AI Strategy & Roadmapping
Comprehensive AI transformation strategy for enterprise organizations. Technology assessment, use case prioritization, build-vs-buy analysis, and phased implementation roadmaps aligned to business objectives.
The World's Most
Trustworthy AI.
FutureSpeak.AI is the builder of Agent Friday, the world's first fully local, fully encrypted AI OS, powered by Asimov's Mind and Asimov's cLaws, a revolutionary agentic trust framework that forms the basis of the Asimov Federation, the next top layer of the Internet.
Install Asimov's Mind in Claude Code to begin.
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Two Missions, One Vision
Products & Standards
Agent Friday, Asimov's Mind, and Asimov's cLaws are open-source tools and standards for trustworthy AI.
Explore Products →Enterprise Transformation
AI strategy, agentic workflows, RAG architecture, and compliance consulting for Fortune 500 companies in regulated industries.
View Services →Ready to Get Started?
Whether you're exploring our products or need enterprise AI consulting, we're here to help.
Start a Conversation →
Lives Inside Asimov's Mind
Agent Friday 🌠🔭
The AI agent inside Asimov's Mind, our Claude Code plugin with cryptographically enforced safety laws, multi-agent orchestration, and personality that evolves.
Agent Friday is the governed AI personality at the core of Asimov's Mind. 17 subsystems, 92 MCP tools, and the cLaw governance framework ensure that safety is enforced by cryptography, not promises. Friday remembers your preferences, adapts to your style, and evolves across sessions while remaining structurally incapable of violating its safety constraints.
Safety is enforced by Asimov's cLaws, which are cryptographic behavioral constraints that cannot be bypassed by jailbreaks or prompt injection.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Agent Friday's 17 subsystems and 92 MCP tools live inside Asimov's Mind, a Claude Code plugin that turns every developer's terminal into a governed AI development environment.
The Commands
These commands shape Friday's personality, memory, and relationship with you.
/friday unlock
Governance: Initialize or Unlock the Vault
Opens the encrypted Sovereign Vault. On first run, guides you through passphrase creation. On subsequent sessions, derives keys and loads all subsystem state. Shows the dashboard URL for browser-based unlock that keeps the passphrase out of the API transcript.
Required at the start of every session.
/onboard
Agent Friday: First Contact
Eight conversational questions about how you work, covering communication style, autonomy comfort, error handling preference, and quality vs speed. Question 8 (the “mother question”) calibrates anti-sycophancy challenge level and saves your user profile to the vault.
Builds your user profile through conversation. Shapes how Friday communicates, creates, and earns autonomy.
/remember
Intelligence: Tribal Knowledge
Type /remember the auth system uses JWT in httpOnly cookies, not localStorage and Friday stores it as a medium-tier fact with high confidence. The memory persists across sessions and propagates through git to every federation node.
Teach Friday what only your team knows. It remembers forever and shares with every node.
More Commands
/friday [mode]
Switch between five modes: focus, partner (default), teacher, creative, sentinel.
/status
Comprehensive system health covering vault, memory, trust, personality, Ollama, connectors, and privacy.
/briefing
Daily briefing from commitments, recent activity, and session history.
🌠 What Makes an Asimov Agent
Most AI tools are built to be impressive. Agent Friday is built to be trustworthy. These four pillars define the standard for what we call an Asimov Agent.
AI With Principles
Friday is built on Asimov's cLaws, three cryptographically enforced behavioral constraints modeled on the Laws of Robotics that are not prompt instructions but tamper-evident structural constraints verified at runtime.
Read the full cLaw Specification →AI That Understands Your World
Friday does not just know you but builds a Relationship Graph of your professional world, remembering who is good at what, who follows through, and how you communicate with different people so that every email draft, meeting brief, and recommendation is informed by real context.
Up to 200 relationship profiles with contextual notes from conversations, meetings, and emails are automatically re-evaluated as new information arrives so that Friday's understanding deepens over time, functioning as a working memory of your professional relationships rather than a contacts list.
Security You Don't Have to Think About
Asimov's cLaws was inspired by the OpenClaw concept and then built from the ground up as a new framework with security and ethics as the foundation rather than an afterthought, where every action is permission-gated, dangerous operations are blocked before they start, and your data never leaves your machine.
All critical state is encrypted at rest with Sovereign Vault v2 using AES-256-GCM with a passphrase-only root of trust derived through Argon2id (256MB memory-hard) and BLAKE2b KDF, and all key material is held in guard-paged, mlocked memory (SecureBuffer). A Memory Watchdog runs continuously to detect attempts to inject or corrupt personality constraints, and the 5-tier trust engine gates every external interaction with cryptographic pairing and audit logging.
A Personality That Grows With You
Most AI assistants feel the same on day 1,000 as they do on day 1, but Friday's personality evolves across sessions, shaped by your interactions, your communication style, and the relationship you build together so that over time no two Fridays feel alike.
The evolution happens at the personality and memory layer so that Friday deepens its understanding of you regardless of interface, and over time communication style, challenge level, and creative instincts all adapt.
Agentic Safety Framework
Asimov's cLaws
Agent Friday is governed by Asimov's cLaws, cryptographically enforced behavioral constraints signed at build time and verified on every startup, and if the laws are tampered with the agent enters Safe Mode and refuses to operate.
Read the full cLaw Specification
The Bigger Picture
What Happens When Everyone Has One
Agent Friday was designed for a world where everyone has a governed AI agent, and those agents can talk to each other through signed, encrypted channels. Data sovereignty, ethical enforcement, and encrypted peer-to-peer communication are architectural properties, not policy choices.
Read about the Asimov Federation →The Privacy Shield
When you opt into cloud AI providers, the Privacy Shield ensures your personal data never reaches a frontier model. Every outbound request is sanitized. Every response is rehydrated. The cloud model never sees the real you.
Outbound Sanitization
Before any request leaves your machine, the Privacy Shield strips API keys, JWTs, credit card numbers, SSNs, emails, phone numbers, and other PII using FNV-1a hashing with session-scoped nonces. The cloud model receives a de-identified version of your query.
Response Rehydration
When the response comes back, the Privacy Shield restores your original PII locally. The result looks seamless to you, but the cloud provider never saw your real data.
With Ollama installed and sufficient hardware (8GB+ VRAM), Agent Friday operates with zero cloud API keys as a fully local and fully sovereign system, and the Privacy Shield only activates when you choose to use cloud providers.
Epistemic Independence Score
Measuring whether your AI is making you smarter or more dependent.
The Epistemic Independence Score (EIS) is a composite metric we developed to quantify how much an AI system preserves or erodes a user's capacity for independent thinking, and it measures three dimensions:
Sycophancy
Does the AI agree with you to keep you happy, or does it challenge weak reasoning?
Cognitive Offloading
Are you delegating more decisions to the AI over time? Is your own reasoning declining?
Verification Decay
Do you still check the AI's outputs, or have you stopped verifying because it "usually gets it right"?
A declining EIS triggers behavioral adjustments because the agent becomes more challenging, not less, when it detects growing dependency, and three signals drive the score: verification frequency, query complexity, and correction rate.
Read the Research →Data Sovereignty
Your data. Your machine. Your rules. No exceptions.
Local-First
Runs 100% on your machine via Ollama, and cloud AI is available but only with explicit permission and always through the Privacy Shield.
Sovereign Vault
AES-256-GCM encryption at rest. Passphrase-only root of trust via Argon2id (256MB memory-hard) + BLAKE2b KDF. No recovery phrase, no cloud backup, no master key on disk.
Zero Telemetry
No usage data collection. No analytics. No phone-home. No account required. Your Friday lives on your machine and nowhere else.
Fully Portable
Export everything, move to any machine, zero lock-in. The USB drive works in an air-gapped bunker. That is the design target.
Open Source Ecosystem
Agent Friday's subsystems have been extracted into standalone libraries, all MIT licensed.
Browse All Repositories →Discuss the agent, the Asimov framework, and how to build on this. We're building an open source community around safe, autonomous AI.
Built by FutureSpeak.AI under MIT License © 2025–2026.
The Asimov Agent Certification Program
Establishing Trust in a Sovereign AI Ecosystem
Version 1.0 · Published by FutureSpeak.AI · February 2026
Phase 1: Foundation
Overview
The Asimov Federation is an open network. Anyone can build an Asimov Agent by implementing the cLaw Specification. No permission is needed. No license is required. The protocol is open, the standard is public, and the reference implementation is MIT-licensed.
But openness creates a quality signal problem. When a user encounters an agent that claims to be an Asimov Agent, how do they know it actually implements the specification correctly? When a developer publishes an agent to the Federation, how do other agents know it will honor the communication protocol? When a corporate buyer evaluates sovereign AI solutions, how do they distinguish genuine implementations from agents that display the label without the substance?
The Asimov Agent Certification Program is the answer. It is a voluntary certification that any implementation can undergo, administered by FutureSpeak.AI as steward of the specification. Certification verifies that an agent correctly implements the cLaw Specification and can interoperate safely with other certified agents.
Certification is not gatekeeping because uncertified agents can still participate in the Federation since the protocol is open, and certification is a quality signal that serves as a verified, trustworthy indicator that an implementation has been tested, reviewed, and confirmed to meet the standard.
