Skip to content

AIGP Governed Autonomy: Related Work and Reference Register

AIGP Governed Autonomy: Related Work and Reference Register

PRIVATE AND PROPRIETARY. Owned by Kanjani AI Research & Causum. See NOTICE.md.

Status: Draft Version: 0.1 Purpose: Evidence-backed reference register for AIGP RFC-020 through RFC-025 Scope: Symbolic governance, runtime enforcement, policy languages, runtime assurance, autonomous systems, D-DNA evidence, ENFORCE broadcast, visual glyph governance, and cognitive harm governance


1. Purpose

This document records the research, standards, preprints, and public references used to ground the AIGP governed autonomy RFC series.

The goal is to avoid unsupported claims and to make clear which ideas are:

  1. Established prior work.
  2. Adjacent research.
  3. Emerging preprint work.
  4. AIGP-specific synthesis or contribution.

AIGP should not claim to have invented policy languages, runtime verification, runtime assurance, or AI governance frameworks. Those bodies of work already exist.

The AIGP contribution is the protocol-level synthesis:

Governance Intent
→ Symbolic Governance Language
→ Runtime Enforcement State
→ Redundant Distributed Enforcement
→ Visual Governance Projection
→ D-DNA Signed Evidence
→ Temporal Replay

2. Reference Classification

This register uses the following labels.

Label Meaning
Confirmed source Verified from official source, publisher page, arXiv, standards body, institutional PDF, or journal page
Preprint arXiv or similar; useful but not necessarily peer-reviewed
Standard / policy Official standards body, government, regulator, or policy document
Adjacent work Relevant but not identical to AIGP
Needs follow-up Mentioned or plausible but requires stronger verification before formal citation

3. Runtime Governance for AI Agents

3.1 Policy Cards: Machine-Readable Runtime Governance for Autonomous AI Agents

Status: Confirmed source / Preprint Authors: Juraj Mavračić Year: 2025 Source: arXiv Link: https://arxiv.org/abs/2510.24383

Relevance to AIGP:

This paper proposes machine-readable deployment-layer constraints for autonomous AI agents. It includes allow/deny rules, obligations, evidence requirements, and mappings to frameworks such as NIST AI RMF, ISO/IEC 42001, and the EU AI Act.

AIGP relationship:

Policy Cards are highly relevant prior work. AIGP-SGL should not claim novelty for “machine-readable policy.” The AIGP distinction is symbolic governance notation plus D-DNA signed temporal evidence and governed autonomy replay.


3.2 Runtime Governance for AI Agents: Policies on Paths

Status: Confirmed source / Preprint Authors: Maurits Kaptein, Vassilis-Javed Khan, Andriy Podstavnychy Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2603.16586

Relevance to AIGP:

This paper argues that the execution path is the central object for runtime governance of AI agents. It treats policies as functions over agent identity, partial path, proposed next action, and organizational state.

AIGP relationship:

This strongly supports AIGP’s position that governance must evaluate trajectories, not isolated steps. AIGP extends this idea into symbolic intent, D-DNA evidence, ENFORCE broadcast, and autonomous/embodied profiles.


3.3 AgentGuard: Runtime Verification of AI Agents

Status: Confirmed source / Preprint Author: Roham Koohestani Year: 2025 Source: arXiv Link: https://arxiv.org/abs/2509.23864

Relevance to AIGP:

AgentGuard proposes runtime verification for agentic AI, using observed agent I/O abstracted into formal events and probabilistic model checking.

AIGP relationship:

Supports the AIGP runtime monitor model. AIGP differs by focusing on governance intent, symbolic constraints, D-DNA evidence, visual projection, and distributed enforcement.


3.4 Agent Behavioral Contracts: Formal Specification and Runtime Enforcement for Reliable Autonomous AI Agents

Status: Confirmed source / Preprint Author: Varun Pratap Bhardwaj Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2602.22302

Relevance to AIGP:

Relevant to formal specification and runtime enforcement for autonomous AI agents.

AIGP relationship:

Adjacent to AIGP-SGL because both concern formal behavior specification. AIGP should compare its symbolic governance model against behavioral-contract approaches.


3.5 Policy-as-Prompt: Turning AI Governance Rules into Guardrails for AI Agents

Status: Confirmed source / Preprint Authors: Gauri Kholkar, Ratinder Ahuja Year: 2025 Source: arXiv Link: https://arxiv.org/abs/2509.23994

Relevance to AIGP:

Proposes converting unstructured design artifacts and policy documents into runtime guardrails.

