CAM Protocol is the patent-pending governance infrastructure layer that enforces mandatory multi-party consent before any sensitive action executes, by design and not by policy.
No prior system combines all four elements
NY Law School Patent Law Clinic · March 2026
Ephemeral release: the governance server holds nothing
Breach the layer. Get an empty orchestration engine.
Bilateral, hash-chained log. No operator write access.
Cryptographically tamper-detectable post-compromise
Built for what you're governing
Choose Your Governed Surface
Authenticate the human principal
Secure the person prompting the agent before any action executes. CAM verifies principal identity before opening an authorization window.
Enforce multi-party approval before any tool fires
Every agent tool call against sensitive data routes through CAM's M-of-N threshold layer. No single credential authorizes execution. A configurable quorum does.
Fail closed with the veto
Any single trusted party (human or governance system) can block a request instantly. The system fails closed by default. Architecturally novel. Patent-pending.
Cryptographically signed audit log per action
Every agent action request, approval, denial, and execution is hash-chained and immutable. EU AI Act Article 14 human oversight, enforced. Deadline: August 2, 2026.
Featured Capabilities
How It Works
Agent attempts sensitive action
Governance layer evaluates request against configured quorum policy
M-of-N approvers authorize. Veto check runs first. Any denial blocks immediately.
Time-bound token issued. Data released only now. Immutable audit entry written.
All events → append-only bilateral audit log. Neither party has write access.
Developer API
A few API calls are all it takes to add patent-pending governance infrastructure to any application, agent framework, or data pipeline. CAM's SDK is framework-agnostic: if it can make an HTTP call, it can be governed.
// CAM Protocol SDK: govern any agent actionimport { CAMClient } from "@safeloc/cam-sdk"; const cam = new CAMClient({ apiKey: process.env.CAM_API_KEY }); // Before your agent accesses sensitive data:const { token, status } = await cam.requestAuthorization({ action: "read:patient-records", requestedBy: agentId, quorum: { required: 2, of: 3 }, // M-of-N threshold ttl: "5m", // Ephemeral window notifyApprovers: ["dr.chen", "dr.lee"],}); if (status === "AUTHORIZED") { // Token is single-use, expires in 5 minutes await fetchPatientRecord(patientId, token);}// If any approver vetoes → status === "DENIED" (before quorum)Go deeper
The Question Your Board Will Ask
When an AI-powered attacker finds the zero-day in your infrastructure (and Project Glasswing by Anthropic confirmed it will), what does the attacker get? CAM Protocol is the only answer that isn't "everything."
CAM Protocol is available via enterprise API licensing. Pilot deployments active in healthcare. Inquiries from regulated-industry integrators, CISOs, and CTOs welcome.