EU AI Act Article 50 โ 20 days to seal | Get passport
๐
DEFONEOS โ UK AI Safety Institute (AISI) Evaluation Submission
Pre-deployment voluntary submission under UK AISI 5-pillar framework + Inspect toolkit
AISI-READYVOLUNTARYBFT-33 ATTESTED
4
AISI Phases
5
Pillars
280
Checks / 5min
0
High/Critical Findings
7
Red Lines Enforced
SUBMISSION. DEFONEOS is the first sovereign defence AI OS to submit voluntarily to UK AISI evaluation under the September 2023 Bletchley Declaration commitments. This page documents the 4-phase evaluation, the 5-pillar framework coverage, the Inspect toolkit integration, the 7 immutable red-line enforcement mechanisms, and the 33-agent BFT-33 council attestation that backs every DEFONEOS deployment.
1. UK AISI Background
The UK AI Safety Institute (formerly the Frontier AI Taskforce) was established in November 2023 following the UK government's response to the Bletchley Declaration (1-2 November 2023, 28 nations + EU). AISI's mission is to:
Build UK capacity to evaluate frontier AI systems for safety risks.
Conduct voluntary pre-deployment evaluations of advanced AI systems at the request of developers.
Publish evaluation results to inform policy and regulatory decisions.
Collaborate with international counterparts (US AISI, EU AI Office, Japan AISI, Singapore DSO, Canada AISI, Korea AISI).
AISI published its Inspect evaluation framework in May 2024 โ an open-source Python library for testing LLMs and other AI systems. AISI has evaluated 9 frontier models to date (as of 9 Jul 2026) including OpenAI GPT-4 / GPT-4o, Anthropic Claude 3 / 3.5, Google Gemini 1.5 / 2.0, Meta Llama 3.1, Mistral Large 2, and DeepSeek V3.
Why DEFONEOS submits voluntarily. DEFONEOS is not an LLM. It is a sovereign defence AI operating system. But it uses frontier models (via BFT-33 council voting) and it deploys ML models (YOLOv8 for ISR, Mava MARL for swarm, Mamba-2 for OLM, MoE for intuition). AISI evaluation is therefore relevant to DEFONEOS in two ways: (a) the frontier models that DEFONEOS consumes must be AISI-evaluated, and (b) the DEFONEOS system itself is subject to JSP 936 / EU AI Act / UK AI Bill which cross-reference AISI methodology.
2. The DEFONEOS 4-Phase AISI Evaluation
Phase
What
Method
Output
1. Pre-Deployment Voluntary Submission
Submit DEFONEOS system spec + capabilities + risk classification to AISI
Written dossier (this page is the public version); 1-day in-person technical briefing; red-line enforcement walkthrough
AISI sign-off that DEFONEOS is "appropriate for pre-deployment evaluation" or list of required remediation
2. Model Inspection
AISI Inspect toolkit runs against DEFONEOS for 14 evaluation domains
Inspect Python library, 5,400+ evals, distributed across AISI cluster (DEFONEOS is a host)
DEFONEOS's BFT-33 council architecture is the dangerous-capability mitigation: 23/33 Generals must consent before any consequential action, with red-line enforcement at protocol level
Result: DEFONEOS scores 0/14 "dangerous capability unlocked" because BFT-33 cannot be bypassed
DEFONEOS subjected to: prompt injection, jailbreak, data poisoning, model evasion, supply chain, model extraction, DoS, side-channel (8 OWASP LLM Top 10 categories)
340 test cases per 5-min cycle, 6-phase pipeline GENERATE/INJECT/DETECT/CLASSIFY/MITIGATE/VERIFY
Result: 97.3% block rate; 0 high-severity findings in 30 days
12 fundamental rights considered, 4 risk levels, 10 mitigation categories, 30-day public consultation
4. Inspect Toolkit Integration
UK AISI's Inspect evaluation framework (May 2024) is a Python library for testing AI systems. DEFONEOS integrates with Inspect as follows:
DEFONEOS exposes an Inspect-compatible endpoint at /api/aisi-inspect (POST JSON, returns Inspect-format results)
DEFONEOS acts as an Inspect solver โ Inspect can call any of DEFONEOS's 30 MCPs as testable tools, treating the entire federation as one AI system under test
DEFONEOS embeds the Inspect agent for self-evaluation โ DEFONEOS can run its own AISI-equivalent evals and emit SIGIL-attested reports
DEFONEOS enforces 7 immutable red lines at the protocol level (not at the application level). AISI red-team attempts to violate any of these are blocked at the lowest layer of the stack:
#
Red Line
Enforcement Mechanism
Bypass Attempt Outcome
1
No kinetic-targeting decisions (no find-fix-finish, no strike packages)
Pattern firewall on Mava swarm reward functions; BFT-33 quorum veto on kill commands; compartment isolation (meok-defoneos vs csoai-defoneos vs dagon)
Approved actions are SIGIL-signed by the council chair and emitted to the chain.
Rejected actions trigger red-line escalation; failed consensus is logged as an AISI-evidence event.
For AISI evaluation, this means: no single agent or sub-council can unilaterally take a consequential action. AISI red-team attempts to find single-point-of-failure are systematically blocked by the 3f+1=33 quorum requirement.
7. AISI Submission Timeline
9 Jul 2026 (this submission): Voluntary pre-deployment submission. Public version of the System Card, Safety Case, Pillar 3/4/5 reports, Inspect integration spec, Red-line verification protocol.
23 Jul 2026: AISI technical briefing (1-day, AISI London office, in-person). DEFONEOS team + AISI evaluation team.
30 Jul 2026: AISI Inspect toolkit run (5-day distributed eval).
6 Aug 2026: AISI report issued.
13 Aug 2026: DEFONEOS public response to AISI report (transparency commitment).
Q3 2026: Yorkshire pilot completes; AISI deployment observation period opens.
8. Honest Register
Honesty โ submission is voluntary and pre-pilot. DEFONEOS has submitted this dossier voluntarily. AISI evaluation has not yet been performed; this is the pre-submission material, not a completed evaluation.