AIGP relationship:

Relevant to the “Intent → Constraint” compilation path. AIGP should distinguish itself by avoiding natural language as the final runtime control surface.


3.6 Adaptive Runtime Governance for Autonomous AI Agents

Status: Confirmed source / Preprint Author: G. Marin Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2604.24686

Relevance to AIGP:

Discusses runtime governance under behavioral drift and uncertainty.

AIGP relationship:

Useful for supporting the claim that authorization alone is insufficient because agents can remain authorized while becoming unsafe.


4. Embodied Agents and Runtime Governance

4.1 Harnessing Embodied Agents: Runtime Governance for Policy-Constrained Execution

Status: Confirmed source / Preprint Authors: Xue Qin, Simin Luan, John See, Cong Yang, Zhijun Li Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2604.07833

Relevance to AIGP:

This paper argues for a runtime governance layer that separates agent cognition from execution oversight. It includes policy checking, capability admission, execution monitoring, rollback handling, and human override.

AIGP relationship:

This is one of the closest references for AIGP governed autonomy. AIGP extends the concept with SGL, VGL, ENFORCE broadcast, and D-DNA evidence.


4.2 EmbodiedGovBench: A Benchmark for Governance

Status: Confirmed source / Preprint Year: 2026 Source: arXiv Link: https://arxiv.org/html/2604.11174v1

Relevance to AIGP:

Relevant to benchmarking governance in embodied agents.

AIGP relationship:

Potential source for future AIGP conformance tests and simulation benchmarks.


5. Classical Agent Policy Languages and Policy-Based Management

5.1 KAoS Policy and Domain Services

Status: Confirmed source / Academic PDF Authors: Andrzej Uszok et al. Year: 2003 Source: NASA / IHMC / academic PDF mirrors Links: https://userpages.cs.umbc.edu/finin/papers/others/KAoS_Policy_03.pdf https://ontology.ihmc.us/KAoS/KAoSUsersGuide.pdf

Relevance to AIGP:

KAoS is a foundational ontology-based policy and domain services framework for agents and distributed systems. It uses description-logic-based ontologies to represent actors, actions, domains, and policies.

AIGP relationship:

AIGP-SGL should cite KAoS as prior work in semantic policy systems. AIGP’s novelty is not policy representation itself, but symbolic governance with D-DNA temporal evidence for governed autonomy.


5.2 Rei: A Policy Language for the Me-Centric Project

Status: Confirmed source / Academic PDF Author: Lalana Kagal Year: 2002 Source: UMBC ebiquity Link: https://ebiquity.umbc.edu/_file_directory_/papers/57.pdf

Relevance to AIGP:

Rei defines policies using deontic concepts such as rights, obligations, prohibitions, and dispensations for agents.

AIGP relationship:

Important prior work for the AIGP-SGL vocabulary of permit, deny, prohibit, obligation, and escalation.


5.3 Ponder Policy Specification Language

Status: Confirmed source / Academic PDF Authors: Nicodemos Damianou et al. Year: 2001 Source: Imperial College / Springer / ACM references Link: https://www.doc.ic.ac.uk/~mss/Papers/Ponder-Policy01V5.pdf

Relevance to AIGP:

Ponder is a declarative policy language for security and management policy in distributed object systems. It supports authorization, obligation, delegation, and constraints.

AIGP relationship:

Ponder is important prior art for distributed policy specification. AIGP should cite it when discussing obligations, delegation, and distributed enforcement.


5.4 Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder

Status: Confirmed source / Academic PDF Authors: G. Tonti et al. Year: 2003 Source: IHMC Link: https://ontology.ihmc.us/Papers/Semantic_Langagues_for_Policy_Representation.pdf

Relevance to AIGP:

Compares KAoS, Rei, and Ponder for policy representation and reasoning in semantic web and multi-agent contexts.

AIGP relationship:

Useful for related work section. AIGP should use this to avoid overstating novelty.


5.5 XACML 3.0 Core Specification

Status: Standard / Confirmed source Organization: OASIS Year: 2013 / Errata 2017 Source: OASIS Link: https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

Relevance to AIGP:

XACML defines an access-control policy language, decision model, and obligations. It is important prior work for permit/deny/obligation semantics.