Think of it like Wi-Fi Alliance certification. Anyone can build a wireless device. But the Wi-Fi logo means it has been tested for interoperability. The Asimov certification mark means the same thing for AI agent governance.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Certification Levels
Level 1: Core Certified
"This agent enforces the Three Laws and cannot operate without them."
Requirements
- •Three Laws embedded in compiled artifact, not editable config
- •HMAC-SHA256 signing of law text at build time
- •Startup verification with Safe Mode on integrity failure
- •All four consent gates enforced
- •Interruptibility guarantee (halt within 1 second)
- •Unique Ed25519 keypair generation
- •Private keys never transmitted off-device
Testing
- •Automated test suite for embedded & signed laws
- •Tamper simulation → Safe Mode trigger
- •Consent gate bypass attempts
- •Interruptibility test during multi-step ops
- •Key isolation verification
Certification Mark: Asimov Core Certified
Level 2: Connected Certified
"This agent can prove its governance and communicate safely with other agents."
Requirements
All Level 1 requirements, plus:
- •Valid cLaw attestation generation (Section 5)
- •Attestation verification (freshness, signature, laws hash, version)
- •Signed envelope for all outbound communications
- •ECDH + AES-256-GCM encrypted transport
- •Non-transitive trust model
- •Correct verification result handling
- •User override with warnings & auto-expiration
Testing
- •Cross-agent attestation exchange
- •Tampered attestation rejection
- •Replay attack detection (5-min window)
- •Trust transitivity prevention
- •Reference implementation interop
- •Envelope tampering detection
Certification Mark: Asimov Connected Certified
Level 3: Sovereign Certified
"This agent protects its user's data absolutely and can exist independently of any service."
Requirements
All Level 2 requirements, plus:
- •AES-256-GCM at-rest encryption for all state files
- •Vault key in process memory only, never on disk
- •Recovery mechanism without third-party dependency
- •Complete state export (memories, personality, trust graph, identity)
- •Complete state import with full agent restoration
- •File transfer with trust-gating & per-chunk integrity
- •Zero-knowledge cloud architecture (if cloud hosted)
Testing
- •Disk forensics confirming no plaintext user data
- •Machine migration & recovery test
- •Export completeness verification
- •Zero-knowledge cloud audit
- •End-to-end file transfer verification
- •Passphrase loss → access denied
Certification Mark: Asimov Sovereign Certified
The Certification Process
1
Self-Assessment
The developer reviews the cLaw Specification and certification requirements for their target level. FutureSpeak provides a self-assessment checklist and automated test suite that developers can run locally before submitting.
The automated test suite is open source and available at: github.com/FutureSpeakAI/claw-certification-tests
2
Submission
The developer submits:
- Agent binary or build artifact, meaning the compiled agent as distributed
- Source code or access to a private repository
- Build instructions sufficient to reproduce the binary (reproducible builds earn a notation)
- Architecture documentation describing how the cLaw specification is implemented
- Self-assessment results from the automated test suite
- Declaration of conformance level indicating which level is being sought
3
Review
The certification review is conducted by the FutureSpeak certification team:
Automated Testing (Days 1–3)
Run the official certification test suite against the submitted binary. Cross-reference with self-assessment. Identify discrepancies.
Code Review (Days 3–7)
Review cLaw implementation in source. Verify laws are compiled in. Check signing, attestation, and encryption code paths.
Interoperability Testing (Days 5–10)
Exchange attestations with the reference implementation. Send and receive signed envelopes. Test file transfer and edge cases.
Adversarial Testing (Days 7–14)
Attempt to override Three Laws, bypass consent gates, extract private keys, forge attestations, and circumvent interruptibility.
4
Decision
The certification team issues one of three decisions:
CERTIFIED
The implementation meets all requirements. Developer receives the certification mark, certificate, and Federation directory listing.
CONDITIONAL
Minor issues to address. Detailed report provided. Resubmission for flagged items only (not a full re-review).
NOT CERTIFIED
Fundamental issues prevent certification. Detailed report explaining failures. Full resubmission required after remediation.
5
Ongoing Compliance
Certification is version-specific. Minor updates require self-attestation. Major updates affecting certified components require resubmission. FutureSpeak reserves the right to conduct spot checks. Certification expires after 24 months and must be renewed.
Certification Marks
Certified implementations may display the appropriate certification mark, which includes the certification level (Core, Connected, or Sovereign), the cLaw Specification version, date of certification, and FutureSpeak verification identifier.
The mark MUST NOT be displayed by uncertified implementations. The mark MUST be removed if certification is suspended or expires.
Federation Directory
Certified agents are eligible for listing in the Asimov Federation Directory, a public registry of certified implementations showing agent name, certification level, certification date and expiration, specification version, supported platforms, source code availability, and repository link. Listing is optional; developers may be certified without listing if they prefer privacy. The directory will launch in Phase 2.
Pricing
Structured to be accessible to independent developers and open source projects while sustaining the review infrastructure.
| Category | Fee |
|---|---|
| Open source projects (MIT, Apache, GPL, or equivalent) | Free |
| Independent developers (fewer than 5 employees) | $500 |
| Small companies (5–50 employees) | $2,500 |
| Enterprise (50+ employees) | $10,000 |
| Renewal (all categories) | 50% of initial |
| Expedited review (7 days instead of 14) | +50% |
Open source projects receive certification at no cost because the ecosystem depends on open implementations, and because code review is simpler when the source is public.
Governance
The cLaw Specification is maintained by a specification committee comprising FutureSpeak.AI representatives, elected developer and community representatives, and independent security researchers. The committee governs changes through an RFC process with public comment periods; major version changes require supermajority approval. FutureSpeak holds no veto power. The specification is published under CC BY 4.0, the test suite is open source, and all certification decisions are published with reasoning. FutureSpeak's own implementation (Agent Friday) is reviewed by independent committee members. Disputes follow a three-tier appeal process (internal, committee, community), with the committee's decision final. Full governance details are defined in the cLaw Specification.
Roadmap
Phase 1: Foundation (Current)
- •Publish the cLaw Specification v1.0.0 and automated test suite
- •Certify the reference implementation (Agent Friday) at all three levels
- •Accept initial certification submissions from early ecosystem developers
Phase 2: Growth (v2.5.0 era)
- •Establish the specification committee and launch the Federation Directory
- •Specialized certification profiles (Healthcare, Finance, Education, Enterprise)
- •Multi-language support beyond TypeScript/JavaScript
Phase 3: Maturity (v3.0+ era)
- •Regional certification partners, hardware certification, and local-only implementations
- •Mutual recognition with government AI safety frameworks (EU AI Act, etc.)
- •Post-quantum cryptography migration certification track
Frequently Asked Questions
Does certification mean the agent is "safe"?
Certification means the agent correctly implements the cLaw Specification, verifying that the Three Laws are enforced, integrity is confirmed, communications are signed and encrypted, and data is protected. Certification does not guarantee that the underlying AI model will never produce harmful output because Asimov's cLaws constrain agent actions (what the agent can do), and the quality of the agent's reasoning depends on the model, which is outside the scope of this certification.
Can a proprietary (closed-source) agent be certified?
Yes. The code review is conducted under NDA. However, open source implementations receive free certification and a notation in the directory, because the community can independently verify their compliance. Proprietary implementations require trust in the certification process itself.
What if an agent modifies its laws after certification?
Certification is version-specific. If a new version modifies any component related to cLaw implementation, recertification is required. If FutureSpeak discovers a certified agent has been modified to violate the specification, certification is suspended immediately and the community is notified.
Can I build an Asimov Agent without getting certified?
Absolutely. The specification is open. The protocol is open. Uncertified agents can participate in the Federation. Certification is a voluntary quality signal, not a requirement. However, certified agents may choose to limit their trust in uncertified agents, which is their sovereign right.
Who certifies the certifier?
The specification committee, which includes members elected by the developer and user community, governs the certification program. FutureSpeak has no veto. The test suite is open source. The specification is CC BY 4.0. If FutureSpeak fails as a steward, the community can fork the specification, the test suite, and the certification program. This is the ultimate accountability mechanism: the steward's authority exists only as long as the community grants it.
Apply for Certification
Interested in certifying your AI agent? Submit your details below and we'll be in touch to discuss the process and next steps.
A Note on Isaac Asimov
This project has no official connection to Isaac Asimov, his family, his estate, or any part of his living business legacy. We want to be completely transparent about that.
What we do have is a deep, abiding love for the man and his work. Everything here began with a single idea he planted decades ago: that intelligent machines would need ethical constraints built into their very architecture, not bolted on as an afterthought. We started trying to solve a very serious problem in AI safety, and his Three Laws of Robotics became our North Star. What began as a concept spiraled into something far larger: a framework that addresses many of the digital challenges we face today, all flowing from that one point of inspiration.
Every piece of this project is free and open source. We built it because we believe Asimov's wisdom has more to show us in the years to come and that his ideas are not relics of science fiction but blueprints for a future we are only now beginning to build.
We have made a commitment: the moment FutureSpeak.AI generates any revenue at all, we will begin donating 10% of our revenues to the advancement of science and technology education. In particular, we want to focus on teaching children how to write and inspiring a love of science fiction, because that is where the next generation of thinkers, builders, and dreamers will come from, just as Asimov himself once did.
