The technology to defend networks autonomously exists. The legitimacy to deploy it does not. Introducing earned autonomy: a governance framework where defensive authority is demonstrated before granted, scoped per abuse class, and continuously re-earned or revoked.
Machines attack at machine speed. Humans defend at human speed. The technology to close this gap exists - the governance doesn't. A framework for when machines should be permitted to act without human approval.
Inline enforcement operates at machine speed, but trust cannot. IBSR is a validation step: using XDP to observe real traffic, simulate enforcement, and generate evidence before any blocking is enabled.
Autonomous mitigations already act at machine speed - but we still have no legitimate framework for granting them authority over novel threats.
Machines attack at machine speed. Humans defend at human speed. We propose a governance framework for closing that gap--not through blind trust, but through demonstrated competence.