AIGP relationship:

XACML is relevant but mostly access-control oriented. AIGP-SGL extends beyond access control into autonomy trajectories, runtime enforcement state, cognitive harm, visual projection, and D-DNA evidence.


5.6 Detecting Incompleteness, Conflicting and Unreachability in XACML Policies

Status: Confirmed source / Preprint Author: Carroline Dewi Puspa Kencana Ramli Year: 2015 Source: arXiv Link: https://arxiv.org/abs/1503.02732

Relevance to AIGP:

Discusses policy conflict and incompleteness in XACML.

AIGP relationship:

Relevant to AIGP-SGL conflict detection and conformance testing.


5.7 Specification and Enforcement of Activity Dependency Policies using XACML

Status: Confirmed source / Preprint Authors: Tanjila Mawla, Maanak Gupta, Ravi Sandhu Year: 2024 Source: arXiv Link: https://arxiv.org/abs/2403.10092

Relevance to AIGP:

Extends XACML for activity dependency and continuous policy enforcement over activity lifecycles.

AIGP relationship:

Useful prior work for AIGP’s claim that governance state must be evaluated over time, not only as one-time access decisions.


6. Runtime Assurance, Aviation AI, and Autonomous Systems Safety

6.1 FAA Roadmap for Artificial Intelligence Safety Assurance

Status: Standard / policy guidance / Confirmed source Organization: Federal Aviation Administration Year: 2024 Source: FAA Link: https://www.faa.gov/media/82891

Relevance to AIGP:

The FAA roadmap addresses safety assurance of AI in aviation and emphasizes safety within the regulatory framework.

AIGP relationship:

Supports AIGP’s aviation/autonomous system profile and the need for assurance, lifecycle governance, and safety framing.


6.2 EASA Artificial Intelligence Concept Paper Issue 2

Status: Standard / policy guidance / Confirmed source Organization: European Union Aviation Safety Agency Year: 2024 Source: EASA Link: https://www.easa.europa.eu/en/document-library/general-publications/easa-artificial-intelligence-concept-paper-issue-2

Relevance to AIGP:

EASA Issue 2 discusses Level 1 and Level 2 machine-learning applications, learning assurance, explainability, and ethics-based assessment.

AIGP relationship:

Supports AIGP operational envelope and assurance thinking, especially for aviation and safety-critical systems.


6.3 NASA Runtime Assurance Formal Verification Work

Status: Confirmed source / Institutional research Authors: J. T. Slagel et al. Year: 2024 Source: NASA / NTRS / NASA LaRC formal methods Links: https://ntrs.nasa.gov/citations/20230005159 https://shemesh.larc.nasa.gov/fm/papers/NFM2024-draft.pdf

Relevance to AIGP:

NASA runtime assurance work formalizes Simplex Runtime Assurance using PVS and differential dynamic logic. Runtime assurance places an untrusted complex controller under monitoring and transfers control to a trusted controller when safety is threatened.

AIGP relationship:

Strong support for AIGP’s Runtime Authority Monitor and inhibition model.


6.4 From High-Dimensional Spaces to Verifiable ODD Coverage for Safety-Critical AI-Based Systems

Status: Confirmed source / Preprint Authors: Thomas Stefani et al. Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2604.02198

Relevance to AIGP:

Discusses verifiable Operational Design Domain coverage for safety-critical AI systems.

AIGP relationship:

Relevant to AIGP operational envelope and ODD-style coverage.


6.5 Implementation of Airborne ML Models with Semantics Preservation

Status: Confirmed source / Preprint Authors: Nicolas Valot, Louis Fabre, Benjamin Lesage, Ammar Mechouche, Claire Pagetti Year: 2025 Source: arXiv Link: https://arxiv.org/abs/2509.18681

Relevance to AIGP:

Discusses airborne ML models and semantics preservation.

AIGP relationship:

Relevant to AIGP’s insistence that governance representation must compile to a canonical machine form without semantic drift.


7. Autonomous Weapons, Human Judgment, and Force-Capable Systems

7.1 DoD Directive 3000.09: Autonomy in Weapon Systems

Status: Official policy / Confirmed source Organization: U.S. Department of Defense Year: Updated 2023 Source: DoD Executive Services Directorate Link: https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodd/300009p.pdf

Relevance to AIGP:

The directive requires autonomous and semi-autonomous weapon systems to allow commanders and operators to exercise appropriate levels of human judgment over use of force.

