Open Standard · AI Interpretability Risk Management

CIRCUIT Framework

Circuit-Informed Risk & Control, Understanding, Inventory & Transparency

Enterprise AI governance today is paperwork wrapped around a black box. CIRCUIT is the open standard that closes the gap — a Score you can brief to a board, a Registry your auditor can read, a Control your pipeline can enforce.

Open Source v1.1.0
Read the White Paper Blog Series Live Demos
0–5
IMS Maturity Scale
10
Hard Rules
7
KPIs
29
Vendor Questions

Core Framework

Three things and only three things

A framework a CISO cannot explain to a board in ten minutes does not get adopted. CIRCUIT fits on a poster.

01

A Score

The Interpretability Maturity Score (IMS) is a 0–5 evidence ratchet that sits on top of your existing risk tiers. You don't declare a level. You produce the artifacts that prove it.


Learn about IMS →
02

A Registry

An eight-section YAML schema, one document per model or system, bound by foreign key to your existing agent inventory. Machine readable. Diffable in Git. Portable across vendors.


Learn about the Registry →
03

A Control

The Circuit Risk Score (CRS) and the ten hard rules. CRS drives the approval ladder and dashboard prioritization. The ten rules are binding. They are the part with teeth.


Learn about CRS →

The Registry — In Code

A schema engineers can read

One YAML document per model, eight sections, machine-readable and diffable in Git. The snippet below shows Identity, Maturity, and the KPI Baseline (from Appendix C.1 — Category A fraud-scoring model, IMS 4, Critical-tier).

# CIRCUIT Registry Entry — Schema v1.1.0
circuit_registry_entry:
  version: "1.1.0"

  identity:
    model_id: "fraud-classifier-v3"
    name: "Real-Time Fraud Scoring (Gemma-3 9B fine-tune)"
    vendor: "internal"
    category: "A"              # open weights, self-hosted
    risk_tier: "Critical"      # Numeric: 4
    owner: "security-team@company.com"
    consequence: "Automated"   # DCW: 3

  maturity:
    ims: 4
    ims_ceiling: 5             # Category A ceiling
    evidence:
      - artifact: "fraud_attribution_graph_2026-03-15.html"
        type: "attribution_graph"
        date: "2026-03-15"

  kpi_baseline:
    circuit_size: 84           # ≤ 100 ✓ (assumes summarization tooling)
    edge_count: 318            # ≤ 500 ✓
    monosemanticity: 0.87      # ≥ 0.70 reliability target ✓
    robustness: 0.94           # ≥ 0.90 ✓
    stability_across_versions: 0.91  # ≥ 0.75 ✓
    acfr_last_quarter: 0       # P1 safety-circuit bypasses; Rule 7 trigger: ≥ 1

See the full eight-section schema in data/registry-schema.yaml and the worked examples in white paper Appendix C.

The Formula

Circuit Risk Score

One number that tells you whether a model's interpretability posture is good enough for the job you're asking it to do.

CRS = Risk Tier × (6 − IMS) × Decision Consequence Weight
Band Range Meaning Approval
Green 1–12 Interpretability adequate for use Standard approval
Amber 13–47 Watchlist; plan to raise IMS or lower consequence AI governance committee review, quarterly
Red 48–96 Compensating controls mandatory; time-boxed remediation CISO and AIGC sign-off; ≤ 180 days to Amber
Purple 97–120 Not deployable in current configuration Blocked; requires tier reduction or vendor change
Try the CRS Calculator →

Blog Series

Published in three parts

From the governance gap to adoption playbook — the full CIRCUIT story.

Part 1 · Week 1

The Governance Gap

You cannot defend what you cannot inspect

Enterprise AI governance is paperwork around a black box. This part names the gap — why the controls we already have cannot answer the questions that matter when an AI system fails.

Read Part 1 → ~20 min read
Part 2 · Week 3

What CIRCUIT Is

A score, a registry, and a control

The Score, the Registry, the Control. Seven KPIs. Three model categories. One formula. A dashboard. Everything inside the framework, in the order a practitioner would encounter it.

Read Part 2 → ~25 min read
Part 3 · Week 5

How to Adopt It

Ninety days to a working program

The adoption playbook: four phases, the "Show Me Your Circuits" questionnaire, regulatory crosswalks, and the open release details.

Read Part 3 → ~25 min read

Why Open Source

The goal is not for any one organization to own this framework

The goal is for the industry to have one.

Collective Action

One CISO sending one vendor questionnaire is a support ticket. Two hundred CISOs sending the same questionnaire is a market force.

📋

Regulatory Safe Harbor

Enforcement agencies need concrete artifacts they can treat as presumptive compliance. A proprietary spec cannot be that artifact.

🔓

Vendor Portability

Open YAML means you can switch interpretability tool vendors without re-keying thousands of registry entries.

🛡️

Community Security

Security only benefits the community when the community shares it. CIRCUIT builds on NIST, MITRE, OWASP, and CSA's open work.

View on GitHub Request a Pilot

"We are deploying AI we can't explain, defending AI we can't inspect, and trusting AI we can't audit. That is not a governance program. That is a liability surface."

— CIRCUIT Framework

Start with Part 1 →