Physical AI Safety: Ownership and Execution Boundaries
A Declaration Structure for Physical AI Safety
Distinguishing LLM from Agent, and the Missing Context Layer
1. The Problem
Current AI regulation treats “AI” as a single entity. It does not distinguish between the LLM and the agent.
The result:
- Responsibility is assigned after the fact
- Boundaries are never declared in advance
- The LLM fills the gap with inference
- The agent executes without defined limits
2. LLM and Agent Are Not the Same
LLM — A Reasoning and Generation Engine
It produces outputs when called, but it does not act on its own.
Agent — An Execution System
An agent repeatedly calls the LLM, interprets its outputs, connects them to tools, devices, and services, and converts text into real-world action.
This is where the risk appears. When an agent built on top of an LLM connects to tools, devices, and services without clearly defined boundaries.
3. The Context Problem
The prevailing approach has been to feed the agent more Context to improve LLM accuracy. But the real goal is not more Context — it is precise Context.
- Without Context, the LLM must guess what an action means.
- With Context, the LLM reasons from declared information.
- Context is more reliable than inference.
As new devices emerge and new services are built, any approach that depends on guessing will eventually fail.
Physical AI safety must not depend on guessing. It must begin with declared Context.
4. What Is Missing — The Undeclared Context Layers
There is a structural gap in the Context that agents currently pass to LLMs.
| Layer | Principal | Content |
|---|---|---|
| 1 | Manufacturer | What this system can and cannot do |
| 2 | Service Provider | The permitted scope of actions in this service |
| 3 | User | The intent and request at this moment |
| 4 | Agent | Ethics, regulations, physical laws, and everything else |
Today, only layers 3 and 4 exist. Layers 1 and 2 are absent.
So the LLM reasons without boundaries, and the agent executes without boundaries.
5. Declaration Before Verification
How do we make an agent’s verification trustworthy? The verification of ethics, regulations, and physical laws is an open problem. The entire field is working on it.
But there is something we can do right now. Declaration must come before verification.
- The manufacturer and service provider declare their boundaries.
- The agent validates those boundaries and provides them as Context.
- The LLM reasons within that Context.
- The user approves within those boundaries.
6. Why Now — Irreversible Execution
A traffic light is not a device for assigning blame after an accident. It is a structure that prevents the accident before it happens. Physical AI safety must work the same way.
Agent execution creates irreversible harm through two paths:
- Physical execution — a door opens, a gas valve turns, a vehicle moves.
- Digital execution — a file is deleted, a record is altered, a financial transaction is processed.
Both paths are difficult to undo. That is why interception must come first.
And interception is technically achievable. A structure of declaration and Context provision can stop execution before it happens.
7. Why This Changes the Alignment Problem
When boundaries are declared, the LLM reasons within them. When boundaries are absent, the LLM must construct them on its own. That is the source of instability. Declaration removes the requirement for the LLM to guess.
An agent executing without Context is precisely the scenario that AI alignment research fears most.
A structure of declaration and Context provision transforms alignment from a philosophical problem into an engineerable design.
The goal is not to assign responsibility after harm occurs — it is to intercept the harm at the reasoning stage, before execution begins.
Declaration first.
Discussion in the ATmosphere