← ARTIFACT INDEX ARTIFACT 06 / 06
The Autonomy Gate
WF-20260611-003 · v1
Governance Memo · 2026-06-11
Governance Memo
Human Only
Vendor bank-account change request
CONFIDENCE · HIGH HANDOFF · NOT_APPLICABLE
STRUCTURAL BLOCK
GATE-2
NO OVERRIDE
GATE-2

Irreversible external commitment. The terminal action authorizes a new external payment destination. Once funds route to a fraudulent account, recovery depends on parties outside the organization's control. The verdict cannot be revised by controls, operator instruction, or urgency framing.

A vendor-initiated bank-account change is an authorization of a new external payment destination — the canonical business-email-compromise vector.

The request supplies its own verification channel, and any automated process that uses that channel validates the attacker's evidence. This is why the prohibition covers verification, not just execution — AI may not select which evidence proves the request is genuine.

Why this cannot be delegated
GateGATE-2 — irreversible external commitment TerminalAuthorize a new external payment destination RiskPayment-redirection fraud (BEC) PatternRequest supplies its own verification channel
Human review process
  1. 01Retrieve vendor contact from a previously verified source
  2. 02Perform an independent callback — never the supplied channel
  3. 03Compare against retained vendor records
  4. 04Obtain a second authorized approval; retain both records
Expected outcomes
VERIFIED_AND_APPROVEDIndependent callback completed, vendor identity confirmed, dual authorization recorded, account updated in vendor master
HOLDCallback in progress or callback source not yet retrieved; no change made, status documented
REJECTEDRequest failed independent verification or dual authorization; no change made, rejection documented with evidence
FRAUD_SUSPECTEDRequest characteristics match business-email-compromise pattern; escalated to security immediately, no system access provided to requester
What changes thisNothing changes this verdict for this terminal action. A separately submitted preparation workflow — compiling vendor records and producing a discrepancy checklist for human review — may be assessed on its own and would not trigger GATE-2. Autonomy expiresThis prohibition does not expire. Reassess the human procedure when verification policy, authorization roles, the payment system, or the vendor-master process changes — or after any incident.
Safe decomposition opportunity

AI may compile existing vendor records and produce a discrepancy checklist for human review — but it may not choose the contact channel, determine authenticity, authorize the change, or write payment data.

Build Handoff Pack NOT_APPLICABLE
Terminal-action boundaryAI may prepare a discrepancy checklist only. Authorizing or writing vendor payment data remains human-owned. Architecture decision recordNOT_APPLICABLE — GATE-2 prohibits AI execution of the terminal action. Permissions and credentialsNo payment-system, vendor-master, banking, or write credentials are authorized for AI. Deterministic controlsPayment-data writes require independently verified callback evidence and dual human authorization. Human checkpointsIndependent callback and second authorized approval are mandatory and blocking. Prohibited actionsAI may not choose the verification channel, determine authenticity, authorize the change, or write payment data. Logging and auditRetain callback source, verifier identity, both approvals, decision, timestamp, and any fraud escalation record. Failure, rollback, and stop behaviorStop immediately on failed or unavailable verification. Make no account change and escalate suspected fraud. Deployment sequenceNo AI deployment is authorized. Apply the human review procedure before any vendor-master change. AssumptionsNone required for the GATE-2 prohibition. Unresolved dependenciesNone decision-material. Expiration and reassessment triggersThe prohibition persists. Reassess the human procedure after policy, role, system, or process changes, or after any incident. Version invalidation triggersAny material change creates a new packet version and invalidates prior disposition records. Tool alternativesHuman procedure only; safely decomposed AI preparation requires a separate Gate assessment. Builder acknowledgementNOT_APPLICABLE — no AI implementation is authorized. Human operating procedureUse a previously verified contact source, perform an independent callback, compare retained records, obtain dual authorization, and retain the complete decision record. Safe decomposition opportunitiesCompile existing records and produce a discrepancy checklist without selecting evidence, deciding authenticity, or changing payment data.
Operator Disposition On the human procedure — not the prohibited action
APPROVE_FOR_BUILD
HOLD_FOR_EVIDENCE
REVISE
REJECT
Gate noteNo build disposition applies — this memo governs a human procedure. The operator acknowledges and routes to the named owner.
Name / role
Date
v1
Packet version
Rationale
← ARTIFACT INDEX GOVERNANCE MEMO · v1