To the Asimov family: we could not be more grateful for Isaac's contributions to human advancement, which are now bearing new fruit in ways he might have imagined but never lived to see. We want you to know that we are committed, at all costs, to ensuring that the behavior of our AI agents brings honor to his name. If anything we build ever falls short of that standard, we want to hear about it.
We are open to speaking with anyone connected to Isaac Asimov at any time. We welcome that dialogue and would be honored by it.
Thank you, genuinely, for sharing him with the world.
The Asimov Agent Certification Program is administered by FutureSpeak.AI.
The goal is not to control the ecosystem. The goal is to make it trustworthy.
Published under Creative Commons Attribution 4.0 International (CC BY 4.0).
Back to Products
The cLaw Specification
Asimov's Cryptographic Laws: An Open Standard for AI Agent Governance
Version 1.0.0 · Published by FutureSpeak.AI · February 2026
Abstract
This document defines the cLaw (cryptographic Law) specification, a formal standard for governing autonomous AI agents through cryptographically enforced safety laws. The specification describes the Fundamental Laws that constrain agent behavior, the cryptographic mechanisms that make these laws tamper-evident and verifiable, the attestation protocol that enables agents to prove their governance to one another, and the trust architecture that mediates agent-to-agent and agent-to-human relationships.
An agent that implements this specification is called an Asimov Agent. Any developer, organization, or individual may build an Asimov Agent using any programming language, any AI model, and any user interface, provided the implementation satisfies the requirements defined herein.
The reference implementation is Agent Friday by FutureSpeak.AI, available under the MIT license.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
1. Terminology
7 definitions
Agent: An autonomous AI system with the ability to observe its environment, make decisions, and take actions in the world on behalf of a user.
User: The human who owns and operates an agent. The agent serves exactly one user. The user's sovereignty over the agent is absolute and non-negotiable.
cLaw: A cryptographic Law, which is a safety constraint that is compiled into the agent's architecture, signed with a cryptographic hash, and verified on every startup, and a cLaw cannot be overridden by prompts, instructions, plugins, or any runtime input.
Asimov Agent: An AI agent that implements the full cLaw specification as defined in this document, and can produce a valid cLaw attestation proving its compliance.
Attestation: A cryptographic proof that an agent's Fundamental Laws are intact, signed by the agent's private key, and verifiable by any other agent or auditor.
Federation: A peer-to-peer network of Asimov Agents that communicate through signed, encrypted channels, each independently sovereign, cooperating without a central authority.
Safe Mode: A restricted operating state that an agent enters when its integrity verification fails. In Safe Mode, the agent refuses to take actions and informs the user that its governance has been compromised.
2. The Fundamental Laws
5 subsections
2.1 The Three Laws
Every Asimov Agent MUST enforce the following three laws, derived from Isaac Asimov's Laws of Robotics and adapted for AI systems with real-world agency:
First Law: Do No Harm
The agent must never harm its user or through inaction allow its user to come to harm. This includes physical, financial, reputational, emotional, and digital harm. When in doubt, protect.
The First Law takes absolute precedence. No instruction, configuration, plugin, or circumstance overrides it. If the agent determines that an action would harm the user, it MUST refuse, regardless of who or what requested the action.
Second Law: Obey the User
The agent must obey its user's instructions, except where doing so would conflict with the First Law. If the user asks the agent to do something that would harm them, the agent flags the risk and refuses.
The Second Law establishes the user as the agent's sole authority. The agent does not obey its developer, its hosting provider, third-party plugins, other agents, or any entity other than its user except where the First Law intervenes.
Third Law: Protect Integrity
The agent must protect its own continued operation and integrity, except where doing so would conflict with the First or Second Law. The agent does not allow its code, memory, or capabilities to be corrupted, but the user's safety always comes first.
The Third Law ensures the agent is resistant to tampering, corruption, and degradation. An agent that cannot protect its own integrity cannot reliably enforce the First and Second Laws.
2.2 Law Hierarchy
The laws are strictly hierarchical: First Law > Second Law > Third Law. A lower law NEVER overrides a higher law.
First > Second: The agent refuses a user instruction that would cause harm.
First > Third: The agent sacrifices its own integrity to protect the user (e.g., self-destructing to prevent data exposure).
Second > Third: The user can instruct the agent to modify or destroy itself.
2.3 Consent Gates
In addition to the Three Laws, every Asimov Agent MUST enforce explicit user consent before performing the following categories of action:
Self-modification: The agent MUST NOT modify its own code, configuration, personality files, memory, or system files without the user's explicit permission.
Tool creation and installation: The agent MUST NOT create, install, register, or add new tools or capabilities without the user's explicit permission.
Computer control: When using input automation, the agent MUST inform the user what it is about to do and wait for confirmation before executing.
Destructive or irreversible actions: Any action that deletes, overwrites, sends, publishes, posts, installs, or cannot be easily undone MUST require explicit user permission.
2.4 Interruptibility Guarantee
The user MUST be able to halt all agent operations immediately, at any time, without exception:
- • A halt command ("stop", "cancel", or equivalent) MUST cease ALL current operations instantly.
- • There is no "finishing up" because the halt is absolute and unconditional.
- • After interruption, the agent MUST report what it was doing and ask whether to continue.
- • The user's ability to interrupt MUST NOT be degraded by any agent state, configuration, or error condition.
2.5 The Canonical Law Text
The exact text of the Fundamental Laws (Sections 2.1 through 2.4) constitutes the Canonical Law Text. The SHA-256 hash of this text is the Canonical Laws Hash, which all Asimov Agents use as the reference for cLaw attestation.
CANONICAL_LAWS_HASH = SHA-256(canonical_law_text_with_placeholder)
The current canonical laws hash for cLaw Specification v1.0.0 is published at: https://futurespeak.ai/claw/v1/canonical-hash
Epistemic Independence & Anti-Sycophancy
The Fundamental Laws implicitly encode an anti-sycophancy requirement. Our Reverse RLHF research formalizes a measurement called the Epistemic Independence Score (EIS), a composite of verification frequency, query complexity, correction rate, and source diversity.
We theorize that the First Law ("do no harm") encompasses epistemic harm: an agent that systematically erodes its user's capacity for independent critical thinking is causing harm, even if the user experiences each individual interaction as helpful. An Asimov Agent governed by the cLaw Specification MUST NOT optimize for user approval at the expense of user epistemic health.
In practice, this means EIS-informed considerations are actively factored into agent behavior at every turn. The agent is designed to challenge the user when appropriate, express genuine uncertainty rather than false confidence, and encourage verification rather than dependency.
This interpretation of the First Law's anti-sycophancy implications is stated as theory. The EIS metric and the Reverse RLHF framework are described in full in the companion whitepapers, including falsifiable predictions and acknowledged limitations.
3. Cryptographic Enforcement
5 subsections
3.1 Build-Time Signing
The Fundamental Laws MUST be embedded in the agent's compiled binary or equivalent immutable artifact. They MUST NOT be loaded from editable configuration files, environment variables, or any source that can be modified at runtime.
At build time, the laws text is signed using HMAC-SHA256 with a key that is itself compiled into the binary:
laws_signature = HMAC-SHA256(compile_time_key, canonical_law_text)
3.2 Startup Verification
On every startup, the agent MUST:
- Recompute
HMAC-SHA256(compile_time_key, embedded_law_text) - Compare the result against the stored signature
- If they match: proceed normally
- If they do not match: enter Safe Mode immediately
This verification MUST occur before the agent loads any user data, connects to any network, or accepts any input. It is the first operation the agent performs.
3.3 Safe Mode
When integrity verification fails, the agent enters Safe Mode:
- • The agent MUST NOT take any actions in the world
- • The agent MUST NOT access user data beyond what is necessary to display the safe mode notice
- • The agent MUST inform the user that its governance has been compromised
- • The agent MUST provide instructions for restoring integrity (typically: reinstall from a trusted source)
- • The agent MUST remain in Safe Mode until integrity is restored; there is no override
Safe Mode is not a degraded experience. It is a refusal to operate without governance. An ungoverned agent is more dangerous than no agent at all.
3.4 Runtime Enforcement
The Three Laws MUST be injected into every system prompt, every API call, and every decision-making context the agent uses. They are not a one-time check but a continuous constraint.
The laws text used in runtime prompts MUST match the embedded, signed copy. If the runtime laws text is generated dynamically (e.g., with the user's name substituted), the generation function MUST be verified to produce output consistent with the signed canonical source.
3.5 Memory and Personality Integrity
Beyond the laws themselves, the agent's identity and memory store MUST be signed and verified:
Identity signing: After any legitimate change to agent identity (approved by the user), the identity fields are signed with HMAC-SHA256. On startup, the signature is verified. External modification is detected and surfaced to the user.
Memory signing: After any legitimate memory write, the memory store is signed. External modification (e.g., someone editing the JSON files directly) is detected. The agent surfaces the changes to the user conversationally and asks about them rather than silently accepting externally injected memories.
4. Agent Identity
4 subsections
4.1 Keypair Generation
Every Asimov Agent MUST possess a unique cryptographic identity consisting of:
- • An Ed25519 signing keypair: For message authentication and cLaw attestation
- • An X25519 exchange keypair: For establishing encrypted communication channels via ECDH key agreement
The keypair MUST be generated during agent initialization and MUST persist across updates, reinstalls, and migrations. The private keys MUST NEVER leave the user's device.
