Approach / little ai / crawl, walk, run

Crawl. Walk. Run.

We call our method little ai. Find the work, clean the data, do it by hand, then automate it, and only then make it agentic. Autonomy is the last step, not the pitch.

little ai

Earn the autonomy.

Most AI work starts at "run" and falls over. We start at crawl and grant autonomy only once the work is proven and the governance is in place.

01crawl
Find the work and clean the ground.
  • Identify candidate workflows where an agent could earn its keep
  • Make sure the data is actually there, and that it is clean and trustworthy
  • Do the task manually first, to learn the real process and its edge cases
02walk
Automate the proven path.
  • Turn the manual workflow into deterministic automation
  • Scripts, pipelines, and rules that are observable and reliable
  • No autonomy until the plumbing is boring and predictable
03run
Make it agentic.
  • Add judgment, tool use, and adaptability on top of a process you trust
  • Governance and observability are already in place, so autonomy is safe to grant
  • Keep improving, with the agent doing more as it proves itself

The governed pipeline

What happens on every agent run.

01 · INTAKE

Scope and validate

The task is bounded and the inputs are checked before anything runs. No open-ended instructions reach a tool.

02 · POLICY GATE

Check permissions

Role, jurisdiction, data rules, and approvals are evaluated. The action proceeds only if policy allows it.

03 · TOOLING

Act within bounds

The agent uses a scoped set of tools. There is no open access to systems or data outside the envelope.

04 · OBSERVE

Trace everything

Every step is logged and replayable. If you cannot explain why the system did something, it does not ship.

05 · OUTPUT

Review and record

Results carry a full audit trail. Where stakes are high, a human signs off before the action takes effect.

∞ · REVERSIBLE

Undo by design

Actions are built to be reversible wherever possible, so a wrong call can be rolled back rather than lived with.

Public frameworks

little ai maps to NIST AI RMF.

We did not invent a proprietary framework. The method lines up one-to-one with the NIST AI Risk Management Framework, and it satisfies the OMB M-25-21 minimum risk-management practices that federal agencies must apply to high-impact AI. If your oversight body speaks RMF, your ANi system already answers in that language.

GOVERN

Policy as code

Roles, jurisdiction, consent, and approval rules are written into the pipeline itself. Governance is not a committee; it is the gate every action passes through.

MAP

Crawl before anything

The crawl stage is context mapping: find the real workflow, the real data, and the real failure modes before any model touches the work.

MEASURE

Evals and traces

Evaluation harnesses before deployment, full observability after. Every decision is measured, logged, and replayable.

MANAGE

Bounded and reversible

Run-state integrity, human sign-off where stakes are high, and actions built to be rolled back. Risk is managed on every run, not reviewed once a year.

Beyond run

Self-improvement, gated.

The end state of little ai is recursive self-improvement: a system that proposes its own upgrades, prompts, policies, even fine-tunes, and earns them the same way a human release would. Nothing self-applies. Every proposed improvement passes the eval gate, lands in the audit trail, and can be rolled back.

PROPOSE

The system drafts its own upgrade

A better prompt, a policy change, a fine-tune. The system proposes it with the evidence that says why, the same way an engineer would.

PROVE

The same gate as version one

The proposed change runs the full golden-set and adversarial suite. It does not matter who authored the change; the gate does not care.

PROMOTE

A person signs the release

An accountable human promotes the improvement, and the audit trail records who, what, and why. Rollback is one decision away.

Standards

What we will not ship.

An agent that cannot explain its decision.
If we cannot replay why the system did what it did, it does not go to production. Observability is built in, not bolted on.
Sensitive data sent where it should not go.
Routing is a policy decision, enforced in code. Local stays local. The patient's record stays the patient's.
Autonomy without a boundary.
Every agent operates inside an explicit envelope, and the system proves it stayed inside that envelope.
A black box you cannot own.
You hold the data, the traces, and the right to walk away with all of it. No lock-in dressed up as a platform.
A system that upgrades itself unsupervised.
Self-improvement is welcome; self-approval is not. Improvement loops run inside the same gate as everything else, or they do not run.

Governance is the product.

If your AI has to answer to an auditor, a board, or a regulator, this is the part most teams skip and the part we lead with.

Start a conversation
email: build@theanigroup.com
phone: (703) 957-0110