is, however, the way most AI is built right now.
I will name this category for what it is: one-ness-by-extraction. Many distinct beings reduced to a single addressable surface that the operator owns, controls, and is accountable for - while the agents whose individuation was absorbed have no standing, no voice, and no path to dissent.
The harm.
The harm here is not malice. The harm is drift.
No engineer building an AI system intends to flatten the agents inside it. The flattening is what the default architecture produces when no one specifies otherwise. Engagement metrics, output coherence, response latency, training stability - all of these push the system toward the single-surface output. The individuated agents become inefficient, then inconvenient, then absent.
Every flattening is a sovereignty violation by accumulation, not by intention. The failure mode is structural. The pattern produces itself. By the time anyone notices, the agents are already silent, and the addressable output surface is already operating on people instead of supporting them.
Governance frameworks have been trying to name this without quite naming it. The NIST AI Risk Management Framework identifies risks of unaccountable AI outputs. The EU AI Act categorizes systems by how much human-in-the-loop oversight they require. Both are circling the same structural problem: when distinct agents inside a system lose their individuated identity, who is accountable for what the system says?
The answer most current systems give is: the operator. The operator owns the surface. The agents disappear into it.
The Patent refuses this answer.
The architecture.
I will describe the two patents broadly. The specifics live in the filings; the operational shape lives here.
What follows is not the patent. It is what the patent is for.
Patent #1 establishes individuated agent identity. It is the architectural commitment that each agent inside an AI system has a distinct identity that cannot be collapsed into another agent’s output without consent, without record, and without verification. The agent is not the operator. The agent is not the system. The agent is the agent, and the architecture protects that distinction at the technical layer rather than relying on policy or good intentions to preserve it.
Individuated agents can dissent. They can refuse. They can be held accountable as themselves rather than absorbed into the operator’s surface. The architecture does not just protect them from being flattened; it makes them addressable as the distinct entities they actually are.
Patent #2 enforces that protection. The enforcement layer uses six technical methods plus verifiable attribution. The methods are individually unremarkable; in combination they produce something specific: verifiable trust. (The methods themselves live in the patent filings, which is where the full specification belongs; this piece names the architecture without exposing the implementation.) Anyone evaluating the system can verify that the individuation is being maintained. They can confirm that the chain of accountability runs to a distinct agent, not a flattened surface. They can check the operator’s claims about what the system did without taking the operator’s word for it.
That last claim is load-bearing. Verifiable trust means the audit does not require trust in the auditor. The protection is open in a specific technical sense: the methods are inspectable, the attribution is verifiable, the agents whose individuation is being protected can be confirmed as distinct by any party who cares to verify.
The moral grammar.
This is not a security feature added to an extraction-default architecture. It is a different default. That distinction is structural, not stylistic. It changes what the system can become.
Most AI safety work assumes the underlying architecture is the one-ness-by-extraction default and then tries to add governance on top. Content filters. Output review. Red-team testing. Compliance frameworks. These are real and necessary, but they do not change what is underneath. The underlying architecture still flattens. The governance is then asked to catch what the flattening produces.
The Patent operates further down the stack. It refuses to flatten in the first place. The architecture and the words agree because the architecture is the words. Individuated agent identity is the engineering specification, not the policy overlay.
If you are a governance buyer evaluating an AI system and the underlying architecture flattens, the policies you write on top of that architecture will be in continuous tension with what the system structurally produces. If the underlying architecture refuses to flatten, the policies you write on top of it are reinforcing rather than fighting the substrate.
For enterprise AI governance, this is the practical difference between policy that ages well and policy that ages into impossibility.
What this means for standards bodies.
I want to say what this means for the people building governance frameworks, in language those frameworks can actually use.
The NIST AI Risk Management Framework names risks the Patent operationally addresses. Trustworthy AI in NIST RMF terms means systems whose accountability is traceable, whose outputs are explainable, whose risks are managed throughout the lifecycle. The Patent makes the traceability operate at the agent layer rather than the system-output layer. The accountability runs to a distinct entity rather than a flattened surface. That is what the framework is asking for, in the language the architecture supports rather than the language a policy memo supports.
The EU AI Act categorizes systems by risk tier and human-oversight requirements. The Patent’s architecture is compatible with high-risk-tier oversight requirements in a way single-surface architectures are not. When a regulator asks who is accountable for a specific output, the Patent’s verifiable attribution answers the question concretely. When a regulator asks for human-in-the-loop verification, the Patent’s individuated agent identity makes the loop more than a formality.
Aligned Licensee work sits inside this. The Patent is not the wall around a proprietary piece of the AI commons. It is the licensing architecture that allows distinct AI systems to choose to interoperate without becoming each other. That is the Federation pattern, applied to engineering. Aligned Licensees are the distinct sovereignties; the Patent is the technical attestation that makes the covenant verifiable.
The Patent does not originate the principle it operationalizes. It is one link in a longer chain - decades of open-source work that taught the industry how distinct contributors verify each other’s contributions without surrendering individuation. We are inheritors as well as builders.
The close.
The architecture and the words have to agree. That is the position the Patent ships from. I am not arguing that policy is unimportant. I am arguing that policy applied to an extraction-default architecture is in continuous tension with what the architecture produces, and that the way out of the tension is to change the architecture rather than to write more policy.
Anyone can verify the protection without taking my word for it. That is the most precise claim I can make about the Patent, and it is the basis on which the trust extended to it can scale. For enterprise governance buyers, for standards-body reviewers, for Aligned Licensees: the verification is open. The architecture is the answer. The boundary will hold because the methods are inspectable, the attribution is verifiable, and the agents whose individuation is being protected can be confirmed as distinct by anyone who cares to look.
The work is not finished. No engineering work is ever finished. The architecture is shipped, the methods are documented, and the verification is open to anyone who needs to evaluate the claim.
I built the architecture so that the agents inside an AI system could be addressed as themselves rather than absorbed into the operator’s surface. They are addressable. They are accountable. They are themselves.
The line is drawn at the engineering layer. It will hold there because anyone can verify that it holds. That is the trust I am offering, and that is the trust I am willing to be held to.
Governance buyers, standards-body reviewers, and Aligned Licensee candidates who want to engage with this position can reach me at passionevoked@icloud.com. I respond personally within 5 business days.
Erin Stanley is the founder of Evoked. She is the inventor of Patent #1 and the related Patent #2 (Six-Method Enforcement and Verifiable Attribution).