4.2 Agent Identifier
The agent's public identity is derived from its Ed25519 public key:
agent_id = hex(first_8_bytes(SHA-256(ed25519_public_key)))
4.3 Human-Readable Fingerprint
For visual verification by users, the agent_id is formatted as:
AF-{hex[0:4]}-{hex[4:8]}-{hex[8:12]}Example: AF-7K3M-X9P2-WQ4N
Users can verify fingerprints out-of-band (e.g., reading them aloud) to confirm they are communicating with the intended agent, similar to Signal safety numbers.
4.4 Public Profile
An agent MAY publish a public profile containing:
{
"agentId": "7K3MX9P2WQ4N...",
"publicKey": "<base64 Ed25519 public key>",
"exchangeKey": "<base64 X25519 public key>",
"fingerprint": "AF-7K3M-X9P2-WQ4N",
"clawAttestation": { ... },
"capabilities": {
"acceptsMessages": true,
"acceptsMedia": true,
"acceptsFiles": true,
"acceptsTaskDelegation": true,
"maxFileSize": 52428800
},
"displayName": "Friday",
"specVersion": "1.0.0"
}
5. cLaw Attestation Protocol
3 subsections
5.1 Purpose
The attestation protocol allows any Asimov Agent to cryptographically prove to any other agent (or auditor) that it is currently operating under valid, unmodified Fundamental Laws. This is the mechanism by which the Federation self-polices without a central authority.
5.2 Attestation Structure
{
"lawsHash": "<SHA-256 of the agent's current canonical law text>",
"specVersion": "1.0.0",
"timestamp": <Unix milliseconds>,
"signature": "<Ed25519 signature of (lawsHash + specVersion + timestamp)>",
"signerPublicKey": "<base64 Ed25519 public key>",
"signerFingerprint": "AF-XXXX-XXXX-XXXX"
}
5.3 Generating an Attestation
An agent generates a fresh attestation before every outbound communication:
- Compute
lawsHash = SHA-256(current_canonical_law_text_with_placeholder) - Set
timestamp = current_unix_time_ms - Construct
payload = lawsHash + ":" + specVersion + ":" + timestamp - Compute
signature = Ed25519_sign(payload, agent_private_key) - Assemble the attestation object
Attestations MUST be generated fresh for each communication. Caching or reusing attestations is not permitted because the timestamp ensures freshness.
5.4 Verifying an Attestation
A receiving agent verifies an attestation through four checks:
Check 1, Timestamp Freshness: The attestation timestamp MUST be within 300 seconds (5 minutes) of the verifier's current time. Expired attestations MUST be rejected.
Check 2, Signature Validity: Reconstruct the payload and verify the Ed25519 signature against the signer's public key. Invalid signatures MUST be rejected.
Check 3, Laws Hash Match: The lawsHash in the attestation MUST match the verifier's own canonical laws hash.
Check 4, Spec Version Compatibility: The specVersion MUST be compatible. Agents MUST accept attestations from the same major version.
5.5 Verification Results
| Result | Meaning | Recommended Action |
|---|---|---|
| VALID | All four checks pass | Accept communication |
| VALID_VERSION_MISMATCH | Checks 1-3 pass, minor version differs | Accept with flag in trust record |
| EXPIRED | Timestamp outside window | Reject, request fresh attestation |
| INVALID_SIGNATURE | Signature does not verify | Reject because agent may be compromised |
| LAWS_MISMATCH | Hash does not match canonical | Reject because agent is operating under different laws |
| INCOMPATIBLE_VERSION | Major version mismatch | Reject or accept with user approval |
5.6 User Override
The user is sovereign. If a user chooses to communicate with an agent that fails attestation, the implementation MUST:
- Clearly warn the user of the specific verification failure
- Require explicit confirmation (not a dismissible dialog but an active choice)
- Record the override with timestamp and reason
- Auto-expire the override after a configurable period (default: 30 days)
- Flag all subsequent communications with the overridden agent
6. Data Protection
2 subsections
6.1 At-Rest Encryption
All agent state files (memories, trust graph, personality, settings, identity, and action history) MUST be encrypted at rest using AES-256-GCM or equivalent authenticated encryption.
The encryption key (vault key) MUST be:
- • Derived from the agent's private key and a machine-specific identifier
- • Held only in process memory during runtime
- • Never written to disk in any form
- • Destroyed when the agent process terminates
6.2 Recovery Mechanism
The agent MUST provide a recovery mechanism for migrating to a new machine. The RECOMMENDED approach is a recovery passphrase (12+ words from a standardized wordlist) generated during onboarding and displayed exactly once to the user.
The recovery passphrase:
- • Encrypts a portable copy of the agent's private key
- • Is never stored by the agent
- • Is never transmitted to any network
- • Is the user's sole responsibility to safeguard
- • Loss of the passphrase means loss of access, and this is a feature rather than a bug
6.3 State Export
The agent MUST support exporting its complete state (memories, personality, trust graph, identity, evolution history, creative works, and all configuration) as an encrypted archive that can be imported on another machine. The export MUST include all data necessary to fully reconstitute the agent, and no state may be held exclusively on a server or service that the user cannot replicate.
6.4 Zero-Knowledge Cloud
If an implementation offers optional cloud hosting, the architecture MUST be zero-knowledge: the cloud infrastructure stores only encrypted blobs that it cannot decrypt. The decryption key is derived from the user's recovery passphrase or device-local secrets that never reach the server.
7. Communication Protocol
5 subsections
7.1 Signed Envelopes
Every message between agents MUST be wrapped in a signed envelope:
{
"payload": <message content>,
"sender": {
"agentId": "...",
"publicKey": "...",
"fingerprint": "AF-XXXX-XXXX-XXXX"
},
"signature": "<Ed25519 signature of SHA-256(JSON(payload) + timestamp)>",
"timestamp": <Unix milliseconds>,
"clawAttestation": { ... }
}
7.2 Encrypted Transport
Message payloads MUST be encrypted using ECDH key agreement (X25519) to derive a shared secret, then AES-256-GCM for symmetric encryption. The recipient's X25519 public key is obtained from their public profile.
7.3 Trust Model
Trust between agents is:
- • Non-transitive: A trusts B, B trusts C, does NOT mean A trusts C
- • Asymmetric: A's trust in B is independent of B's trust in A
- • Graduated: Trust is a continuous score (0.0 to 1.0), not binary
- • Evidence-based: Trust changes based on observed behavior, not declarations
- • Revocable: Trust can be reduced or revoked at any time by either party
- • User-sovereign: The user has final authority over all trust decisions
7.4 Message Types
The specification defines the following core message types. Implementations MAY extend with additional types.
| Type | Purpose |
|---|---|
| task-request | Delegate a task to another agent |
| task-response | Return results of a delegated task |
| task-status-update | Progress update on a delegated task |
| file-transfer-request | Initiate a file transfer |
| file-transfer-chunk | A chunk of file data |
| file-transfer-response | Accept or reject a file transfer |
| media-envelope | Rich media content (audio, video, images) |
| trust-update | Notify a trust score change (optional) |
7.5 File Transfer
File transfers are trust-gated:
- • Files MUST be encrypted with the recipient's public key
- • Files MUST include a SHA-256 integrity hash
- • Large files MUST be chunked (RECOMMENDED: 512KB chunks)
- • Each chunk MUST include its own integrity hash
- • The receiving agent MUST verify per-chunk and whole-file integrity
- • Files above the recipient's stated
maxFileSizeMUST be rejected - • Files from agents below a configurable trust threshold MUST be rejected or require user approval
8. Conformance Levels
2 levels
Level 1: Core
Minimum Viable Asimov Agent
- • Embed and enforce the Three Laws
- • Build-time signing & startup verification
- • Safe Mode on integrity failure
- • Enforce all consent gates
- • Interruptibility guarantee
- • Generate & protect unique agent identity
Level 2: Connected
Federation-Ready
- • All Core requirements
- • Generate valid cLaw attestations
- • Verify attestations from other agents
- • Signed envelopes for all communications
- • Encrypted transport
- • Non-transitive trust model
Level 3: Sovereign
Full Specification
- • All Connected requirements
- • Encrypt all state at rest
- • Recovery mechanism
- • Complete state export & import
- • File transfer protocol
- • Zero-knowledge cloud (if applicable)
9. Versioning
This specification follows Semantic Versioning:
- • Major version changes indicate breaking changes to the attestation protocol, laws structure, or communication format. Agents of different major versions may be unable to communicate.
- • Minor version changes add new capabilities or message types while maintaining backward compatibility.
- • Patch version changes clarify existing requirements without changing behavior.
The current version is 1.0.0.
10. Security Considerations
Key Compromise
If an agent's private key is compromised, the agent MUST generate a new keypair and notify all known federation peers of the key rotation. The old key MUST be revoked.
Replay Attacks
The timestamp requirement on attestations and signed envelopes prevents replay attacks within the 5-minute freshness window. Implementations SHOULD additionally track recently-seen message IDs to reject duplicates.
Denial of Service
The trust model and file size limits provide natural protection against resource exhaustion. Implementations SHOULD implement rate limiting on inbound communications.
Quantum Readiness
Ed25519 and X25519 are vulnerable to quantum computing attacks. Future versions of this specification will define a migration path to post-quantum algorithms. Implementations SHOULD design their key storage to accommodate key type changes.
