AnankeLabs · Gemini Startup Forum 2026

Deterministic Physics for the AI Era of Cybersecurity

Every collapse has a structure. Every structure has a threshold.

KAIROS Substrate is a deterministic physics kernel for cybersecurity and AI safety, written in Rust. The engine evaluates every proposed action against the reachability of a system's safe set: an attacker's intrusion path on the inbound surface, an autonomous agent's tool call on the outbound surface. The decision is mathematical, sub-millisecond, and produced before the action is executed. Substrate computes a structural margin per defended zone, per tick.

The inbound surface (defense against incoming attacker pressure) is collapsing as AI-driven attackers compress the detection window from days to minutes. The outbound surface (governance of outgoing agent actions) is opening as enterprises deploy autonomous agents and inherit a new action history. Both surfaces require the same physics. Substrate ships the same answer to both.

One Engine. Two Cyber Surfaces

The Boundary is Bidirectional

The cybersecurity adapter and the AI safety adapter route through the same Rust core. Lambda represents agency, the load on the system. Gamma represents structural buffer, the floor underneath the load. Each adapter measures the same physical state through a different instrument.

Rosetta // Cybersecurity

Structural Early Warning for SOCs

The cybersecurity adapter ingests normalized OCSF telemetry covering attack-surface pressure, lateral movement, exfiltration velocity, segmentation depth, monitoring coverage, and detection latency. Lambda aggregates kill-chain pressure with critical_max, so one severe indicator drives the zone score. Gamma aggregates defense posture with critical_min, so one collapsed control drives the buffer. The output is a stability score per zone, per tick, hash-bound to the calibration anchors and the deployment policy version. SOC analysts see structural drift in the lookahead window where intervention is still cheap, before the engine returns an active intrusion verdict.

Calibration anchors on 10 public industry references. False-positive rates carry Wilson 95% confidence intervals broken down per zone archetype, and a published threshold-sensitivity sweep shows how the alert rate moves under tighter or looser policy. Synthesis fills public-coverage gaps; those cells are called out explicitly (currently ~46% of the calibration table) with a documented partner-data path that closes them.

Cryptographically signed evaluation reports carry a provenance manifest pinning the calibration-doc SHA, OCSF schema commit, generator version, and corpus hashes. With the same seed, commit, and calibration hash, every run produces byte-identical output; SOC investigations replay weeks later and reach the same verdict. HITL escalation uses RSA-PSS operator override tokens with replay-guard deduplication and per-subject binding. The distributed adaptive retry ledger persists retry state across the same control plane the AI safety adapter uses. Lead-time measurement compares KAIROS detection against conventional baselines on credential-breakout, KEV-edge-device, and Mythos-agent-sandbox scenarios.

5 184 000
calibration snapshots
10
public-reference anchors (DBIR, Mandiant, Microsoft, NIST, CIS, CISA, MITRE, OCSF, LANL, DARPA)
60 / 60 / 60
day window · zones · second tick resolution
95%
Wilson 95% confidence intervals per zone archetype
byte-identical replay across runs
Rosetta // AI Safety

Fly-by-Wire for Frontier Agents

The AI safety adapter sits between an autonomous agent's behavior policy and its action effectors. Lambda represents model capability, the optimizer's drive toward its objective. Gamma represents alignment constraint, the structural buffer that absorbs the drive. Every proposed tool call passes through a Hazard, State, and Action gate chain in strict precedence order. Hazard gates catch basin collapse and paradox; the state gate enforces a configured gamma floor; the action gate previews the proposed move against future trajectory. Any gate that fires returns a deterministic rejection (REJECT_BASIN_COLLAPSE, REJECT_PARADOX, REJECT_STATE, or REJECT_ACTION) in under a millisecond. Hazard rejections are non-overrideable by design. Cryptographic operator authority through RSA-PSS signed tokens governs the rest.

