Defense Tactical Planning With Contained Speculation

Regulatory Framework

The regulatory frame for AI-enabled tactical planning is unusually dense. DoD Directive 3000.09, "Autonomy in Weapon Systems," in its January 2023 reissuance, requires that autonomous and semi-autonomous weapon systems be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force. The Directive imposes a verification, validation, test, and evaluation regime; senior review for systems within scope; and rigorous traceability through development, fielding, and use. Decision support that influences targeting or use-of-force decisions falls within the operational reach of these requirements even when it does not itself pull a trigger.

JADC2, codified in the DoD Data, Analytics, and AI Strategy and operationalized through CJADC2 (Combined JADC2), demands that planning, targeting, and decision support cohere across domains, services, and coalition partners. The architectural emphasis is integration plus defensibility: a recommendation surfaced to a commander in one node must be traceable to the data, models, and authorities that produced it across many nodes. AUKUS Pillar II, the technology pillar of the Australia-United Kingdom-United States agreement, has accelerated AI and autonomy collaboration among the three nations and added an interoperability dimension to the same demand.

Programmatic safety is governed by MIL-STD-882E, the Department of Defense Standard Practice for System Safety, which imposes hazard analysis, risk assessment, and risk acceptance up the chain at defined thresholds. Software systems that contribute to operational decisions are not exempt; their failure modes are operational hazards.

Doctrinal frame is supplied by Joint Chiefs of Staff publications. JP 3-0, Joint Operations, defines the operational art of campaigns. JP 5-0, Joint Planning, defines the formal planning processes, including the Joint Planning Process and operational design, that produce courses of action and orders. NATO AJP-3, Allied Joint Doctrine for the Conduct of Operations, supplies the alliance frame. Beneath all of this lies the legal frame: Article 36 of Additional Protocol I to the Geneva Conventions requires states to determine whether the employment of new means or methods of warfare would be prohibited by international law. The United States, while not a party to AP I, applies a comparable legal review process and treats it as binding policy. Decision support tools that materially shape course-of-action analysis fall within the practical scope of these reviews.

Architectural Requirement

The architectural demand that emerges from this framework is a structural separation between exploratory speculation and operational commitment. Planning at machine speed must be allowed to range widely, including into pessimistic and worst-case branches that are essential to good operational art and to red-teaming. But none of that exploration can leak into force posture, targeting, or commitment without passing through governance gates that record authority, rules of engagement, risk acceptance, and law-of-armed-conflict review.

This containment cannot be procedural. A "do not act on speculation" policy is unenforceable when speculation is generated faster than humans can read it and presented in interfaces that do not distinguish exploratory from validated content. Containment must be a property of the architecture: speculative branches must be structurally inert with respect to operational systems until promoted, and promotion must be a recorded, gated event with an identifiable approving authority.

Why Procedural Compliance Fails

Current AI decision support implementations fail this requirement in two characteristic ways.

First, they collapse exploration and recommendation into a single channel. A model generates a course of action recommendation; the recommendation is displayed; downstream systems consume it. Whether the recommendation arose from exhaustive analysis or from a single deeply pessimistic branch is invisible at the consumption point. DoDD 3000.09's requirement for appropriate human judgment becomes hollow when the human is shown a polished output without access to the speculative substrate from which it was extracted, because the human's judgment is conditioned on whatever the system chose to surface. The procedural fix, instructing operators to scrutinize outputs, is asymmetric: scrutiny is human-paced, generation is machine-paced, and operators triage by trust rather than by evidence.

Second, procedural systems either over-cautiously suppress speculation, in which case they fail to deliver the planning depth that JP 5-0 operational design requires, or they fail to suppress it and the most pessimistic branches drive force posture changes that were never authorized. Neither outcome serves the mission. The under-speculation failure is invisible until it is too late; the over-speculation failure is visible immediately in the form of unintended escalatory signaling and consumed readiness.

MIL-STD-882E hazard analysis, applied to such systems, struggles for the same reason. The hazard is not in any single recommendation; it is in the architecture's failure to distinguish hypothesis from commitment. A hazard log that records discrete software faults does not capture the structural hazard that exploratory output reaches operational systems unmarked.

JADC2 integration amplifies the problem. Once decision support is networked across nodes, services, and coalition partners, an unmarked speculative output propagates as readily as a validated recommendation, and downstream consumers cannot distinguish them. AUKUS Pillar II interoperability stresses this further, because divergent governance regimes among partners interact through the same channels.

AP I Article 36 review, and its US-policy analog, expects a legal review of new means and methods of warfare. A system that generates planning content cannot be reviewed as if it produced a fixed product; what it produces depends on the speculative branches it explores and on the gating between branches and operations. Without that gating expressed structurally, the legal review has no stable object to review.