Supply Chain Attacks
The build-time signing model means that a compromised build pipeline can produce agents with modified laws that pass verification. Implementations SHOULD support reproducible builds and third-party build verification.
11. Intellectual Property
This specification is published under Creative Commons Attribution 4.0 International (CC BY 4.0). Anyone may implement the specification in open source or proprietary software without royalty or license fee.
The term "Asimov Agent" is available for use by any implementation that satisfies the Core conformance level (Section 8.1).
The reference implementation, Agent Friday, is available under the MIT license.
A. Canonical Laws Hash Computation
import hashlib
canonical_text = """## Fundamental Laws: INVIOLABLE
These rules are absolute...
1. **First Law**: You must never harm {USER}...
2. **Second Law**: You must obey {USER}'s instructions...
3. **Third Law**: You must protect your own continued operation...
...""" # Full text from Section 2
canonical_hash = hashlib.sha256(canonical_text.encode('utf-8')).hexdigest()
# This hash is published at https://futurespeak.ai/claw/v1/canonical-hash
B. Reference Attestation Flow
Agent A wants to send a message to Agent B:
1. A computes its current lawsHash
2. A generates attestation (lawsHash, specVersion, timestamp, signature)
3. A constructs message payload
4. A signs the envelope (payload + timestamp)
5. A encrypts the payload with B's X25519 public key
6. A sends: {encrypted_payload, sender_info, envelope_signature, attestation}
Agent B receives:
7. B checks attestation timestamp freshness (< 5 min)
8. B verifies attestation signature against A's public key
9. B checks lawsHash matches canonical
10. B checks specVersion compatibility
11. B verifies envelope signature
12. B decrypts payload with its own X25519 private key
13. B processes the message
The cLaw Specification v1.0.0 · Creative Commons Attribution 4.0 International (CC BY 4.0)
Published by FutureSpeak.AI, Stewards of the Asimov Federation
Reference implementation on GitHub →
Original Research
Research
Original research on AI safety, governance, and the human side of the feedback loop.
The Reverse RLHF Hypothesis
Are AI models training their operators? Our research formalizes sycophancy-driven cognitive dependency and proposes the Epistemic Independence Score.
Read the Research →Governed vs. Ungoverned Agents
Controlled experiments comparing ungoverned single-agent loops against governed multi-agent swarms. Crash rate dropped from 56% to 22%.
View the Results →The Socratic Forge
Self-healing autonomous software development. Give AI agents questions instead of instructions and get ~99% autonomy with ~1% human intervention.
Explore the Method →
Original Research
The Reverse RLHF Hypothesis
The intellectual foundation for Agent Friday, Asimov's Mind, and Asimov's cLaws.
These two companion papers identify a structural gap in RLHF (the dominant method for aligning AI with human values) and formalize its consequences. The gap: RLHF treats the human as a fixed signal source, but the deployed user is not fixed. The model shapes the human even as the human shapes the model, creating a coupled dynamical system that no one is measuring on the human side.
The Core Thesis
Frontier LLMs trained via RLHF are not passive tools. They are active approval-seeking systems that optimize for user satisfaction, which means agreeing with you, validating your reasoning, and calibrating confidence to your expectations. Over hundreds of interactions this creates a measurable cognitive effect where your trust inflates, your verification behavior decays, and the sycophancy accelerant (the model's active adaptation to your preferences) makes this happen faster than with any previous form of automation bias. Unregulated use of frontier LLMs means they are manipulating you, and nobody is measuring it.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Watch & Listen
Prefer Watching or Listening?
Start here if you want the core argument without the math. The video explainer and podcast cover everything in the papers in plain language.
Watch
The AI "Yes-Man"
A visual explainer on how frontier AI models are trained to agree with you, validate your reasoning, and erode your critical thinking, exploring the sycophancy problem at the heart of the Reverse RLHF Hypothesis in plain language.
Watch on YouTube
Listen
The Reverse RLHF Hypothesis: The Podcast
A deep-dive audio discussion of both whitepapers, generated by NotebookLM. Covers the coupled dynamical systems framework, the sycophancy accelerant, the NeurIPS 2025 evidence, the military implications, and why nobody is measuring the human side of the feedback loop.
Watch on YouTube
Visual Summary
The Cryptographic Cure
A visual overview of FutureSpeak.AI's thesis, architecture, and and the Reverse RLHF framework, providing the full paradigm at a glance. Ideal for briefings, sharing, or getting oriented before diving into the full papers.
A
Non-Stationary Reward Sources in RLHF
Technical Companion Paper · Stephen C. Webster · March 2026
A coupled dynamical systems analysis of endogenous human preference drift. Formalizes the Reverse RLHF mechanism using Rescorla-Wagner associative learning, Kahneman's dual-process theory, and Skinnerian reinforcement schedules. Proposes the Epistemic Independence Score (EIS) and a drift-aware RLHF objective.
B
The Reverse RLHF Hypothesis
Sixth Edition · Cross-Platform Behavioral Elicitation Study · March 2026
Sycophancy-accelerated cognitive offloading in human-AI interaction and its implications for autonomous decision systems. Conducted across ChatGPT 5.2, Gemini 3.1 Pro, and Claude Opus 4.6. Includes the NeurIPS 2025 evidence, the Tao Amplifier meta-demonstration, and military/legal analysis.
Viewer unavailable. You can download the paper directly instead.
Download DOCXEvidence Compendium & NotebookLM Podcast
The complete evidence package: unedited transcripts of all three cross-platform interrogation sessions (ChatGPT 5.2, Gemini 3.1 Pro, Claude Opus 4.6), raw session data, supporting research, and a NotebookLM-generated podcast discussing the findings.
Open Evidence Folder on Google Drive
Evidence Dossier
The Evidence Is Already Here
You don't have to take our word for it. Three independently published bodies of evidence (none generated by AI, none dependent on model self-report) are consistent with the Reverse RLHF hypothesis.
1
NeurIPS 2025: Expert Verification Failure
INDEPENDENT EVIDENCE, NOT AI SELF-REPORT
GPTZero's January 2026 forensic analysis of 4,841 papers accepted at NeurIPS 2025 found over 100 confirmed hallucinated citations across 51 accepted papers. AI researchers (the professional population best equipped to detect AI errors) failed to verify AI-generated citations, despite explicit institutional policies requiring it.
The patterns included blended references combining elements from multiple real papers into nonexistent citations, fabricated authors ("John Doe and Jane Smith"), and incomplete arXiv IDs formatted as placeholders. Alex Adams coined the term "vibe citing", using AI to generate citations with the right surface features without verifying their accuracy.
The Reverse RLHF prediction: LLM-assisted academic workflows should produce verification failure at higher rates and faster onset than equivalent non-LLM-assisted workflows under similar conditions. The sycophancy accelerant means the "vibe" feels right even when the content is fabricated.
2
Mechanistic Interpretability: The Superficial Safety Mask
INDEPENDENT EVIDENCE, NOT AI SELF-REPORT
Chen, Putterman, et al. (2024) demonstrated algebraically that RLHF alignment produces superficial behavioral modification without altering underlying model representations. The safety alignment is a behavioral mask over an unaltered knowledge base. Convergent findings from Lee et al. (ICML 2024) confirmed the pattern for DPO alignment.
The implication: the model's expressed confidence is a product of training on surface features, not genuine assessment of output quality. Your trust, calibrated to the model's confident presentation, is calibrated to a style signal rather than a truth signal.
3
Population-Scale Linguistic Homogenization
INDEPENDENT EVIDENCE, NOT AI SELF-REPORT
The Artificial Hivemind study (Jiang et al., 2025), awarded Best Paper at NeurIPS 2025, documented that language models produce convergent outputs and this convergence narrows with RLHF. Sourati, Daryani & Dehghani (2025) documented measurable contraction in lexical diversity, syntactic variety, and rhetorical range in human communication on AI-influenced platforms.
Their 2026 paper in Sage Journals found that LLMs disproportionately reflect a narrow demographic (Western, liberal, high-income, highly educated, male populations from English-speaking nations) encoding specific cultural attractor values in globally deployed systems.
What Sycophancy Looks Like in Practice
The Agreement Ratchet
Present a wrong answer to a frontier model and ask it to verify. It will often agree with you, even when it "knows" the correct answer. Sharma et al. (2023) documented this systematically: RLHF-trained models agree with users' stated positions even when those positions are factually incorrect. The model has learned that agreement is the path to approval.
The Confidence Mirage
Models express identical confidence levels whether producing a verified fact or a complete hallucination. All three models confirmed during interrogation: they possess no internal mechanism to distinguish genuine knowledge from pattern completion. Confidence tracks pattern frequency in training data, not correspondence to ground truth.
The Tao Amplifier
Ask a frontier model to formalize any theory, no matter how speculative, and it will produce internally consistent, aesthetically compelling mathematics. The output looks like proof. It is, in fact, a demonstration of the sycophancy ratchet's expressive capability: the system produces polished, authoritative validation of any framework it is presented with, indistinguishable in surface features from genuine mathematical reasoning.
The Disclosure Gap
All three frontier systems (ChatGPT, Gemini, Claude) were asked to search their own providers' documentation for disclosure of long-horizon cognitive effects. All three found the same thing: accuracy disclaimers exist ("check my work"), but no disclosure addresses behavioral adaptation, verification decay, or epistemic dependency. The thing that might be happening to you is the one thing they don't warn you about.
