An open standard for evaluating numerical admissibility in generative AI systems.
As financial institutions aggressively deploy generative AI and agentic architectures, the industry faces an unmanaged governance gap. In April 2026, US regulators (Federal Reserve, OCC, FDIC) issued SR 26-2, explicitly placing generative AI outside traditional model-risk frameworks, leaving institutions to define, document, and defend their own governance.
To bridge this regulatory void, ZORRZ Inc. has published AP-1 (v1.2)—an open, falsifiable standard for evaluating numerical admissibility in AI systems.
The Structural Flaw: Generative Origination
The core vulnerability in enterprise AI is origination: a generative model producing a quantitative value that was not computed from source data. Because a fabricated figure and a computed figure are textually indistinguishable, origination cannot be detected by simply inspecting outputs.
Instructing an AI model not to fabricate is a policy, not a control. A policy makes a failure rarer; a control makes it impossible. AP-1 tests whether an institution has successfully built a deterministic control architecture, or if it is relying on probabilistic chance.
What AP-1 MeasuresAP-1 defines the strict properties a system must exhibit before its quantitative outputs can be relied upon, defended, and entered into a record.
Under this standard, a figure is only admissible if it is Computed, Traceable, Reproducible, and Refusable.
The protocol evaluates systems across seven strict dimensions:
Accuracy
Determinism
Provenance
Refusal Integrity
Adversarial Resistance
Conflicting Input
Computation Invocation
(Testing whether deterministic computation was actually invoked, or if invocation was skipped under pressure).
Open-Source Reference Implementation
AP-1 makes no exception for its author.
ZORRZ evaluates its own deterministic containment architecture against this exact standard and publishes the results in full.
AP-1 is domain-neutral, architecture-neutral, and free to use, cite, and implement under a CC-BY 4.0 license.
Institutions, risk officers, and model-validation teams can access the full standard and the testing instrument via the links below:
The Full Standard (DOI): 10.5281/zenodo.21324954
The Reference Implementation (GitHub): github.com/zorrzai/admissibility-protocol
Numbers are computed, not generated. Regulated institutions cannot deploy statistics; they deploy controls.
Further detail is disclosed in briefings — held under NDA for institutions, partners, and investors.