Agentic AI for Regulated Industries, Under a Deterministic Arbiter
We built Mickai so autonomous agents can act inside health, finance, energy, defence and government without ever slipping past the rules that govern them.
The trust problem no demo can solve
Agentic AI is arriving in the places where mistakes are expensive and sometimes irreversible. A model that drafts an email can be wrong and forgiven. A model that adjusts a drug dosage, moves client funds, trims a grid frequency, releases a targeting recommendation, or approves a benefit claim is playing in a different arena. In those settings the interesting question is no longer whether an agent can do the task. It is whether the agent can be trusted to do only what it is permitted to do, prove afterwards that it stayed inside those bounds, and let a regulator reconstruct the whole chain of reasoning months later. Most of what is marketed today cannot answer that question honestly.
The reason is structural. A large model is probabilistic by design. It samples, it generalises, it occasionally invents. That flexibility is exactly what makes it useful and exactly what makes it unsuitable as the final authority over a regulated action. We think the industry has been trying to solve a governance problem with better prompts and bigger context windows, when the real fix is architectural. You do not ask the improviser to also be the referee.
Separate the thinkers from the arbiter
Mickai is a Sovereign Intelligence Operating System, a SIOS. It is not an assistant bolted onto someone else's cloud. It is an operating layer that runs specialist intelligence and, crucially, governs it. Inside the system we run 50 specialist brains, 25 domain brains and 25 operational brains. The domain brains carry the deep competence: clinical language, financial regulation, grid engineering, legal reasoning, security analysis. The operational brains handle memory, retrieval, verification, scheduling and the mechanics of getting real work done. They are the thinkers.
None of them is the authority. Above all 50 sits deterministic governance, an arbiter that does not sample and does not guess. It applies fixed, inspectable rules to every proposed action. A brain can propose. The arbiter decides whether that proposal is allowed, given the policy, the role, the data boundary and the jurisdiction in play. If the action is out of bounds, it does not happen. This is the distinction that matters for regulated work. The creative, statistical part of the system is fenced in by a part that behaves the same way every single time.
“We do not make a probabilistic model promise to behave. We put a deterministic arbiter between the model and the action, so behaviour is enforced rather than hoped for.”
Why the deployment model is the compliance model
In regulated sectors, where your data goes is not a preference, it is the whole case. A hospital cannot let patient records leave the building. A bank cannot let deal data touch an uncontrolled endpoint. A defence programme cannot round trip anything through a public cloud. So Mickai runs on the customer's own hardware, on premises and air gapped when required. There is zero data egress and no public cloud round trip. The intelligence comes to the data, not the other way around.
That single design choice removes an entire category of risk that regulated buyers spend months trying to paper over with contracts. When nothing leaves the estate, there is no third party processor to audit, no cross border transfer to justify, no shared tenancy to worry about. The memory the system builds is memory the customer owns and keeps. It is not harvested, it is not used to train anyone else's model, and it does not walk out of the door when a vendor relationship ends.
Proof on every action, not a report at quarter end
Compliance teams do not just need agents to behave. They need to prove behaviour to someone who was not in the room and is not inclined to take their word for it. So every action Mickai takes produces a cryptographically signed audit record, the Open Audit Record. It captures what was proposed, which brain proposed it, what the arbiter decided, what policy applied, and what actually executed. The record is signed with post-quantum signing (ML-DSA-65), so its integrity holds up not only against today's adversaries but against the ones a decade of stored-and-decrypted attacks will bring.
Practically, this changes the character of an audit. Instead of reconstructing after the fact from scattered logs, the auditor reads a continuous, tamper evident chain of exactly what happened and why. The following properties are the ones regulated buyers keep asking us about, so it is worth stating them plainly.
- The intelligence runs on hardware the customer controls, on premises and air gapped, with zero data egress.
- Fifty specialist brains do the reasoning, but a deterministic arbiter, not a model, authorises every action.
- Every action carries a signed Open Audit Record that reconstructs the full decision path.
- Records are protected with post-quantum signing (ML-DSA-65), built for integrity that outlasts current cryptography.
- The memory the system accumulates belongs to the customer and never leaves the estate.
What this looks like sector by sector
In health, a domain brain can read a patient record, propose a care action and draft the note, while the arbiter holds it against clinical safety policy and the record never leaves the trust. In finance, agents can run reconciliation, monitoring and reporting at machine speed, with every step signed so a regulator can trace a decision back to its inputs. In energy, operational brains can watch the grid and recommend adjustments, but the arbiter enforces the safety envelope before anything touches live infrastructure. In defence, the air gapped deployment and post-quantum record matter most, because the sensitivity of the work and the length of time it must stay secret are both extreme. In government, benefit and casework decisions can be assisted at scale while remaining explainable and appealable, because the reasoning was recorded, not lost.
In each case the pattern is the same. The clever part is contained. The authoritative part is boring, fixed and provable. That is precisely what a regulated environment wants from automation, and it is what general purpose agents, however capable, are not built to guarantee.
The moat and where it is going
This architecture is protected by a substantial body of filed intellectual property. We now have 104 filed UK patent applications containing approximately 2,340 claims, with full specifications, claims and figures, building toward examination and grant. The filings cover the governance layer, the audit record, the way specialist brains are coordinated and the sovereign deployment model. We are not describing an idea. We are describing a system with its foundations already documented and lodged.
The market is starting to notice. On Crunchbase our founder now ranks number 2, and the company Heat Score has reached 94 out of 100, climbing from single digits. We read that as a signal that the thesis, sovereign, governed, provable agentic AI for the sectors that cannot compromise, is landing with the people who watch this space closely.
The next few years will decide whether regulated institutions get to use agentic AI at all, or whether they are locked out because nobody could make it safe on their terms. We are building for the second future to never happen. Autonomy and accountability are not opposites. Put a deterministic arbiter over capable specialist brains, keep the whole thing on the customer's hardware, and sign every action, and you get agents that regulated industries can actually deploy. That is the standard we are holding ourselves to, and we think it is the one the sector will demand from everyone before long.





