# ────────────────────────────────────────────────────────────────────────────── # ASK — Core Manifest # ────────────────────────────────────────────────────────────────────────────── # Machine-readable ground truth for the ASK platform's identity, motivation, # and proposed solution. Every other document in this repository (whitepaper, # product manifesto, brand guidelines, UI tokens, training plan) is downstream # of this file. When prose and YAML disagree, YAML wins; the prose is updated # in the same PR. # # Schema is stable. Add fields additively. Renaming requires a major bump. # ────────────────────────────────────────────────────────────────────────────── schema_version: 1 spec_version: 2.0.0 # ASK2 specification line status: approved visibility: confidential owner: name: Matteo Rizzo email: matteo.rizzo@mir-ai.it updated: 2026-05-25 # ── Identity ────────────────────────────────────────────────────────────────── identity: name: ASK full_name: ASK — Cognitive Infrastructure parent_org: Carraro Group vendor: MirAI s.r.l. category: cognitive-infrastructure not_a: - corporate chatbot - controlled gateway to public LLMs - productivity assistant - consumer AI surface is_a: - secure orchestration layer between raw LLM compute and corporate processes - active governance middleware (compliance-by-design, policy-as-code) - foundation for safe, auditable agentic AI # ── Essence ─────────────────────────────────────────────────────────────────── essence: tagline: Cognitive infrastructure. Power under control. one_paragraph: > ASK is the cognitive infrastructure focused on security and compliance. It is the dashboard, transmission, and braking system that safely harnesses raw AI horsepower into predictable, compliant, highly secure corporate outcomes. Compliance is reframed from bureaucratic barrier into an enabling platform for growth. positioning_statement: > For professionals navigating the generative- and agentic-AI transition, ASK is the secure, institutional orchestration platform that converts unmanaged AI risks into certified corporate assets. Unlike consumer AI tools that invite data leaks and hallucinated risks, ASK delivers context-anchored, deterministic intelligence natively built into the corporate workflow. voice: - authoritative-and-pragmatic - protective-yet-enabling - deterministic-and-accountable # ── Motivation: the problem ASK solves ──────────────────────────────────────── motivation: thesis: > Generative AI entered enterprises bottom-up, silently, without IT governance. The resulting cognitive, security, and compliance debt is a systemic risk — not a usability complaint. Paper policies cannot fix it; only an infrastructure that codifies governance into the software itself can. observed_problems: - id: P1 name: Shadow AI definition: > Employees use personal AI tools for corporate work, leaking proprietary data to external cloud providers whose terms of service often allow reuse for model retraining. evidence: - "77% of AI-using employees share sensitive data with unauthorized platforms (Cisco, 2025)" - "Shadow-AI-linked breaches cost an average $4.63M, ~$670k above the global baseline (IBM, 2025)" - "Gartner: >40% of enterprises will suffer a Shadow-AI-related breach by 2030" - id: P2 name: Cognitive spillover definition: > Informal habits developed in personal (low-stakes) AI use are transferred wholesale into the corporate (high-stakes) domain, producing unvalidated outputs and decisions based on hallucinated data. evidence: - "Context collapse (Marwick & Boyd, 2011) erases the visual cues that used to separate playful from professional tooling" - id: P3 name: Cognitive debt definition: > Without structured guidance, most users settle into two dysfunctional archetypes: the Auto-Automator (passive delegation, accepts hallucinations) or the Traditional Searcher (treats the LLM as a keyword database, massively under-utilizing it). evidence: - "Dell'Acqua et al. (2024): performance below the no-AI control group when users operate outside the model's jagged frontier" - id: P4 name: Excessive agency definition: > Autonomous agents launched without governance can write to ERPs, send mass emails, and consume compute in loops. Risk is no longer cognitive — it is systemic and operational. evidence: - "OWASP Top 10 for LLM Applications (2025) lists Excessive Agency as a top vector" - "Gartner: 40% of enterprise applications will embed dedicated AI agents by end of 2026" regulatory_pressure: - id: eu-ai-act name: EU AI Act reference: "Regulation (EU) 2024/1689" enforceable_from: 2026-08-02 max_penalty: "€35M or 7% of global annual turnover" key_obligations: - "Art. 9 — Risk management" - "Art. 10 — Data governance" - "Art. 11 — Technical documentation" - "Art. 12 — Event logging" - "Art. 13 — Transparency" - "Art. 14 — Human oversight" - id: iso-42001 name: ISO/IEC 42001:2023 scope: AI management systems - id: nist-ai-rmf name: NIST AI Risk Management Framework scope: International reference frame # ── Solution: the three architectural pillars ───────────────────────────────── solution: thesis: > Build an alternative that is institutionally superior to consumer AI, realigning user incentives with corporate safety. Compliance lives in the architecture, not in a PDF. pillars: - id: walled-garden name: The Walled Garden promise: Trust & Sovereignty function: > Zero-trust, tenant-isolated environment. User data is structurally protected from public model training; GDPR- and EU AI Act-compliant by construction. mitigates: [P1] ui_manifestations: - tenant-isolation badges - sub-zero ambient chrome - Pattern D — Implicit RBAC Filtering - id: rag-engine name: The RAG Engine promise: Contextual Truth function: > Every output is mathematically bound to verified corporate files. Statistical speculation is replaced by precise, auditable source documentation. Eliminates the Oracle Illusion. mitigates: [P2, P3] ui_manifestations: - Pattern A — Verified Citation Block - inline citation chips - source