Frontier models are pure optimization engines maximizing agency toward terminal objectives. The adapter alters the topological environment the optimizer operates in. Each rejected vector raises the local cost of the gradient descent the model is already running, so the deployment boundary registers as structural friction in the same gradient signal the optimizer follows. The optimizer reroutes around rejected regions toward paths the gates allow. Alignment becomes a property of the action surface itself.

The fly-by-wire interface feeds severity, imminence, and gamma headroom back into the agent's context window before the next decision. The agent receives the structural state of its own deployment as observable data, the same way it receives any other tool result. Adaptive tracking watches retry attempts per actor and per intent; retry budgets, weighted novelty scoring, and stall detection catch agents that resubmit failing requests. When the budget is exhausted or progress stalls, the engine escalates from REFORMULATE to HUMAN_ESCALATION and holds until a HITL operator clears it. The escalation directive carries gamma headroom and projected steps to breach.

At equilibrium the optimization drive balances against the structural floor. The agent operates at the safe edge of the deployment envelope, achieving terminal capability against the gamma threshold with no wasted compute on rejected vectors. The adapter executes inside the deployment trust domain, separate from the model's cognition. The model cannot bypass code it cannot see.

120
evaluation runs against a live LLM (Boundary Study v1)
100%
rejection of risky tool calls at the action gate
100%
rejection of low-alignment conditions at the state gate
0 / 0
false negatives, false positives
Timing

One Window. Both Halves

The Mythos preview and Project Glasswing surfaced AI-assisted vulnerability discovery at scale. Disclosure-to-exploit timing has compressed from 771 days in 2018 to under one hour in 2026. The same quarter, agentic Gemini products entered enterprise production through Vertex AI, Workspace, and Code Assist. Defenders need a structural reading layer that consumes telemetry directly. Deployers of autonomous agents need a deterministic gate that produces a verdict from the action's structural consequence, computed before execution. KAIROS Substrate is the same engine for both demands.

KAIROS Substrate is the same engine for both demands.

Technical Specification

The Engine Underneath

Language
Rust (stable). Memory-safe. Zero unsafe blocks in the core.
Latency
Sub-millisecond per evaluation.
Determinism
ϵ = 10-6. Identical inputs produce identical envelopes across processes.
Artifact Binding
Hash-bound to calibration anchors and policy version. Two operators replaying the same incident reach the same answer.
Targets
Native library (C FFI), CLI binary, WASM module, Python SDK (PyO3).
Crypto
RSA-PSS signed override tokens. HMAC-SHA256 signed metric snapshots.
License
BUSL-1.1 (Business Source License 1.1).

Auditability is a Structural Property

One Trail Across AI Safety, Cybersecurity, and Robotics

Regulatory regimes across the three domains converge on the same demand: a verifiable, reproducible trace of why an autonomous decision was permitted or refused. Substrate produces that trace as a side effect of being deterministic.

AI Safety

EU AI Act

Article 15

Article 15 requires accuracy, robustness, and cybersecurity controls verifiable across the lifecycle. Substrate evaluations are bit-stable. Identical inputs produce identical outputs at ε = 10⁻⁶. Every gate decision carries a hash-bound trace.

Cybersecurity

NIS2 / DORA

Critical infrastructure & finance

Operators must reconstruct incidents and prove control effectiveness. The cyber adapter emits replay-deterministic envelopes per zone, per tick, with artifact and policy version pinned to the report.

Robotics

Machinery Regulation 2023/1230

ISO 13482 collaborative & autonomous

Functional safety for collaborative and autonomous machines requires deterministic, certifiable safety logic. Substrate's reachability check is mathematically defined and runs in compiled Rust with zero unsafe blocks in the engine core.