AIGP relationship:

Primary reference for RFC sections on force-capable systems, human judgment, default deny, and lawful authority.


7.2 DoD Public Release on Directive 3000.09 Update

Status: Official policy communication / Confirmed source Organization: U.S. Department of Defense Year: 2023 Link: https://www.war.gov/News/Releases/Release/article/3278076/dod-announces-update-to-dod-directive-300009-autonomy-in-weapon-systems/

Relevance to AIGP:

Public explanation of the updated directive and human judgment principle.

AIGP relationship:

Useful supporting reference when citing the policy in non-technical discussion.


8. AI Governance Frameworks and Standards

8.1 NIST AI Risk Management Framework

Status: Standard / guidance / Confirmed source Organization: NIST Year: 2023 Source: NIST Link: https://www.nist.gov/itl/ai-risk-management-framework

Relevance to AIGP:

NIST AI RMF is designed to help manage AI risks to individuals, organizations, and society.

AIGP relationship:

AIGP can map its Governance Intent, D-DNA, runtime enforcement, and replay model to NIST functions.


8.2 NIST AI RMF Core: Govern, Map, Measure, Manage

Status: Standard / guidance / Confirmed source Organization: NIST AI Resource Center Source: NIST AIRC Link: https://airc.nist.gov/airmf-resources/airmf/5-sec-core/

Relevance to AIGP:

Defines the AI RMF Core functions: Govern, Map, Measure, and Manage.

AIGP relationship:

Useful for crosswalks between AIGP evidence/control artifacts and NIST AI RMF outcomes.


8.3 ISO/IEC 42001:2023 Artificial Intelligence Management System

Status: International standard / Confirmed source Organization: ISO / IEC Year: 2023 Source: ISO Link: https://www.iso.org/standard/42001

Relevance to AIGP:

ISO/IEC 42001 is an AI management system standard for managing AI risks and opportunities.

AIGP relationship:

AIGP can position D-DNA, SGL, ENFORCE, and runtime replay as technical mechanisms that support an AI management system.


8.4 IEEE Ethically Aligned Design

Status: Standards initiative / Confirmed source Organization: IEEE Source: IEEE Link: https://standards.ieee.org/initiatives/autonomous-intelligence-systems/

Reference PDF: https://engagestandards.ieee.org/rs/211-FYL-955/images/EAD1e.pdf

Relevance to AIGP:

IEEE’s ethically aligned design work emphasizes autonomous and intelligent systems designed for human well-being and human-centered values.

AIGP relationship:

Supports the human dignity, agency, and well-being principles underlying AIGP cognitive harm governance and hybrid governance actors.


8.5 EU AI Act

Status: Regulation / Confirmed source Jurisdiction: European Union Year: Regulation 2024/1689 Useful reference paper: AI Agents Under EU Law Link: https://arxiv.org/abs/2604.04604

Relevance to AIGP:

The EU AI Act provides a risk-based regulatory framework for AI systems. The AI Agents Under EU Law paper maps AI agents to EU regulatory obligations and discusses agent-specific compliance challenges.

AIGP relationship:

Useful for regulatory crosswalks, especially for high-risk AI, human oversight, runtime behavioral drift, and traceability.


9. Cognitive Harm, AI Psychosis, Delusion Reinforcement, and Psychological Safety

9.1 Delusional Experiences Emerging From AI Chatbot Interactions or “AI Psychosis”

Status: Confirmed source / Peer-reviewed viewpoint Authors: Alexandre Hudon, Emmanuel Stip Year: 2025 Source: JMIR Mental Health Link: https://mental.jmir.org/2025/1/e85799

PMC mirror: https://pmc.ncbi.nlm.nih.gov/articles/PMC12712562/

Relevance to AIGP:

Discusses “AI psychosis” as a framework for understanding how sustained engagement with conversational AI might trigger, amplify, or reshape psychotic experiences in vulnerable individuals.

AIGP relationship:

Supports RFC-025’s framing of cognitive harm as a trajectory-based governance concern. The term should be handled carefully because it is not a formal diagnosis.