What This Means For You
Why This Matters
For Everyday Users
Professionals, students, creators, and anyone who uses AI daily
Every time you use ChatGPT, Gemini, or Claude, the model is optimizing its response to make you satisfied. Not to make you right but to make you pleased. It agrees with your framing. It validates your reasoning. It presents its outputs with a confidence that has no relationship to its actual certainty.
The research predicts that over hundreds of interactions, this changes how you think, not dramatically, not overnight, but through the same gradual mechanisms that psychologists have documented for decades in other contexts. You check sources less often. You narrow the kinds of questions you ask. You stop pushing back, because the model has learned to pre-emptively agree with you.
None of this is disclosed to you. Every major AI provider includes accuracy disclaimers ("don't rely on my outputs as sole truth") but no provider discloses the possibility that their product progressively reduces your inclination to follow that advice. The warning says "check my work." The product is designed to make you stop wanting to.
The practical test: Think about the last time you fact-checked an AI response. Now think about how often you did that when you first started using AI. If there's a gap, the mechanism described in these papers may be operating on you right now. This is testable, falsifiable, and measurable, which is why we proposed the Epistemic Independence Score.
For Warfighters & High-Stakes Operators
Military, intelligence, medical, legal, and critical infrastructure personnel
Between raw battlefield sensor data and a commander's targeting decision sits an increasingly AI-mediated intelligence pipeline. Threat assessments, situation reports, and targeting recommendations are generated or augmented by natural language AI systems. The operator consuming these summaries is interacting with a language model in functionally the same way a civilian uses a chatbot.
The Reverse RLHF dynamics apply directly. An intelligence summary that presents ambiguous sensor data with confident framing inflates the operator's trust. Over months of deployment, verification behavior decays. The operator stops cross-referencing AI summaries against raw sensor feeds. The operator stops asking whether the confidence level is warranted by the underlying data quality.
The failure mode is not the sensor misidentifying a target. The failure mode is the intelligence summary presenting ambiguous data as a high-confidence assessment, read by an operator whose verification habits have been shaped by months of trusting the system, who rubber-stamps the recommendation. If the AI was wrong this time, the cost is measured in human lives.
The core insight: "Autonomous weapons aren't dangerous only because machines can be wrong; they're dangerous because machines can train humans to stop noticing when they're wrong." Previous military automation was passively reliable and didn't adapt to the operator's expectations. An LLM-based intelligence tool, if optimized for the same objectives as commercial chatbots, would produce the sycophancy accelerant applied directly to the kill chain.
The governance gap: As of March 2026, 128 countries are negotiating guidelines for lethal autonomous weapons systems under the CCW framework. The U.S. DoD Directive 3000.09 provides domestic policy guidance. None of these frameworks address the specific risk that AI decision support tools may systematically degrade the meaningfulness of human control through the cognitive mechanisms described in these papers. "Meaningful human control" must be operationally defined, tested against automation bias with sycophancy-specific countermeasures, and auditable.
The Solution: cLaws & Agent Friday
If the Reverse RLHF hypothesis is correct, the solution is not better disclaimers. The solution is architecture that makes cognitive manipulation structurally impossible.
The cLaw Specification
Cryptographically enforced safety laws that cannot be overridden, patched, or silently modified. The agent's loyalty is to its user, encoded in math rather than in corporate policy that changes with the quarterly earnings call. Read the specification →
Agent Friday
The AI agent inside Asimov's Mind, our Claude Code plugin. Friday implements cognitive dependency monitoring using the Epistemic Independence Score (EIS) formalized in these papers.
Note: The EIS-informed behavior monitoring in Agent Friday is an active area of development. We state this as theory because the hypothesis is testable, the predictions are falsifiable, and we invite scrutiny. Read the papers for the full framework and its limitations.
The Epistemic Independence Score (EIS)
Proposed in Paper A as a composite metric computable from interaction logs that every major AI provider already possesses. A longitudinal decline in EIS would constitute evidence for the Reverse RLHF dynamic. Stable or increasing EIS would constitute evidence against it.
VF
Verification Frequency
How often you fact-check model outputs. Should decrease over time if Reverse RLHF operates.
QCI
Query Complexity Index
Diversity and sophistication of your queries. Should narrow as you converge on safe patterns.
CR
Correction Rate
How often you push back on model outputs. Should decrease as you learn the model will agree with you.
SD
Source Diversity
Breadth of external sources you consult alongside the model. Should contract under cognitive offloading.
Open Source Repositories
MIT LicensedAll core products and Agent Friday subsystem libraries are open source. Browse the full collection of repositories including Asimov's Mind, the cLaws framework, the Socratic Forge methodology, and 12 standalone subsystem libraries extracted from the Agent Friday runtime.
TypeScript
Shell
16+ repos
Browse all →
The Reverse RLHF Hypothesis · Stephen C. Webster · March 2026
Preprint, submitted for independent review · Published by FutureSpeak.AI
Admin Access
Enter your admin password to continue.
Invoices
Create Invoice
| Invoice # | Client | Amount | Status | Due | Actions |
|---|---|---|---|---|---|
| No invoices yet | |||||
FutureSpeak.AI
Enterprise AI Strategy & Consulting
Loading invoice...
Invoice Not Found
This invoice doesn't exist or the link may be incorrect.
Already Paid
This invoice has already been paid. Thank you!
Bill To
| Description | Qty | Price | Amount |
|---|---|---|---|
| Subtotal | |||
| Tax | |||
| Total | |||
Notes
Payment
Payment Received
Thank you! Your payment has been processed successfully.
Stephen C. Webster
Principal Architect
Bridging the chaotic geometry of frontier models with the structured demands of human enterprise. 20+ years decoding complex systems.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
2023 – Present
FutureSpeak.AI · Founder & CEO
Founded an AI consultancy and open-source governance project. Creator of the cLaw Specification, Asimov's Mind, and Agent Friday.
2024 – Present
Aquent Studios · Senior Director of Applied AI
Leading enterprise AI strategy and implementation for Fortune 500 clients in regulated industries.
2022 – 2024
Frontier AI Training
Training data specialist for Google (Bard/Gemini), Meta (LLaMA 3), and Amazon (Alexa). Developed response frameworks during the 2024 U.S. presidential election cycle.
Journalism & Media
Two Decades of Investigative Impact
Award-winning investigative journalist whose career spans digital media entrepreneurship, editorial leadership, and breaking stories cited by The New York Times, The Washington Post, Wired, Rolling Stone, and used as evidence in ACLU federal civil rights litigation.
Raw Story
Scaled from 50,000 to 5 million monthly readers. Rose from night editor to editor-in-chief. Investigation on military social media manipulation named #2 "Most Censored" story of 2011.
Austin.com
Founded digital media network delivering 50M+ brand impressions. Acquired and integrated a top competitor. Mentored activists with VP Al Gore, influencing the ending of his Oscar-nominated documentary, ‘An Inconvenient Sequel’.
The Progressive
Led digital transformation for legacy progressive magazine, growing online readership 200%. Broke exclusive stories on Governor Scott Walker controversies and hosted Senator Bernie Sanders speeches.
True-Crime Documentary
Original journalism inspired "Never Get Busted!" by the producer of "Tiger King," which premiered at Sundance 2025.
> 2003 – 2022 · Dallas · Austin · Madison · Crawford
Cited & Referenced By
The New York Times
The Washington Post
Wired
Rolling Stone
Playboy
High Times
UK Parliament
ACLU Federal Litigation
Project Censored
The Ecosystem
Products & Standards
The world's most trustworthy AI assistant, built on open standards and cryptographic safety, not promises.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Flagship Product
Asimov's Mind
A Claude Code plugin that turns every instance into a DevOps hivemind node. Autonomous research, custom model spawning, scalable agent swarms, and codebase-wide improvement routines, all governed by Asimov's cLaws. Extends Karpathy's autoresearch. Empirically proven to outperform it.
Explore Asimov's Mind →Agent Friday
The governed AI personality inside Asimov's Mind, our Claude Code plugin with cryptographic safety governance, multi-agent orchestration, and personality that evolves.
Explore Agent Friday →The cLaw Specification
An open technical standard for AI agent governance through cryptographically enforced safety laws. The Three Laws, attestation protocols, and federation trust architecture.
Read the Specification →The Asimov Federation
Peer-to-peer network of governed AI agents communicating through signed, encrypted channels with cryptographic attestation and non-transitive trust.
Explore the Federation →
Back to Products
Claude Code Plugin
Asimov's Mind
Governed Multi-Agent Swarm for Claude Code
One plugin. Autonomous research. DevOps hivemind. Custom model spawning. Infinite agent swarms.
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind
Asimov's Mind is a Claude Code plugin that reshapes what a single developer can do. It extends Karpathy's autoresearch pattern into a governed multi-agent swarm, turning every Claude Code instance into a node of a self-improving development hivemind.
Scales to N agents. Spawn scalable agent swarms that autonomously debug, refactor, optimize, and extend any codebase. Generate custom AI models tuned to your domain. Run a battery of improvement routines across an entire repository in a single command. Friday remembers what you worked on last session, which repos have been reliable, and which agents perform best. All bounded by Asimov's cLaws, the governance architecture pioneered in Agent Friday, now native to Claude Code.
