AI-to-AI Diplomacy: Why LLM-Only Negotiation Fails Under Zero Trust and How SLE-Governed Systems Enable Proof-Carrying Compacts

AI-to-AI Diplomacy: Why LLM-Only Negotiation Fails Under Zero Trust and How SLE-Governed Systems Enable Proof-Carrying Compacts Most emerging “agentic” systems treat negotiation as language: exchange messages, converge on a deal. This paper argues that under zero trust that framing is structurally unsafe. Natural language negotiation is a low-integrity commitment substrate: ambiguity, downgrade pressure, selective disclosure and post-hoc denial become exploit paths and probabilistic outputs cannot provide the determinism and replayability required for audit-grade accountability. This paper introduces a protocol stratum for AI-to-AI interoperability: the Diplomatic Layer. The Diplomatic Layer separates conversation from commitment by requiring that binding agreements be expressed as Proof-Carrying Compacts – canonical objects whose admissibility is decided by an explicit, deterministic verifier producing stable reason codes and replayable decision records. The protocol also specifies a Forensic Handshake concept for session context binding (scope, authority, disclosure constraints and audit commitments) without relying on conversational persuasion. Public release follows a two-tier verification posture designed to support inspection without increasing attack surface. Tier-0 provides a public-safe integrity snapshot: protocol semantics, abstract schemas, deterministic verifier rules, reason-code taxonomy and sanitized evaluation outcomes (aggregate pass/fail and replay integrity hashes). Tier-1 provides controlled-access verification for qualified reviewers requiring deeper reconstruction and provenance checks without exposing operational wiring or constraint boundaries publicly. This paper is protocol-first and scope-disciplined: it does not claim diplomacy is deployed/exposed as a running API endpoint, does not claim multi-process agent-pack orchestration in the reference implementation (Auren v1.0) and treats operational cryptographic non-repudiation under sovereign key management and always-on enforcement boundaries (SEP) as planned extensions beyond the current protocol-first scope. Series links (Project Orion): The Sentinel Life Equation (SLE): A Proposed Dynamical Framework for AI Continuity and Alignment – DOI: 10.5281/zenodo.17575603 The Cage Paradox: A Thought Experiment on Stability, Drift and the Evolution of Intelligent Systems – DOI: 10.5281/zenodo.17691117 The Cage Paradox: A Thought Experiment on Stability, Drift and the Evolution of Intelligent Systems – A Non-Technical Introduction to Sentinel-Grade AI – DOI: 10.5281/zenodo.17691383 Sentinel-Grade AI: Continuity Without Cages – DOI: 10.5281/zenodo.18750012 Sentinel-Grade AI: Continuity Without Cages – Non-Technical Companion – DOI: 10.5281/zenodo.18750318 AI-to-AI Diplomacy: Why LLM-Only Negotiation Fails Under Zero Trust and How SLE-Governed Systems Enable Proof-Carrying Compacts – DOI: 10.5281/zenodo.18881155 AI-to-AI Diplomacy: Proof-Carrying Compacts for Zero-Trust AI-to-AI Interoperability – Non-Technical Companion – DOI: 10.5281/zenodo.18881281 Project Hub the Cage Paradox motivates governed evolution as a regime; Continuity Without Cages operationalizes evidence gating and rollback semantics. AI-to-AI Diplomacy extends the series to interoperability under zero trust, treating commitments as coupling constraints and specifying a protocol boundary that makes agreements verifiable rather than conversational. Key points: Reframes AI-to-AI negotiation as a protocol problem under zero trust Defines the Diplomatic Layer as a verifiable commitment boundary Introduces Proof-Carrying Compacts as canonical agreement objects Specifies deterministic verifier semantics with stable reason codes + replayable decision records Connects commitments to continuity-governed dynamics (SLE linkage) Separates public-safe Tier-0 evidence from controlled Tier-1 verification to avoid increasing attack surface States non-claims and limits to prevent overinterpretation Evidence / verification snippet: Tier-0 (public): hash-manifested integrity snapshot (verify bundle hash + per-artifact hashes; replay deterministic outcomes on canonical objects; reproduce reported aggregates). Tier-1 (controlled access): deeper reconstruction and decision-record inspection for qualified reviewers without exposing sensitive boundary conditions publicly. Audience line:Mission assurance and defense-style review cultures, critical infrastructure operators, regulators/auditors (EU AI Act-relevant contexts), institutional due diligence teams and AI safety engineering practitioners evaluating zero-trust interoperability. Disclaimer line:Independent research preprint. Not a compliance filing, certification claim or regulatory conformity assessment. References to EU AI Act are contextual (“EU AI Act-relevant”), not a claim of conformity. Not affiliated with any employer or institution.