The OWASP AI Exchange (Open Web Application Security Project) and Rob van der Veer, recently outlined seven layers to protect agentic AI systems, as developed in community discussions and contributions.

1. Model alignment.
2. Prompt injection defense.
3. Human oversight.
4. Automated oversight.
5. User-based least privilege.
6. Intent-based least privilege.
7. Just-in-time authorization.

Each layer reflects a genuine security concern and represents a legitimate requirement, and any serious approach to securing agentic AI systems must take all of them into account rather than treating them as optional or theoretical.

What remains unresolved is not the importance of these concerns, but how they should be implemented in a way that maintains effectiveness without creating unnecessary friction in governance.

The Implementation Challenge

OWASP presents its framework as defense in depth, with each layer designed to catch risks that others may miss, and it explicitly acknowledges that no single control is sufficient, noting that the myth of sufficiency has already been debunked across all layers.

That assessment reflects a clear-eyed understanding of reality: model alignment improves behavior but does not prevent manipulation, prompt injection defenses reduce exposure but evolve into an arms race, and human oversight adds judgment but loses effectiveness as systems scale; every concern is real, and every technique carries inherent limits.

Taken together, the framework provides organizations with a clear inventory of what must be addressed, outlining seven categories of risk that cannot be ignored without consequence.

However, when implemented without an architectural lens, the layers tend to collapse into a sequence of independent checkpoints, with requests evaluated one layer at a time, latency accumulating at each step, complexity compounding, and governance gradually transforming from protection into friction.

A different approach remains possible.

Nomotic AI: A Different Approach

Nomotic AI is not a competing framework or an existing product. It is a conceptual architecture for governance. A set of principles and characteristics that describe how AI governance could operate. The value lies in providing a coherent vision for what governance should become as agentic AI matures.

The term draws from the Greek word nomos, referring to law, rule, or governance, and in that sense Nomotic AI describes what an intelligent governance layer would look like: one that surrounds AI systems with explicit boundaries, authorities, and constraints, focusing attention on what those systems ought to do rather than the full range of actions they are technically capable of performing.

That distinction matters because many of the mechanisms traditionally used for governance struggle to function in modern conditions. Static rules fail to keep pace with systems that learn and adapt. Pattern matching recognizes form but misses meaning. Sequential checkpoints introduce delay and fragility in environments built for speed. Human oversight provides judgment, yet cannot scale to the volume and velocity of decisions agentic systems produce.

An intelligent governance layer would change the character of that problem. It would allow governance to reason about context rather than just inputs, to adjust authority based on evidence rather than assumption, to operate during execution rather than after the fact, and to scale alongside the systems it constrains. Governance would stop behaving like a fixed barrier and begin to function as an active participant in the decision-making process.

That shift captures what Nomotic AI envisions: not a replacement for existing security concerns, but a way to give them a form that could move, adapt, and remain grounded in human intent as AI systems act in the world.

Characteristics of Nomotic Governance

• Intelligent. A Nomotic governance layer would incorporate AI itself, enabling it to reason semantically about what an agent is attempting and why, rather than relying solely on pattern matching or predefined rules. Governance would evaluate intent and meaning, not just whether a request conforms to an allowed shape.
• Dynamic. Authority would adapt in response to observed behavior and changing conditions. Trust would expand when evidence supports it and contract when anomalies emerge, allowing governance to respond to reality rather than remaining fixed to assumptions made at design time.
• Runtime. Governance would be evaluated during execution, not only before deployment or after incidents occur. Pre-action authorization means the governance layer would participate in each meaningful action, determining whether it should proceed before outcomes are finalized.
• Contextual. The appropriateness of an action depends on the situation in which it occurs. Governance would evaluate context, recognizing that an agent accessing customer data as part of a legitimate refund workflow differs materially from the same access following suspicious input, even when the underlying action appears identical.
• Transparent. Governance decisions would remain explainable and auditable. Trust would be established through evidence and clarity rather than assumption, and actions that cannot be explained could not be justified.
• Ethical. Actions would require justification beyond technical feasibility. Governance would evaluate whether behavior aligns with fairness, impact, and organizational values, treating ethical reasoning as a continuous concern rather than an afterthought.
• Accountable. AI systems do not carry accountability. Humans do. Every rule would trace to an owner, every authorization would map to a responsible party, and governance would preserve the chain of human accountability even as execution becomes automated.

Core Principles

These characteristics take shape through six principles that would guide the implementation of Nomotic governance in practice.

• Governance as architecture. Effective governance is designed into AI systems from the outset rather than attached after deployment. Systems that require heavy governance layers often reveal designs that failed to account for governance from the start.
• Pre-action authorization. Governance operates before actions occur rather than after consequences unfold. Evaluation at the point of execution prevents harm more effectively than post-incident review.
• Explicit authority boundaries. AI systems act only within the authority that humans have deliberately delegated. Authority does not emerge implicitly from capability, and boundaries remain defined rather than assumed.
• Verifiable trust. Trust develops from observed behavior over time rather than claimed capability. Systems earn trust through consistency and transparency, replacing assumption with verification.
• Ethical justification. Every consequential action must be defensible on ethical grounds. Actions that cannot be justified should not proceed, regardless of whether they are technically possible.
• Accountable governance. When outcomes fail, inquiry focuses on which governance decision proved incomplete rather than attributing fault to the system itself. Responsibility traces back to human judgment and ownership.