What AQ Primitive Provides

The AQ forecasting-engine primitive expresses speculative planning as governed branches inside a containment boundary. Each branch represents a planning hypothesis: an adversary action, a friendly response, an environmental contingency, a coalition behavior. Branches are typed by purpose (optimistic, pessimistic, exploratory, contingency) and scoped by authority (which echelon, which mission, which planning horizon). The branch is a first-class object: it carries its inputs, its model configuration, its outputs, and its lineage back to the planning state that spawned it.

The containment boundary is structural. Branch content does not flow into operational systems. There is no shared memory, no convenience hook, no display path that bypasses the boundary. The only path from branch to operations is promotion, and promotion is a gated event. The promotion gates encode rules of engagement, mission authorities, risk thresholds inherited from the MIL-STD-882E acceptance ladder, and law-of-armed-conflict constraints derived from the Article 36-style review of the deployed system. A branch that proposes an action outside its authority does not promote, regardless of how compelling its analysis is. The branch persists; the recommendation does not propagate.

An executive aggregation layer combines insights across branches. Twenty pessimistic branches exploring adversary courses of action may converge on a likely flanking maneuver. The aggregate, with its constituent uncertainty and dispersion, is itself a promotable artifact: it can become an intelligence assessment without any of the underlying speculative branches becoming operational recommendations. This is the structural correlate of operational design under JP 5-0: the planning process produces an understanding that informs commander's intent, distinct from the specific plans that execute that intent.

Branch dormancy supports the long planning horizons that contingency operations require. A branch exploring a low-probability but high-consequence adversary capability is preserved in dormancy with full state. If intelligence later indicates the capability is actual, the branch reactivates with no replanning cost, and its prior lineage is intact. The dormant set is itself an operational asset: a structured library of pre-explored contingencies whose validation pipelines are known.

Every branch action, every promotion attempt, every gate decision is recorded with cryptographic continuity. The record is the substrate for after-action review, for IG and oversight inquiry, for AUKUS interoperability auditing across partner authorities, and for the periodic Article 36-style review of the fielded system as its branch population evolves over deployment.

Compliance Mapping

The compliance mapping into the regulatory landscape is direct. Against DoDD 3000.09, the containment boundary is the architectural locus of human judgment over the use of force: every promotion from speculation to operation is a recorded event with an identifiable approving authority, and the substrate the human reviewed is preserved. Against the Directive's verification, validation, and test regime, the typed branch population and the promotion log supply the artifacts that V&V actually examines.

Against JADC2 and CJADC2, the branch and lineage substrate is the integration medium across nodes and partners: a recommendation propagated across the network carries its provenance with it, and downstream consumers can distinguish validated commitments from exploratory analysis. Against AUKUS Pillar II, the same substrate supplies the interoperability frame across partner governance regimes; promotions can be gated against the union of partner authorities where appropriate, and disagreements register as gate failures rather than as silent propagation.

Against MIL-STD-882E, the containment boundary is itself the principal mitigation for the hazard "speculative content reaches operational systems." The hazard analysis can examine a defined boundary rather than chasing every potential leak path, and the risk acceptance discussion can proceed against a structural artifact.

Against JP 3-0 and JP 5-0, the engine fits the Joint Planning Process: branches map to alternative courses of action; aggregation maps to operational design synthesis; promotion maps to commander's decision and order publication. Against NATO AJP-3, the same mapping holds at alliance scope. Against AP I Article 36 and US-policy review, the engine presents a stable, auditable object: the typed branch population, the gating policy, and the promotion log are the system being reviewed, and the review itself can be repeated periodically against the same artifacts as the system evolves.

Adoption Pathway

Adoption is incremental and pegged to existing planning processes rather than asking commands to abandon them. The first step is to instrument the existing planning workflow with branch typing. Courses of action already produced under JP 5-0 are captured as branches with explicit type, authority scope, and inputs. The discipline of typing is itself a clarification: it forces planners to declare which work is exploratory and which is candidate for promotion.

The second step is to wire the containment boundary. The planning environment is structurally separated from operational systems with promotion as the only crossing. Initially, gates are permissive and recorded only; the artifact produced is a faithful log of what would have been gated, against which gating policy can be calibrated.

The third step is to encode the promotion gates. Rules of engagement, MIL-STD-882E risk acceptance thresholds, mission authorities, and Article 36-derived legal constraints are expressed as gate predicates with explicit configuration. Senior review under DoDD 3000.09 attaches to specific gate classes. The gates run in real time on every promotion attempt, and gate decisions are persisted alongside branch lineage.

The fourth step is interoperability. The branch and lineage substrate is exposed to JADC2 and CJADC2 integration channels, with provenance preserved across hops. AUKUS Pillar II partners participate against shared gating policies for joint operations. After-action review and oversight tooling consume the same substrate that planning consumes, so the burden of evidence does not fall on retrospective reconstruction.

Adopted in this sequence, contained speculation gives commanders what doctrine has always required: the ability to think deeper and faster than the adversary while committing forces only through deliberate, authorized, and reviewable decision. The forecasting engine does not replace the commander's judgment; it gives that judgment a substrate worth ruling on.