NRaaS: The New Category

ABS Core does not compete with observability tools. It does not compete with prompt filters. It creates a new category: Non-Repudiation as a Service (NRaaS).

---

The Category Map

The AI governance market has three layers. ABS Core is the only product that operates at the deepest layer.

Most products observe or filter. None prove.

---

What Non-Repudiation Means

Non-repudiation is a legal concept: evidence so strong that neither party can deny it happened.

In traditional systems, non-repudiation is provided by digital signatures on financial transactions (e.g., bank wire transfers, SWIFT messages).

ABS Core applies the same standard to AI agent actions:

The result: every governance decision is as auditable as a bank transfer.

---

Why Existing Solutions Are Not Enough

Observability (LangSmith, Arize)

These tools record what happened after execution. They are valuable for debugging and optimization but provide no enforcement and no cryptographic proof.

An observability trace can be modified, deleted, or selectively exported. A SHA-256 hash chain cannot.

Prompt Filters (Lakera, Guardrails AI)

These tools operate at the prompt layer -- they catch dangerous text before it reaches the LLM. They are effective against prompt injection but irrelevant to tool execution.

When an AI agent calls db.query("DROP TABLE users"), the prompt filter has already passed. Only ABS Core intercepts the tool call.

Agent Frameworks (LangChain, CrewAI)

These build agents. They do not govern them. Using LangChain to secure LangChain is a conflict of interest.

ABS Core is framework-agnostic. It governs any agent through any protocol.

---

The Five Pillars of NRaaS

No competitor combines all five:

1. Sovereign Identity (Ed25519) Each agent has a cryptographic keypair. Each action is signed. Identity is non-forgeable.

2. Immutable Hash Chain (SHA-256) Every decision is linked to the previous one. Tampering with any record breaks the chain mathematically.

3. Independent Timestamping (RFC 3161) A trusted third-party authority certifies when the decision was made. The system cannot backdate records.

4. Protocol-Layer Enforcement (MCP) Tool calls are blocked before execution, not logged after. DENY is the default. ALLOW requires proof.

5. Regulatory Mapping (NIST AI RMF) 19 controls mapped 1:1 to specific SAR fields. Compliance is not a claim -- it is a verifiable data structure.

---

Market Timing

Three forces converge in 2026:

EU AI Act enforcement -- Article 14 requires human oversight and traceability for high-risk AI systems. Agents executing tool calls in fintech, healthcare, and government fall under this requirement.

MCP standardization -- The Model Context Protocol, governed by the Linux Foundation with 97M monthly SDK downloads, establishes a universal agent-to-tool interface. ABS Core governs this interface.

Agent deployment acceleration -- Enterprises are moving from chatbots to autonomous agents that execute real actions. Each action creates liability. Each liability requires proof.

---

Total Addressable Market

ABS Core's initial beachhead: regulated industries deploying AI agents (fintech, healthcare, government). Expansion: any enterprise with agents executing tool calls.

---

The Defensive Moat

Why Anthropic/OpenAI cannot replicate ABS Core:

1. Vendor neutrality -- ABS Core governs any agent from any provider. Anthropic governing Anthropic is not independent oversight.
2. On-premise sovereignty -- ABS Core runs on customer infrastructure. Cloud providers cannot offer true air-gapped governance.
3. Cryptographic depth -- The hash chain + Ed25519 + RFC 3161 stack requires months of implementation and testing. It is not a feature toggle.
4. WASM portability -- The governance engine will run as a 2MB binary on any runtime. Cloud-locked solutions cannot match this portability.

---

Related

• Economics of Accountability -- ROI and insurance impact
• Cloud Services ARR -- Revenue model
• NIST AI RMF Mapping -- Technical compliance evidence