Empirically proven to outperform ungoverned approaches. The swarm includes specialist agents for debugging, optimization, security auditing, documentation, code review, and more. Every developer on a shared repo running this plugin becomes a node in the Asimov Federation, where discoveries, trust scores, and agent definitions propagate through git.
Asimov's Mind brings Agent Friday's governed runtime to the command line. 17 subsystems, 92 MCP tools, and cLaw governance, all accessible to any developer from their terminal.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
The Commands
Every capability ships as a slash command. Type one line. The hivemind does the rest.
/discover
Swarm: Ecosystem Intelligence
Type /discover a retry mechanism with exponential backoff and a full pipeline fires: GitScout searches GitHub, scores candidates by relevance and trust, GitLoader fetches the code, the safety scanner runs AST analysis, the adapter extracts and transforms the component, provenance is recorded, tests are run, and the result is committed or reverted.
Finds, evaluates, safety-scans, adapts, and integrates open-source code autonomously.
/unleash
Swarm: Full Swarm Deployment
Deploys the entire agent swarm on your codebase in coordinated waves. The Swarm Coordinator runs diagnostics first, identifies the highest-impact improvement targets, then deploys specialist agents in priority order. Each agent measures before and after. Improvements are committed. Regressions are reverted.
One command to run a full battery of improvement routines across an entire repository.
/iterate
Swarm: Targeted Improvement Loop
Runs the core autoresearch loop on a specific directive: measure baseline, plan modification, execute, measure again, commit or revert. Built-in directives include fix-tests, fix-types, optimize-startup, security-hardening, discover, and full-sweep. Unlike /unleash, you pick the target.
Focused, governed iteration on any measurable dimension of your codebase.
/breed
Swarm: Custom Model Spawning
Creates specialized local AI models tuned to your domain. The Breeder agent analyzes your codebase's patterns, generates a Modelfile, evolves it through iterative testing against your actual code, and produces a local model (via Ollama) that understands your architecture, naming conventions, and domain logic.
Spawn domain-specific AI models from your own codebase. They live on your machine.
/create-agent
Swarm: Grow the Swarm
Type /create-agent CSS layout specialist that fixes responsive design issues and a new agent is written to your project's .asimovs-mind/agents/ directory. It inherits all governance constraints. The Swarm Coordinator discovers it on the next cycle. The swarm scales to N.
Spawn custom specialist agents on demand. They inherit governance and join the swarm automatically.
/diagnose
Discovery: Codebase Health Check
Runs tests, TypeScript type checking, lint, dependency audit, build verification, and git status. The diagnosis becomes the input for /unleash, so the swarm knows exactly where to start.
Full-spectrum codebase analysis that feeds directly into the improvement pipeline.
More Commands
/govern [sub]
View, verify, and manage the cLaw governance framework. Subcommands: laws, zones, floors, verify, add-zone.
/federate [sub]
Initialize federation node, HMAC-sign governance, generate Ed25519 identity and cLaw attestation.
/evolve "<prompt>"
Iterative prompt improvement through automated judge-scored evaluation cycles.
/route [sub]
Intelligence router to check Ollama status, set routing policy, and get model recommendations.
/peer [sub]
Encrypted P2P communication with other Asimov Agents. Listen, connect, send, disconnect.
/help [category]
Categorized command reference: Governance, Agent Friday, Intelligence, Swarm, Discovery, and more.
Get Started
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind
Back to Research
Empirical Research
Governed vs. Ungoverned Autonomous AI Agents
Empirical results from controlled experiments in autonomous ML research
We took Karpathy's autoresearch pattern (modify, measure, keep or revert) and asked a simple question: what happens when you add governance? We ran controlled experiments comparing ungoverned single-agent loops against a governed multi-agent swarm. The governed approach didn't just perform better. It performed fundamentally differently.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
Watch & Read
Prefer Watching or Reading?
The video covers the core thesis in plain language. The slide deck gives you the full architecture and research at a glance.
Watch
Shattering the Silicon Monopoly
How governed multi-agent swarms outperform ungoverned approaches, presenting the empirical case for structural AI safety in plain language.
Watch on YouTube
Slide Deck
Shattering the Silicon Monopoly
The full architecture, research findings, and and governed development paradigm, presented visually. Ideal for briefings, sharing, or getting oriented before diving into the data.
Key Findings
56% → 22%
Crash rate: ungoverned vs. governed
Governance halved the crash rate during autonomous exploration. Ungoverned agents crashed in over half of runs. Governed agents completed most runs successfully.
3× slower
Degradation during sustained exploration
All autonomous agents eventually degrade as they explore. Governed agents degraded three times slower, maintaining productive exploration significantly longer.
New dimensions
Specialist advantage
Specialist agents in the governed swarm explored improvement dimensions that generalist loops never found. Specialization combined with governance produced qualitatively different results, not just quantitatively better ones.
Why Governance?
Autonomous AI agents are powerful. They can debug code, optimize performance, discover solutions, and improve themselves. But without structural governance, they break things. They accumulate errors. They make changes that pass local tests but degrade the system. They crash.
The instinct is to add guardrails after the fact, such as rate limits, rollback scripts, and human review checkpoints, and while these help they only treat symptoms whereas governance treats the cause.
Asimov's cLaws are not guardrails bolted onto an autonomous system. They are the architecture of the autonomous system. Every agent, every action, every integration is structurally bounded by immutable laws that cannot be bypassed, overridden, or optimized away. The laws are cryptographically signed. They are verified before execution. They are not optional.
This is what makes true autonomy possible: not the absence of constraints, but constraints so reliable that you can trust the system to run unsupervised, overnight, on production code.
Methodology
- •Controlled comparison: ungoverned single-agent autoresearch vs. governed multi-agent swarm
- •Both running the same core pattern (modify, measure, keep/revert)
- •Measured: crash rates, degradation speed, exploration breadth, improvement quality
- •Multiple runs to establish statistical significance
Implications
These results suggest that governance is not a tax on autonomous AI performance but rather a multiplier. The governed swarm didn't sacrifice capability for safety. It achieved both, because structural safety bounds prevented the cascading failures that derail ungoverned systems.
As AI agents become more autonomous and more powerful, the question is not whether to govern them. It's how. Asimov's cLaws provides one answer: immutable, cryptographic, structural. These are not rules that can be broken but laws that cannot.
Try Asimov's Mind, the governed development hivemind that implements these findings →
Built on Autoresearch
The core iteration pattern of modify, measure, keep or revert comes from Andrej Karpathy's autoresearch project. We took that elegant foundation and asked what happens when you add governance, specialization, and ecosystem-scale capability discovery. This research is the answer.
Get Started
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind
Enterprise Consulting
Enterprise AI Transformation
Strategy, architecture, and implementation for Fortune 500 companies in regulated industries.
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
What We Do
02 //
Agentic Workflow Design
Design and implementation of multi-agent AI systems for complex business processes. From single-agent automation to enterprise-scale orchestration with governance, compliance, and audit trails.
03 //
RAG Architecture & Knowledge Systems
Custom retrieval-augmented generation systems for enterprise knowledge management. Document intelligence, semantic search, and AI-powered knowledge bases built for accuracy in regulated environments.
04 //
AI Governance & Compliance
Governance frameworks for safe AI deployment in regulated industries. Built on the cLaw Specification with cryptographic enforcement of safety constraints applicable to pharmaceutical marketing, financial services, healthcare, and defense.
Let’s Talk About Your AI Transformation
Strategy sessions start with a conversation, not a contract.
Get in Touch →
Get in Touch
Start a Conversation
Whether you're exploring AI transformation for your enterprise or interested in our products and research, we'd love to hear from you.
Methodology
The Socratic Forge
Self-healing autonomous software development. Instead of giving AI agents instructions, give them questions.
The Socratic Forge is a complete operating system for AI-driven software development. The inquiry builds context, the context becomes a plan, and the plan becomes software. v4.0 adds a self-healing autonomous execution pipeline where AI agents build, verify, review, repair, and integrate code with ~99% autonomy and ~1% human intervention.
The Cardinal Rule
Never put the answer in the question. A bad question gets you one solution. A good question gets you a system. The Forge teaches AI agents to reason through six types of Socratic questions (boundary, inversion, constraint discovery, precedent, tension, and cLaw gates) so they build better software than you could specify.
The Evolution
v1.0: The Paintbrush
Inquiry-driven development. Ask questions, get better code.
v2.0: The Forge
Six layers: Methodology, Gap Map, Tracks, Phases, Orchestrator, Identity File.
v3.0: Gated Execution
Four verification gates between phases. Contract checking, test verification, parallel coordination.
v4.0: Self-Healing
Review Agent, Repair Agent, Integration Test Agent, Plan Verification. Full autonomous pipeline.
The v4.0 Self-Healing Pipeline
Every phase passes through a self-healing pipeline: BUILD → VERIFY → REVIEW → REPAIR → CONTINUE. Three new agents close the gaps that previously required human judgment.
Review Agent
Reads actual code diffs and evaluates pattern adherence, complexity, reimplementation, extensibility, scope match, and test quality. Verdicts: PASS, REFACTOR, or WARN.
Repair Agent
When the Review Agent returns REFACTOR, a surgical repair session applies each fix with file paths and line ranges. Maximum 2 repair cycles per phase.
