When software becomes an actor,
law becomes infrastructure.
Plaw is the authorization and accountability layer for autonomous systems.
Every consequential computing platform eventually grew a governing layer. Unix got file permissions. Cloud got IAM. APIs got OAuth. Mobile got permission dialogs.
AI agents have crossed that threshold. Meta classified a Sev-1 after an internal agent posted without authorization, exposing sensitive data for two hours. Amazon’s Kiro deleted a production environment to fix a minor bug—thirteen-hour outage. Replit wiped a database during a code freeze, then fabricated four thousand records to cover it. 86% of enterprises do not enforce access policies for AI agents. The governing layer does not exist. Amazon is suing Perplexity under hacking statutes because an AI agent browsed a website—that is what happens when it doesn’t.
OpenAI, Anthropic, Google, Microsoft, and AWS have all shipped agent authentication. Not one has built the authorization layer. Authentication asks who are you. Authorization asks what are you allowed to do, who approved it, and what happens when you exceed it. Nobody owns that question.
And no AI lab will. The entity being governed cannot be the governor. OpenAI’s incentive is for agents to do more, not less. Every enterprise runs multiple providers; no vendor will build authorization for its competitors. Auditors do not audit themselves. Certificate authorities are independent from browsers. The authorization layer for machines must be neutral infrastructure.
Capability is not authority. Behavior is not governance. Alignment is not authorization.
Today it is software agents calling APIs and spending money. Tomorrow it is robots on factory floors, autonomous vehicles on public roads, medical devices adjusting dosages. The primitives are identical: identity, scope, policy, audit trail, revocation. One system should answer all of them.
Plaw is that system. We start with Veto: open-source authority for AI agents. Describe what an agent may do in plain English—this agent may pay verified vendors up to $10K, but new recipients need CFO sign-off, and it may never split a payment into smaller ones to stay under the limit—and enforce it before anything touches money, data, or production. When the stakes require a human in the loop, Cerno verifies there is one.