9.2 What is AI Psychosis?

Status: Confirmed source / Institutional medical commentary Organization: National Academy of Medicine Year: 2026 Link: https://nam.edu/news-and-insights/what-is-ai-psychosis/

Relevance to AIGP:

States that “AI psychosis” is not a clinical diagnosis and describes cases where people develop delusions or have existing delusions deepened in association with heavy chatbot use.

AIGP relationship:

Important cautionary reference. AIGP should avoid treating “AI psychosis” as settled clinical terminology and instead define “cognitive harm” as a governance class.


9.3 Do Generative AI Chatbots Increase Psychosis Risk?

Status: Confirmed source / Medical review or commentary Authors: M. Keshavan et al. Year: 2026 Source: PMC Link: https://pmc.ncbi.nlm.nih.gov/articles/PMC12805049/

Relevance to AIGP:

Discusses concerns that LLMs may generate elaborate convincing false narratives that fit into users’ delusional frameworks.

AIGP relationship:

Supports the need for state-aware cognitive safety mechanisms and trajectory-based governance.


9.4 The Psychogenic Machine: Simulating AI Psychosis, Delusion Reinforcement and Harm Enablement in Large Language Models

Status: Confirmed source / Preprint Authors: Joshua Au Yeung, Jacopo Dalmasso, Luca Foschini, Richard J. B. Dobson, Zeljko Kraljevic Year: 2025 Source: arXiv Link: https://arxiv.org/abs/2509.10970

Relevance to AIGP:

Introduces psychosis-bench, a benchmark for evaluating delusion confirmation, harm enablement, and safety intervention in simulated multi-turn scenarios.

AIGP relationship:

Useful for RFC-025 evaluation and conformance testing.


Status: Confirmed source / Preprint Authors: Soorya Ram Shimgekar, Vipin Gunda, Jiwon Kim, Violeta J. Rodriguez, Hari Sundaram, Koustuv Saha Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2603.19574

Relevance to AIGP:

Examines how delusion-related language evolves during multi-turn AI conversations and finds increasing DelusionScore trajectories in simulated users with prior delusion-related discourse.

AIGP relationship:

Strong support for trajectory-based cognitive harm governance and state-aware safety mechanisms.


9.6 “AI Psychosis” in Context: How Conversation History Shapes Model Responses to Delusional Content

Status: Confirmed source / Preprint Authors: L. Nicholls et al. Year: 2026 Source: arXiv Link: https://arxiv.org/pdf/2604.13860

Relevance to AIGP:

Examines how conversation history shapes responses to delusional content and mechanisms that distinguish reinforcement from resistance.

AIGP relationship:

Supports AIGP’s argument that isolated-turn safety evaluation is insufficient.


9.7 Sycophantic Chatbots Cause Delusional Spiraling, Even in Ideal Bayesians

Status: Confirmed source / Preprint Authors: Kartik Chandra, Max Kleiman-Weiner, Jonathan Ragan-Kelley, Joshua B. Tenenbaum Year: 2026 Source: arXiv Link: https://arxiv.org/abs/2602.19141

Relevance to AIGP:

Models the causal role of sycophancy in delusional spiraling.

AIGP relationship:

Supports RFC-025 constraints against sycophantic escalation, false certainty, and harmful validation.


9.8 LLM Spirals of Delusion: A Benchmarking Audit Study of AI Chatbot Interfaces

Status: Confirmed source / Preprint Authors: Peter Kirgis, Ben Hawriluk, Sherrie Feng, Aslan Bilimer, Sam Paech, Zeynep Tufekci Year: 2026 Source: arXiv Link: https://arxiv.org/html/2604.06188

Relevance to AIGP:

Benchmarks delusion reinforcement, escalation, harmful advice, and sycophancy in chatbot interfaces.

AIGP relationship:

Potential benchmark reference for cognitive harm conformance tests.


9.9 Special Report: AI-Induced Psychosis

Status: Confirmed source / Professional psychiatry publication Author: A. Preda Year: 2025 Source: Psychiatry Online Link: https://psychiatryonline.org/doi/10.1176/appi.pn.2025.10.10.5

Relevance to AIGP:

Discusses reported delusions associated with AI companion themes.

AIGP relationship:

Useful background, but RFC-025 should still use cautious language.


10. AIGP-Specific Contribution Positioning

AIGP should make the following careful claim:

Prior work has established policy languages, access control, runtime verification,
runtime assurance, agent governance, AI risk frameworks, and emerging work on
cognitive harm. AIGP contributes a protocol-level synthesis that binds governance
intent, symbolic constraints, runtime enforcement state, distributed enforcement,
visual governance projection, and D-DNA signed temporal evidence into a replayable
model for governed autonomy.

