Coadaptive Security Layer¶
Coadaptive Layer · Overview
Position: Doctrinal extension of SF² for the AI era. Relationship to SF²: Each chapter cross-references INTO the SF² base. The layer never replaces SF², it extends it.
This layer earns top-level position next to SF², rather than nesting under AI tooling, because what AI changed is not a vendor choice but the operational fabric the whole framework runs on. Filing it under "AI Integration" would treat it as one more tool to configure. It is closer to a shift in the ground. The five attack surface expansions and the comprehension crisis are cumulative pressure on every condition the base framework cultivates, and that pressure is what earned a layer of its own.
The name is Coadaptive, not a rebrand of SF². The base framework's account of software factories holds without amendment, and this layer adds only the part that shows up when a second intelligence joins the work and the system starts adapting to inputs no one wrote. Coadaptive names that: a system where the human, the agents, and the adversary are all adapting at once, and security has to be a property that adapts with them.
How this layer relates to SF²¶
SF² is the base and this layer rides on top. AI-era pressure changes how the factory operates without changing what a software factory is, so none of the base doctrine is retired. The Universal Security Conditions still hold, the positioning model still holds, the investment logic still holds. This layer surfaces what those conditions have to contend with once agents read, reason, and act inside the system.
The layer is doctrinal, not vendor-specific. It names what changes and what to do about it at the level of architecture and authority, and it leaves the catalog of which model from which vendor to the parts of the practice that age in months rather than years.
Chapters in this layer¶
| Chapter | Topic | Extends SF² section |
|---|---|---|
| 01 The Three-Layer Model | Substrate / Dynamic / Unit decomposition | Foundation (Sec 01) |
| 02 The AI-Era Threat Surface | Five expansions + comprehension crisis | Contextual Modifiers (Sec 05); amends Adaptive Capacity (Sec 02) |
| 03 The Unit of Defense | Paired intelligence + adaptive capacity | Adaptive Capacity (Sec 02), Implementation (Sec 06) |
| 04 Boundary Enforcement | Capability-based security at agent scale | Process Stewardship (Sec 02), Implementation (Sec 06) |
| 05 Authorization at Agent Scale | Confused deputy (Hardy, 1988) and MCP | Investment Portfolio (Sec 04), Process (Sec 02) |
| 06 Input Trust Is a Category Error | Prompt injection as architectural unsolvable | Runtime (Sec 02), Attack Landscape (Sec 05) |
Reading guide¶
Read Chapter 01 first; it gives the substrate / dynamic / unit decomposition the other chapters slot into. From there the layer reads in order, and each chapter names the SF² base section it extends so the base material can be read alongside it.
If you are time-constrained, the two chapters that change the most decisions are 02, The AI-Era Threat Surface, for what you are now exposed to, and 04, Boundary Enforcement, for what to do about it. The full sweep is worth the hour when you are setting strategy rather than triaging.
What this layer is NOT¶
It is not a vendor selection guide and not an AI capability catalog. It does not treat "AI security" as a separate practice bolted onto the side of the real one. The base framework still owns substrate-level doctrine, and this layer surfaces what changes when AI joins the system, so the two read as one practice rather than a framework and its appendix.