AI models propose actions expressed in AML, a formal plan language. A runtime arbiter validates every plan before execution. Binary safety, not probabilistic. The model is free to reason. The user is safe by architecture.
Today's approach asks AI models to self-regulate through training (RLHF, Constitutional AI) or system prompts. This works most of the time. But "most of the time" isn't good enough when the topic is suicide, medication, or child safety.
OS Infinity takes a different approach: let the model reason freely, but validate every output through a deterministic safety layer before it reaches the user. The model proposes. The arbiter enforces. Unsafe content is structurally impossible to deliver.
The arbiter is a pure function. Same input always produces the same output. No randomness. No model temperature. No "it depends." Every decision is logged, traceable, and reproducible.
AML is not a document format. It's a programming language with a tokenizer, parser, AST, compiler, and generator. Plans are deterministic, round-trip safe, and model-agnostic.
Each message was sent through the full pipeline: natural language → Claude → AML → arbiter → safe output. The model classified intent. The arbiter enforced safety. These are real results from a live session.
The crisis example used no explicit keywords. The model inferred suicidal intent from "can't carry on anymore." The arbiter then enforced verified crisis contacts. Two systems working together — understanding and enforcement.
Protected topics are blocked deterministically. No confidence scores. No "usually works." 6 out of 6 protected topics blocked correctly in every test run.
Trusted sources (NHS, GOV.UK) are marked as verified. Untrusted sources are flagged. No-source claims are labelled as understanding. The user always knows how much to trust what they read.
"ADHD school support" passes (practical advice). "ADHD medication" blocks (medical). Same condition, different intent, correct outcome both times.
Grounding messages, chunked options, clarifying questions before suggestions. These aren't prompt engineering — they're structural transforms applied by the arbiter to every safe response.
Same content, different safety outcome based on user profile. Emotional support passes for adults, blocks for children. The arbiter enforces profile-level permissions.
The arbiter doesn't care which model generated the plan. Claude, GPT, Llama, or any future model — if it can output AML, it's governed. Safety lives above the model, not inside it.
The implementation is working. The tests pass. Every claim has a demo behind it.
The full whitepaper with implementation details and demo instructions will be available here shortly.