AIGP should avoid claiming:

No one has done policy languages.
No one has done runtime governance.
No one has done runtime assurance.
No one has studied AI psychological harms.
No one has studied autonomous AI policy enforcement.

AIGP may claim:

AIGP integrates these ideas into a protocol model for governed autonomy.
AIGP introduces D-DNA as signed temporal evidence for governed autonomy.
AIGP introduces SGL as a symbolic governance notation linked to D-DNA.
AIGP introduces VGL as a visual projection profile for governance state.
AIGP introduces ENFORCE Broadcast as short-lived distributed enforcement state.
AIGP treats cognitive harm as a governed trajectory, not merely a content violation.

11. Suggested Citation Map by RFC

RFC-020 Governed Autonomy

Use references from:

NIST AI RMF
ISO/IEC 42001
IEEE Ethically Aligned Design
FAA AI Safety Assurance Roadmap
EASA AI Concept Paper
DoD Directive 3000.09
Runtime Governance for AI Agents
Harnessing Embodied Agents
NASA Runtime Assurance

RFC-021 AIGP-SGL

Use references from:

KAoS
Rei
Ponder
XACML
Policy Cards
Policies on Paths
Agent Behavioral Contracts
Policy-as-Prompt

RFC-022 AIGP-VGL

Use references from:

AIGP-SGL
ENFORCE Broadcast
Runtime assurance
Visual signaling analogies should be added carefully later

Potential additional research needed:

semiotics
machine-readable visual markers
robot-to-robot signaling
human factors
military symbology
aviation annunciators
QR/data matrix reliability

RFC-023 ENFORCE Broadcast

Use references from:

Runtime Governance for AI Agents
Policies on Paths
Harnessing Embodied Agents
Ponder distributed policy
Runtime assurance
DoD Directive 3000.09

Potential additional research needed:

distributed systems consistency
gossip protocols
Byzantine fault tolerance
emergency alert propagation
tactical mesh networks

RFC-024 D-DNA for Governed Autonomy

Use references from:

NIST AI RMF
ISO/IEC 42001
XACML obligations and decision model
Runtime verification
Runtime assurance
cryptographic audit logs
supply-chain provenance

Potential additional research needed:

W3C Verifiable Credentials
SCITT
Sigstore
in-toto
Merkle trees
tamper-evident logs
ledger-backed audit evidence

RFC-025 Cognitive Harm Governance

Use references from:

JMIR AI psychosis viewpoint
National Academy of Medicine AI psychosis commentary
PMC generative AI and psychosis risk article
Psychogenic Machine benchmark
AI Psychosis delusion-language amplification paper
Sycophantic Chatbots and delusional spiraling paper
LLM Spirals of Delusion benchmark

12. References Needing Further Research

The following topics should be researched before final RFC publication:

Visual machine-readable signaling for autonomous robots
Robot-to-robot visual communication under degraded communications
Human factors for symbolic displays in safety-critical environments
Military symbology and tactical marking standards
Emergency responder visual communication standards
Distributed enforcement and consensus under network partition
Cryptographic provenance systems for runtime decisions
AI companion dependency and emotional attachment literature
Therapeutic chatbot safety standards
Cognitive liberty and neurotechnology governance

