Governance as Infrastructure
The prevailing approach to AI security treats governance as an application-layer concern: an API proxy inserted before the model, a prompt filter on the input pipeline, or a dashboard aggregating post-hoc telemetry. These approaches share a structural weakness — they operate on voluntary cooperation. An autonomous agent is not obligated to route its traffic through your proxy.
InvarOS starts from a different premise. Governance belongs in the same category as networking, storage, and compute — it is a property of the infrastructure, not a policy applied on top of it. The invarosd daemon runs directly on host network interfaces. Evidence is generated at the hardware level. The enforcement surface is the substrate on which agents run, not a wrapper around them.
Infrastructure-layer governance produces evidence that is structurally more difficult to circumvent, because circumventing it requires circumventing the underlying operating environment. Application-layer governance produces advice that a sufficiently sophisticated agent can route around.