Three dispatches drew three boundaries and found the same four risks falling past all of them. OWASP stopped at the agentic attack surface. NIST stopped at content harm. MAESTRO stopped at the agent architecture.
Power centralization, inequality, competitive dynamics, governance failure — past every map, for three unrelated reasons. But threat-modeling is not the whole map. There is an outer ring — the assurance and accountability artifacts that begin where threat-modeling stops. The question this closeout was built to answer is the only one left: does the outer ring reach the cluster the inner three could not?
What the outer ring reaches
AIUC-1 is the artifact to test it against — an independently audited certification standard for AI agents: 51 requirements and 130 controls across six pillars, refreshed quarterly, with insurance attached to the certification itself. In May 2026, OWASP published a crosswalk mapping AIUC-1 to its agentic Top 10, which places the ring directly on top of the inner maps rather than beside them.
Two of its six pillars reach further toward the cluster than anything in the inner three: reliability, and accountability. AIUC-1 is the first artifact in this series to treat accountability as a controllable property — something an organization can be certified against, audited on, and insured for, rather than a governance aspiration. Accountability and reliability are not attack surfaces, outputs, or architectural layers. They are organizational properties, and the inner three had no place for them. The outer ring does.
Where even the ring stops
And it still does not reach the four. Accountability for what an agent does is not the same instrument as preventing the concentration of power among the firms that build agents. A reliability control is not a labor policy. AIUC-1 can certify that an organization is answerable for its agents; it cannot certify that the market those agents reshape stays competitive, or that the workforce they displace is made whole.
Accountability — Yes, now a controllable, audited property. Reliability — Yes. Power centralization — No. Inequality & unemployment — No. Competitive dynamics — No. Governance failure — No. The ring reaches two organizational properties the inner three could not hold — and stops at the same four.
The reason is the one the series has carried from the first dispatch. Power centralization is market structure. Inequality is labor economics. Competitive dynamics and governance failure are properties of institutions. The outer ring reaches further than the inner three — and stops at the same place, because the four are not technical, and assurance, however independently audited, is still a technical-organizational instrument. Two of the four — power centralization and inequality — are also among the five risks the MIT panel judged to stay above 10% catastrophic probability even after pragmatic mitigation.
The deployer seat
The MIT panel concentrated responsibility on general-purpose AI developers and governance actors; the medians sit highest there. It did not, however, release the deployer — deployer responsibility was rated moderate-to-high, secondary to developers and governance actors but real and explicit. That placement matches where the four are felt.
The risks that fall past every framework in this series are felt first at the deployment — where an agent system meets the market it competes in, the workforce it changes, and the institution it runs inside. The frameworks map the agent. The outer ring certifies the organization. The deployer holds the seat where the structural cluster actually lands, and no certificate transfers that seat to anyone else.
What the community is watching
On May 1, 2026, a Five Eyes joint guidance led by CISA and NSA — Careful Adoption of Agentic AI Services, co-signed by partner agencies in Australia, Canada, New Zealand, and the United Kingdom — counseled enterprises to adopt agentic AI under containment and reversibility while the standards mature: deploy in bounded scopes, keep actions reversible, and do not outrun the assurance that exists. The security community is watching that guidance, and deference to it is the discipline of the moment; it is not Luminity’s position, but the posture the community has adopted while the maps are still being drawn.
Where the maps stop
So the series closes where it began, with a sharper edge. Three independently chartered bodies drew three boundaries — the attack surface, the output, the architecture — and the same four risks fell past all three. The outer ring of assurance reaches further still, naming accountability and reliability as controllable, audited, insured — and the four fall past it too. The pattern held across four readings because the four are not a coverage gap any body could close by trying harder. They are not technical. The maps stop precisely where the risk stops being technical, and what lies past that line is the deployer’s to hold.
The outer ring reaches further than the inner three — and stops at the same place. AIUC-1 treats accountability and reliability as controllable, audited, and insured; it still cannot certify away market concentration or labor displacement, because those are not technical properties of an agent. They are properties of markets, labor, and institutions. Two of the four — power centralization and inequality — are also among the five the MIT panel judged to stay above 10% even under pragmatic mitigations. Across four readings, the same cluster fell past every map. That is the finding: the gap is structural, it is non-technical, and it lands at the deployment.
The frameworks did not fail. Each mapped what it was chartered to map and stopped correctly at its edge. The work that remains — locating the cluster, and translating it for a specific deployment environment — belongs to the practitioner. The analytical vocabulary is ours; the control surfaces are the documents’.