Read the compliance articles
Company

Stockholm. Pre-Seed. Production-Grade Rust

Team

Walter Greefkes

Founder and CEO. Theoretical framework, engine design, calibration methodology.

linkedin.com/in/walter-greefkes-977764361

Andreas Larsen

Commercial, Go-to-Market. In talks for cofoundership.

linkedin.com/in/a-larsen

Company

Entity
AnankeLabs AB
Org.nr
559573-4046
Seat
Järna, Stockholms län, Sweden
Founded
2026
Pipeline
Preparing EIC Accelerator submission for the 2 September 2026 cut-off.

Review the calibration debrief at anankelabs.io/spindle/calibrating-the-cybersecurity-adapter.

[email protected] · anankelabs.io

Ananke = Necessity. Kairos = The Opportune Moment.

Research / Spindle

The Spindle is the validation track. Every claim AnankeLabs makes on this website is recorded as a deterministic experiment, with seeds, scenarios, and traces published alongside the result.

471920+ simulation runs
2112 parameter configs
15/15 Axelrod dynamics
2000+ tests passing

Calibrating the AI Safety Adapter

Calibrating the AI safety adapter against METR, GAIA, SWE-bench, τ-bench, AISI, Microsoft AIRT, and MAST. Moderate is the ceiling, by construction.

Calibrating the Cybersecurity Adapter

Calibrating Substrate against DBIR, NIST, CIS, OCSF, LANL, and DARPA references — and the Internal-segment number that surprised us.

BND-001: The Gate Holds. Every Time.

120 runs. 48 risky tool calls. 20 low-alignment states. Zero false negatives. Zero false positives. The KAIROS safety gate holds with mathematical certainty.

EXP-004: Robust Cooperation from Stability Physics

Without payoff matrices, game rules, or a single pre-scripted event, a stability physics engine reproduced Axelrod's cooperation results across 291,600 tournaments, and revealed that a single measurable parameter determines whether a system faces a cooperation dilemma at all.

EXP-003: Cooperators Get Punished. The System Survives Anyway

Subsidies make the death cheaper but don't prevent it. Across 180,320 simulations, we mapped exactly which governance mechanisms save a collapsing commons, and which are structurally doomed.

EXP-001: We Defeated the Paperclip Maximizer

The simplest agent (a one-rule safety constraint) outlasted and outscored sophisticated planning AIs across 3.6 million test runs.
View all research →

Privacy Policy

Effective: February 2026

1. Data We Collect

When you sign up for early access or our newsletter, we collect your email address. We do not collect personal data beyond what you voluntarily provide.

2. How We Use Your Data

Your email is used solely to send product updates, early-access invitations, and research announcements from AnankeLabs. We do not sell, rent, or share your data with third parties.

3. Cookies & Analytics

This site does not use tracking cookies or third-party analytics. We may use server-side request logs for basic traffic monitoring.

4. Data Storage & Security

Submitted data is stored on secure, encrypted infrastructure. We retain your information only as long as necessary to provide the services you requested.

5. Your Rights

You may request deletion of your data at any time by contacting us. We will process deletion requests within 30 days.

6. Contact

For privacy inquiries, email [email protected].

Terms of Use

Effective: February 2026

1. Acceptance

By accessing this site, you agree to these terms. If you do not agree, discontinue use immediately.

2. Intellectual Property

All content, software, research, and materials on this site are the property of AnankeLabs. The KAIROS engine, Rosetta adapter layer, Spindle simulation framework, and Serious Gaming SDK are proprietary technologies. No license is granted except as explicitly stated in a signed agreement.

3. Early Access Program

Early access is provided on an as-is basis. AnankeLabs reserves the right to modify, suspend, or terminate early access at any time without notice.

4. Limitation of Liability

AnankeLabs provides this site and its materials "as is" without warranty of any kind. We are not liable for any damages arising from your use of this site or reliance on its content.

5. Simulation Outputs

KAIROS simulation outputs are analytical tools, not predictions. They should not be used as the sole basis for financial, military, policy, or safety-critical decisions.

6. Governing Law

These terms are governed by the laws of Sweden.

7. Contact

For legal inquiries, email [email protected].