pane on click - id: policy-as-code name: Policy as Code promise: Invisible Governance function: > Compliance is engineered directly into the software architecture. Governance is not a manual policy document but an active middleware infrastructure that shapes every interaction. mitigates: [P3, P4] ui_manifestations: - Pattern B — Human-in-the-Loop Validation - Pattern C — Active Guardrail Interventions - Pattern D — Implicit RBAC Filtering # ── Architecture: the four logical tiers ────────────────────────────────────── architecture: tiers: - id: L3 name: Logic component: Container (Chat / Notebook / Vertical App) role: User-facing context, permissions, UI, governance rules. - id: L2 name: Workflow component: Intents (Search, Analyze, Generate, Execute) role: Receives the request, picks the strategy, coordinates tools. - id: L1 name: Engine component: Tools (RAG, Web, Code, MCP connectors) role: Specialized, independent executors. - id: L0 name: Control component: Guardrails (security, policy, compliance) role: Crosses all tiers — filters inputs, checks outputs, applies RBAC, produces immutable audit logs. # ── Execution environments ──────────────────────────────────────────────────── environments: - id: chat name: General Chat driver: Autonomous agent interaction, daily versatility. layout: Wide, centralized conversational. session_state: ephemeral write_to_external: false archetype_target: [Centaur, Cyborg] - id: notebook name: Notebook driver: Deep exploration of a specific knowledge base (Pod). layout: Split 60/40 (prompts ↔ pinned context + sources). session_state: persistent write_to_external: false archetype_target: [Centaur] - id: vertical-app name: Vertical App driver: Logic-driven, predefined corporate workflow. layout: Stepper + structured forms. session_state: transactional write_to_external: true # always through HITL (Pattern B) archetype_target: [Cyborg, junior users guided by the App] # ── Compliance patterns (mandatory) ─────────────────────────────────────────── compliance_patterns: - id: A name: Verified Citation Block purpose: Every factual assertion carries an inline, interactive citation. serves: [rag-engine] - id: B name: Human-in-the-Loop Validation purpose: External writes require an explicit double-action (slide or multi-checkbox). serves: [policy-as-code] - id: C name: Active Guardrail Interventions purpose: PII redaction and out-of-scope blocks are surfaced calmly, inline. serves: [walled-garden, policy-as-code] - id: D name: Implicit RBAC Filtering purpose: Unauthorized actions are omitted from the UI — never disabled. serves: [walled-garden] # ── User archetypes (from the whitepaper) ───────────────────────────────────── archetypes: - id: auto-automator label: Auto-Automator perception: oracle behavior: passive blind delegation agentic_readiness: dangerous risk_to_org: systemic - id: traditional-searcher label: Traditional Searcher perception: keyword database behavior: under-uses reasoning capability agentic_readiness: incompatible risk_to_org: under-utilization - id: centaur label: Centaur perception: cognitive engine behavior: divide-and-conquer; clear human/AI separation agentic_readiness: high risk_to_org: low - id: cyborg label: Cyborg perception: cognitive partner behavior: continuous co-creation, iterative validation agentic_readiness: optimal risk_to_org: low governance_goal: > Shift the workforce distribution toward Centaur and Cyborg. The platform itself does the shifting, via apps and RAG anchoring. # ── HITL risk matrix (Module 5) ─────────────────────────────────────────────── hitl_matrix: - data_sensitivity: low action_reversibility: reversible rule: Agent operates autonomously. - data_sensitivity: high action_reversibility: reversible rule: Agent executes; output is reviewed before release. - data_sensitivity: low action_reversibility: irreversible rule: Agent requests pre-confirmation. - data_sensitivity: high action_reversibility: irreversible rule: Agent suspends; explicit qualified-operator approval required, logged. # ── Documents in this set ───────────────────────────────────────────────────── documents: - id: whitepaper en: docs/whitepaper.md it: docs/whitepaper.it.md role: The "why" — cognitive, sociological, regulatory rationale. audience: [executives, managers, IT leadership, security officers] - id: what-is-ask en: docs/what-is-ask.md it: docs/what-is-ask.it.md role: The "what" and "how" — architecture, environments, integrations, governance. audience: [managers, process owners, IT leadership] - id: brand-guidelines en: docs/brand/guidelines.md role: The brand, voice, and visual contract. audience: [designers, copywriters, marketing] - id: design-system en: brand-sheets/Ask Design System.html role: Tokens, components, patterns reference. audience: [designers, engineers] # ── References (canonical citations used in prose) ──────────────────────────── references: - id: dellaqua-2024 citation: "Dell'Acqua, F. et al. (2024). Navigating the jagged technological frontier. Management Science, 70(9), 5797–5817." - id: ibm-2025 citation: "IBM (2025). Cost of a Data Breach Report 2025." - id: cisco-2025 citation: "Cisco (2025). 2025 Data Privacy Benchmark Study." - id: netskope-2026 citation: "Netskope (2026). Cloud & Threat Report: AI Apps in the Enterprise." - id: gartner-2026 citation: "Gartner (2026). Predicts 2026: AI Agents Transform Enterprise Applications." - id: nvidia-2026 citation: "NVIDIA (2026). State of AI in the Enterprise Trends Report." - id: eu-ai-act citation: "European Parliament & Council (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act)." - id: lewis-2020 citation: "Lewis, P. et al. (2020). Retrieval-augmented generation for knowledge-intensive NLP tasks. NeurIPS 33." - id: owasp-llm-2025 citation: "OWASP Foundation (2025). OWASP Top 10 for LLM Applications." - id: kahneman-2011 citation: "Kahneman, D. (2011). Thinking, Fast and Slow." - id: reeves-nass-1996 citation: "Reeves, B. & Nass, C. (1996). The Media Equation."