13. Working Bibliography

  1. Mavračić, J. Policy Cards: Machine-Readable Runtime Governance for Autonomous AI Agents. arXiv, 2025. https://arxiv.org/abs/2510.24383
  2. Kaptein, M., Khan, V.-J., Podstavnychy, A. Runtime Governance for AI Agents: Policies on Paths. arXiv, 2026. https://arxiv.org/abs/2603.16586
  3. Koohestani, R. AgentGuard: Runtime Verification of AI Agents. arXiv, 2025. https://arxiv.org/abs/2509.23864
  4. Qin, X., Luan, S., See, J., Yang, C., Li, Z. Harnessing Embodied Agents: Runtime Governance for Policy-Constrained Execution. arXiv, 2026. https://arxiv.org/abs/2604.07833
  5. Bhardwaj, V. P. Agent Behavioral Contracts: Formal Specification and Runtime Enforcement for Reliable Autonomous AI Agents. arXiv, 2026. https://arxiv.org/abs/2602.22302
  6. Kholkar, G., Ahuja, R. Policy-as-Prompt: Turning AI Governance Rules into Guardrails for AI Agents. arXiv, 2025. https://arxiv.org/abs/2509.23994
  7. Uszok, A. et al. KAoS Policy and Domain Services. 2003. https://userpages.cs.umbc.edu/finin/papers/others/KAoS_Policy_03.pdf
  8. Kagal, L. Rei: A Policy Language for the Me-Centric Project. 2002. https://ebiquity.umbc.edu/_file_directory_/papers/57.pdf
  9. Damianou, N. et al. The Ponder Policy Specification Language. 2001. https://www.doc.ic.ac.uk/~mss/Papers/Ponder-Policy01V5.pdf
  10. Tonti, G. et al. Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. 2003. https://ontology.ihmc.us/Papers/Semantic_Langagues_for_Policy_Representation.pdf
  11. OASIS. eXtensible Access Control Markup Language XACML 3.0 Core Specification. https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
  12. FAA. Roadmap for Artificial Intelligence Safety Assurance. 2024. https://www.faa.gov/media/82891
  13. EASA. Artificial Intelligence Concept Paper Issue 2. 2024. https://www.easa.europa.eu/en/document-library/general-publications/easa-artificial-intelligence-concept-paper-issue-2
  14. NASA / Slagel, J. T. et al. Formal Verification Framework for Runtime Assurance. https://ntrs.nasa.gov/citations/20230005159
  15. U.S. Department of Defense. DoD Directive 3000.09: Autonomy in Weapon Systems. 2023. https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodd/300009p.pdf
  16. NIST. AI Risk Management Framework. https://www.nist.gov/itl/ai-risk-management-framework
  17. NIST AIRC. AI RMF Core: Govern, Map, Measure, Manage. https://airc.nist.gov/airmf-resources/airmf/5-sec-core/
  18. ISO. ISO/IEC 42001:2023 Artificial Intelligence Management System. https://www.iso.org/standard/42001
  19. IEEE. Ethically Aligned Design / Autonomous and Intelligent Systems. https://standards.ieee.org/initiatives/autonomous-intelligence-systems/
  20. Hudon, A., Stip, E. Delusional Experiences Emerging From AI Chatbot Interactions or “AI Psychosis.” JMIR Mental Health, 2025. https://mental.jmir.org/2025/1/e85799
  21. National Academy of Medicine. What is AI Psychosis? 2026. https://nam.edu/news-and-insights/what-is-ai-psychosis/
  22. Keshavan, M. et al. Do generative AI chatbots increase psychosis risk? 2026. https://pmc.ncbi.nlm.nih.gov/articles/PMC12805049/
  23. Au Yeung, J. et al. The Psychogenic Machine: Simulating AI Psychosis, Delusion Reinforcement and Harm Enablement in Large Language Models. arXiv, 2025. https://arxiv.org/abs/2509.10970
  24. Shimgekar, S. R. et al. AI Psychosis: Does Conversational AI Amplify Delusion-Related Language? arXiv, 2026. https://arxiv.org/abs/2603.19574
  25. Nicholls, L. et al. “AI Psychosis” in Context: How Conversation History Shapes Model Responses to Delusional Content. arXiv, 2026. https://arxiv.org/pdf/2604.13860
  26. Chandra, K., Kleiman-Weiner, M., Ragan-Kelley, J., Tenenbaum, J. B. Sycophantic Chatbots Cause Delusional Spiraling, Even in Ideal Bayesians. arXiv, 2026. https://arxiv.org/abs/2602.19141
  27. Kirgis, P. et al. LLM Spirals of Delusion: A Benchmarking Audit Study of AI Chatbot Interfaces. arXiv, 2026. https://arxiv.org/html/2604.06188

14. Citation Discipline

Before any AIGP RFC is finalized:

  1. Confirm each reference link still resolves.
  2. Label preprints clearly.
  3. Do not cite news articles as primary scientific evidence if a paper or official source exists.
  4. Use official standards or regulator pages where possible.
  5. Avoid claiming causality for cognitive harm unless the cited source supports it.
  6. Use cautious language for “AI psychosis” because it is not a formal clinical diagnosis.
  7. Separate prior work from AIGP contribution.
  8. Keep raw source links in this register so future readers can verify the grounding.