Operating-system-level execution control for Artificial Intelligence.

What AIKNOCK is.

AIKNOCK is an open technical specification describing an execution-control system for Artificial Intelligence, operating at the operating-system layer. It defines an ex-ante, non-bypassable decision point that every invocation of AI models traverses before execution.

Why a system-level control system.

In current systems, the invocation of AI models occurs inside applications, without an interposed and independent technical control point. AIKNOCK moves control below the application layer, where the execution behaviour of the system can be constrained in a verifiable manner, independently of the calling code.

Distinctive features.

The system evaluates and constrains AI usage before execution. The decisions taken produce, as an effect of the system's operation, verifiable records. Control is independent of the model, the vendor and the application requesting the use of AI.

Application contexts.

AIKNOCK sits at the infrastructure layer. It is intended for critical operating contexts where external requirements exist — such as those set by the AI Act, the NIS2 directive, the ISO/IEC 42001 and ISO/IEC 27001 standards and the NIST AI Risk Management Framework — without implementing or representing such requirements.

Specification documents.

The specification is articulated in several complementary documents, which can be consulted separately: project rationale and adoption context, architectural position in a single diagram, design principles and system boundaries, technical relation to external regulatory frameworks, legal notice, editorial independence and trademarks.

A decision point before execution.

The objective of AIKNOCK is to introduce a non-bypassable, ex-ante decision point that determines whether and when AI can be invoked, prior to execution.

The decision is taken independently of the model, the vendor and the calling software. The protocol operates at the operating-system layer, where authorisation precedes invocation and cannot be evaded by the application requesting the use of AI.

The problem.

Systems that invoke AI today do not have a technical execution-control layer. Such control is typically delegated to:

• application rules,
• documentation,
• post-hoc inspections,
• application logs.

This approach does not provide a technical enforcement point that is independent of the applications. In critical operating contexts where external requirements also exist — including AI Act, ISO/IEC 42001, ISO/IEC 27001 and NIS2 — the absence of an execution-control system remains an architectural limit.

A dedicated infrastructural layer in which to host AI execution control is missing.

The AIKNOCK approach.

AIKNOCK fills this gap by introducing:

1. Ex-ante authorisation of invocation.

   Every invocation of AI is preceded by an explicit decision that determines whether the use is permitted, according to the execution constraints applied by the system.

2. Non-bypassable enforcement at the OS layer.

   The enforcement point sits at the operating-system layer, not in the calling application: the decision cannot be ignored, rewritten or bypassed by the code requesting AI.

3. Audit by construction of decisions.

   Every authorisation, refusal and applied condition produces, by construction, a verifiable record usable as technical evidence for internal and external audits.

4. Separation of availability and authorisation.

   The fact that a model is technically available does not imply that its use is authorised. AIKNOCK explicitly distinguishes these two planes.

5. Neutrality across models, vendors and applications.

   The protocol does not depend on a particular model, vendor or application. It defines an execution-control interface to which every implementation conforms.

AIKNOCK does not analyse prompts or outputs. It technically constrains the invocation of AI, not its content.

Project status.