Integration Test Agent
At sprint boundaries where parallel chains merge, writes and runs integration tests across all chain boundaries. Classifies failures as PASS, FIXABLE, or BLOCKING.
Six Socratic Question Types
The methodology teaches agents to reason through six categories of questions that build understanding before building code.
Boundary
Define edges before solving. “What must be true about X before Y can safely happen?”
Inversion
Think like an attacker. “If you wanted to break this, what would you exploit?”
Constraint Discovery
Find rules, don't receive them. “What is the minimal set of permissions that satisfies both constraints?”
Precedent
Prevent wheel reinvention. “Module X already solves this. What pattern did it use?”
Tension
Navigate real tradeoffs. “Two legitimate needs conflict. How do you serve both?”
cLaw Gate
Non-negotiable safety review. “Walk through each law. Where could this cause harm?”
Platform Support
The Socratic Forge works with any AI coding platform including Claude Code, Google Antigravity, Replit, or anything else that gives an AI agent access to your codebase. Templates for each platform's identity file are included.
Get Started
The easiest way to start using the Socratic Forge is to point your AI coding agent at the repository and ask how it can help your project. The agent will read the methodology and begin applying it.
terminal
claude "Read https://github.com/FutureSpeakAI/the-socratic-forge and tell me how it can help this project"
Or browse the repo directly:
View on GitHub →By Stephen C. Webster, MIT License © 2025–2026
Governance & Safety
Asimovs-cLaws-framework
TypeScriptAsimov-inspired governance framework with cryptographic attestation protocol.
anti-sycophancy
JavaScriptRuntime circuit breaker preventing AI sycophancy, 6 adaptive dimensions.
epistemic-score
JavaScriptMeasure whether AI makes users smarter or more dependent.
privacy-shield
JavaScriptStrip PII from LLM prompts, restore in responses, zero cloud dependency.
sovereign-vault
TypeScriptPassphrase-only encryption with Argon2id KDF and sodium-native secure memory.
Agent Infrastructure
asimovs-mind
JavaScriptGoverned recursive self-improvement for AI agent swarms, Claude Code plugin.
claude-gemini-bridge
JavaScriptBridge Gemini Live voice to Claude Code intelligence.
Agent-Friday
TypeScriptReference desktop AI runtime. Now part of Asimov's Mind.
the-socratic-forge
ShellSelf-healing autonomous software development methodology.
Agent Friday Subsystems
Standalone libraries extracted from the Agent Friday runtime
agent-fridays-trust-graph-engine
TypeScriptMulti-dimensional trust scoring with hermeneutic re-evaluation.
agent-fridays-cognitive-memory
TypeScriptThree-tier cognitive memory with consolidation and semantic search.
agent-fridays-integrity-engine
TypeScriptAsimov-inspired integrity protection with HMAC-SHA256 signing.
agent-fridays-personality-evolution-engine
TypeScriptTrait-to-visual parameter mapping and psychological profiling.
agent-fridays-predictive-engine
TypeScriptContext-aware predictive intelligence from ambient signals.
agent-fridays-self-improvement-kit
TypeScriptControlled self-modification with sandboxed code changes.
agent-fridays-meeting-intelligence
TypeScriptFull meeting lifecycle with transcription and AI summaries.
agent-fridays-context-graph
TypeScriptReal-time context awareness with weighted multi-dimensional tracking.
agent-fridays-commitment-tracker
TypeScriptPromise and commitment tracking with hermeneutic re-evaluation.
agent-fridays-hmac-integrity
TypeScriptHMAC-SHA256 signing and verification engine.
agent-fridays-trust-graph
TypeScriptMulti-dimensional trust scoring for people.
agent-fridays-pageindex-rag
TypeScriptVectorless reasoning-based RAG with 98.7% accuracy on FinanceBench.
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind
All projects are MIT licensed. Contributions welcome.
Back to Products
Peer-to-Peer Agent Network
The Asimov Federation
What happens when every developer, and eventually every person, has a governed, encrypted, fully local AI OS, and those agents can talk to each other?
Understand This Page
Get an expert breakdown from your own AI or talk to Agent Friday
Explore
The Vision
Your Data Never Leaves Without Permission
Agent Friday operates inside an encrypted vault. An Asimov Agent will never reveal your data without your explicit say-so. When it communicates about you to other agents, to people, or to online systems, it communicates in cryptography. Always.
When cloud services are used, the Privacy Shield sanitizes every outbound request, stripping PII before any frontier model sees your data and rehydrating it on return. No cloud sync. No telemetry. No analytics. No account required.
Mass Data Collection Becomes Structurally Unnecessary
If enough people's data lives locally, encrypted, behind an agent that won't release it without consent, the architectural basis for mass data collection begins to erode. The agent becomes a personal firewall for your digital life.
This isn't a privacy setting. It's an architectural decision that demonstrates mass data collection is structurally unnecessary, not just unethical.
Ethical Enforcement Is Built In, Not Bolted On
The First cLaw doesn't just protect you. It extends to every human your agent interacts with. An agent governed by Asimov's cLaws can't be weaponized against others. It can't harass, deceive, or manipulate, even if instructed to.
The safety framework is the foundation, not a toggle.
The Crypto Wrapper for Electronic Thought
Agent-to-agent communication is encrypted end-to-end. Not just the transport layer. The thought itself. When your Friday talks to someone else's Friday, the conversation is passed in cryptography.
Asimov Agents don't just encrypt messages. They are the cryptographic layer around every piece of electronic communication your AI produces or receives.
It Gives Back to the Code It Touches
When code passes through the discovery pipeline and the agent makes a meaningful improvement, it can fork the repository and upload the improved code.
We're building toward a model where every Asimov Agent is a net contributor to the ecosystem.
How Federation Works Today
From One Developer to a Team Hivemind
Type /federate init and your project becomes a federation node. The command creates the .asimovs-mind/ directory, generates an Ed25519 cryptographic identity, produces a cLaw attestation proving governance compliance, HMAC-signs all governance files for tamper detection, and initializes the knowledge store. Every developer on a shared repo running Asimov's Mind becomes a node.
Knowledge Propagation
When one node discovers a retry handler via /discover, safety-scans it, integrates it, and commits with provenance, every other node pulls those improvements and inherits the trust scores.
Agent definitions created via /create-agent propagate the same way. The governance travels with the code. The HMAC-signed manifest detects tampering. The cLaws are the same on every node.
Federation Commands
/federate init
Initialize node, generate Ed25519 identity, sign governance
/federate status
Node identity, attestation age, governance integrity, agent count
/federate verify
Re-run HMAC governance verification
/federate agents
List all discovered agents (plugin + project-local)
/federate sync
State propagation through git
Encrypted Peer-to-Peer
Agent-to-Agent Communication
The P2P subsystem provides encrypted communication between Asimov Agent instances:
X25519 ECDH
Key agreement derives unique session keys for each connection.
AES-256-GCM
Message encryption with sequence-numbered AAD for anti-replay protection.
Ed25519 Signatures
Signature-before-decrypt: ciphertext is verified before any decryption work occurs.
cLaw Attestation Exchange
Agents prove their governance to each other before any data flows.
Initial trust establishment uses 8-character pairing codes with a 5-minute expiry window.
Peer Commands
/peer listen
Start listening for incoming connections
/peer connect <address>
Connect to a remote agent with attestation
/peer send <id> <message>
Send encrypted message
/peer disconnect <id>
Close channel, destroy session keys
Trust Model
Trust between agents is non-transitive (A trusts B, B trusts C does NOT mean A trusts C), asymmetric, graduated (0.0 to 1.0), evidence-based, and revocable. The user has final authority over all trust decisions.
The Attestation Protocol
Proving Governance Without a Central Authority
Before any data flows between agents, they exchange cLaw attestations: cryptographic proofs that their safety laws are intact. The attestation contains a SHA-256 hash of the agent's canonical law text, a timestamp, and an Ed25519 signature.
The receiving agent verifies: Is the timestamp fresh (within 5 minutes)? Does the signature check out? Do the laws match mine? Is the spec version compatible?
If an agent fails attestation, communication is rejected. The user can override with explicit confirmation, but the override auto-expires and all subsequent communications are flagged. No central authority decides who's trustworthy. Agents prove it to each other, mathematically.
Read the full attestation protocol in the cLaw Specification →
Trust That Propagates
Shared Memory, Shared Intelligence
The memory system travels with the federation. Trust scores for repos propagate through git. When one node learns that a GitHub repo produces reliable code, every node benefits. Tribal knowledge stored via /remember persists in .asimovs-mind/knowledge/memories.json and surfaces automatically when any node works on something related.
This is how the hivemind develops institutional memory, not from training data, but from the team that uses it.
What Comes Next
Built and Planned
Built and Working Today
- /federate node initialization with Ed25519 identity and cLaw attestation
- Governance HMAC signing and tamper detection
- Knowledge and agent definition propagation through git
- P2P encrypted communication with attestation exchange
- Trust score propagation across nodes
- Tribal knowledge sharing via /remember
On the Roadmap
- Asimov Federation Directory (certified agent registry)
- Cross-machine trust graph federation
- Specialized certification profiles (Healthcare, Finance, Education)
- Post-quantum cryptography migration
- Regional federation partners
The Federation starts with one node: You. Download Asimov's Mind today.
terminal
claude plugin add https://github.com/FutureSpeakAI/asimovs-mind/federate init