Applying Nomotic Principles to OWASP’s Seven Protection Layers

OWASP identifies seven protection concerns that remain fully intact when viewed through a Nomotic lens. The value of Nomotic principles lies not in replacing those concerns, but in offering a conceptual model for implementing them within a coherent operating approach rather than as isolated controls.

• Model alignment traditionally focuses on training data, fine-tuning, and prompt design to shape behavior in advance. When Nomotic principles apply, alignment would continue at runtime, with an intelligent governance layer evaluating whether outputs remain consistent with intended behavior as conditions change, rather than assuming that successful training guarantees ongoing alignment.
• Historically, prompt injection defense has relied on sanitization, filtering, and detection of known attack patterns. Under Nomotic governance, defense would become contextual rather than purely syntactic. The governance layer would evaluate why a request exists within the current operational state, flagging requests that fall outside any legitimate workflow, even when they do not match recognized attack signatures. Meaning and intent would matter as much as form.
• Human oversight often takes the shape of human-in-the-loop approval, a model OWASP correctly notes becomes ineffective as systems scale due to cost, delay, and fatigue. Nomotic principles would shift oversight from constant intervention to calibrated judgment, where trust signals determine when human review adds value. Humans would remain responsible, but their attention would focus where discernment matters most.
• Automated oversight is commonly framed as post hoc monitoring, identifying suspicious behavior after it has already occurred. Nomotic governance would relocate oversight into execution itself, allowing evaluation and intervention to happen before actions are completed and consequences become difficult to reverse.
• User-based least privilege typically assigns access rights in advance, assuming user authority should flow directly through the agent. Nomotic principles would separate user intent from agent authority, allowing governance to deny execution even when a user could technically perform the action themselves. The agent would operate within explicitly defined boundaries rather than inheriting unrestricted access.
• Intent-based least privilege usually predefines task-level permissions. Nomotic governance would evaluate intent dynamically, recognizing that identical tasks may require different permissions depending on context, timing, and surrounding conditions. Authorization would become situational rather than static.
• Just-in-time authorization already gestures toward Nomotic thinking by granting access based on immediate need. Under Nomotic principles, that evaluation would expand to include behavioral history, trust levels, and interactions across multiple agents, ensuring that authorization reflects not only the present request but the broader system state in which it occurs.

What Nomotic Implementation Would Enable

These outcomes are theoretical but achievable. They describe what would become possible when governance is designed according to Nomotic principles, not what any current system delivers.

When OWASP’s seven concerns are implemented using Nomotic principles, the nature of governance would change without altering the underlying objectives.

Sequential checkpoints would give way to integrated evaluation. Rather than routing requests through independent gates that each introduce latency, governance would assess all relevant concerns together at the moment of action, preserving coverage while reducing friction.

Reactive detection would shift toward proactive prevention. Instead of identifying problems after behavior emerges, runtime governance would evaluate actions before outcomes are finalized, changing both the timing and the impact of intervention.

Broad human oversight would evolve into targeted escalation. Intelligent trust calibration would determine where human judgment meaningfully improves outcomes, keeping people in the loop without reducing their role to ceremonial approval.

Static permissions would mature into adaptive authority. Governance would respond to evidence as behavior unfolds, expanding authority when trust strengthens and contracting it when anomalies appear, allowing systems to adapt rather than remain fixed to early assumptions.

Individual permissions would broaden into compound capability awareness. While no single agent may hold excessive privilege, interactions between agents can create emergent risk. Nomotic governance would evaluate the full chain of action, recognizing when combined capabilities enable outcomes that no isolated permission would reveal.

Together, these shifts would not change what OWASP asks organizations to care about. They would change how those concerns live inside real systems, allowing governance to move at the same pace, scale, and complexity as the agentic AI it is meant to guide.

The Shift That Matters

OWASP named the right problems. The framework draws a clear boundary around what must be taken seriously when AI systems begin to act in the world. Nomotic AI does not challenge that boundary. It offers a conceptual foundation for inhabiting it more deliberately.

The shift is less about superiority and more about posture. Static rules would give way to systems that can reason. Sequential checks would give way to integrated judgment. Reactive controls would give way to decisions made in the moment of action. Context-blind enforcement would yield to contextual understanding. Opaque processes would open themselves to explanation. Compliance-oriented thinking would broaden into ethical responsibility. Human accountability would remain fixed at the center.

When Nomotic principles inform the implementation of OWASP’s seven layers, the checklist still exists. It changes character. Concerns remain intact, but they stop behaving like isolated safeguards and start functioning as parts of a living system. Governance moves from being something applied to AI to something practiced alongside it.

OWASP helps organizations see what deserves protection. Nomotic thinking helps them envision how protection could operate in environments that move, adapt, and learn. The relationship is complementary rather than competitive. One defines the landscape. The other explores how to build responsibly within it.

Nomotic AI is not a product to purchase or a platform to deploy. It is a way of thinking about governance architecture. It’s a set of principles that can guide implementation decisions as organizations build the governance layers their agentic systems require.

The result would not be looser control or heavier constraint. It would be a form of governance that treats intelligence, authority, and responsibility as inseparable. Systems would gain capability without losing accountability. Agents would act without escaping human intent.

That philosophical alignment, rather than any single mechanism, captures what Nomotic AI envisions.

---

If you find this content valuable, please share it with your network.

Follow me for daily insights.

Schedule a free call to start your AI Transformation.

Book me to speak at your next event.

Chris Hood is an AI strategist and author of the #1 Amazon Best Seller Infailible and Customer Transformation, and has been recognized as one of the Top 40 Global Gurus for Customer Experience. His latest book, Unmapping Customer Journeys, will be published in 2026.