You Cannot Defend What You Cannot Inspect Jumpmind's Eric Zielinski announced CIRCUIT, an open-source framework for AI interpretability governance, at FIRSTCON26, aiming to address the gap where existing AI governance controls treat models as opaque black boxes. The framework targets the inability to inspect why AI models make decisions, a critical issue during incidents and as regulatory deadlines like the EU AI Act approach. Introducing CIRCUIT: an open-source framework for AI interpretability governance By Eric Zielinski Jumpmind July 14, 2026 We are deploying AI we can't explain, defending AI we can't inspect, and trusting AI we can't audit. That is not a governance program. That is a liability surface. The first AI governance committee meeting I sat in, somebody asked the product team a question nobody had a real answer to. It wasn't a gotcha. It was the most basic question a security leader can ask: when this model makes a bad decision, how will we know which part of the model made it? The answer was silence, followed by a slide that said “human in the loop.” The loop was a reviewer approving or rejecting outputs with no visibility into how they were produced. The model was a third- party API. The vendor questionnaire had a row that said “model is proprietary.” We had a risk tier, a registry, a vendor red team report, a SOC 2 Type II, and no idea what was inside the box. That is the state of AI governance in most enterprises today. We have built extensive paperwork around the outside of a black box and declared the box governed. The paperwork is real work. The box is still a box. At FIRSTCON26 I am releasing CIRCUIT as an open-source framework to close that gap and I am looking for contributors from across the security community to build it out. This post explains the gap, what CIRCUIT does about it, and why now. If you have stood up an AI program in the last two years, you probably have a risk tiering scheme, a model or agent registry, output monitoring with guardrails and DLP, a vendor questionnaire, a red team program, and a mapping to NIST AI RMF. Good. Do not throw any of that away. But look at what those controls actually do. Risk tiers classify intended use. Registries track where a model is deployed. Output monitoring fires on patterns in what the model says. Vendor attestations are assertions about the vendor's process, not the vendor's model. Red teaming probes behavior from the outside. Every one of these controls treats the model as an opaque function from input to output. When an AI-driven SOC triage tool buries a real intrusion as a false positive, those controls tell you the model was "high risk, deployed in prod, monitored, vendor attested." None of them tell you which feature the model weighted wrong, so your incident responders can't tell whether it was a one-off miss or a blind spot an attacker can reproduce on demand. When a coding assistant slips a subtle backdoor into a pull request, none of them tell you whether it came from a training artifact, a poisoned dependency, or a prompt injection pathway in the repo the difference between a code review finding and a supply-chain compromise. When an autonomous response agent quarantines the wrong host or pushes a bad firewall rule mid-incident, none of them tell you why it made that call, leaving the blue team to reverse-engineer their own tooling while the clock is running. Your existing AI governance answers who owns the model, where it runs, and whether anyone approved it. It does not answer why the model did what it did. Only one of those questions matters during an incident. Every one of these is an interpretability problem wearing a different hat. For years the excuse was that frontier models are too large and too complex to inspect. That excuse stopped being valid about eighteen months ago. Meanwhile the regulatory clock is running. The EU AI Act's high-risk obligations enter enforcement in August 2026, requiring transparency, human oversight, and robustness evidence not policy, evidence. NIST AI RMF names interpretability as a trustworthiness characteristic. SR 11-7 requires conceptual soundness in banking models. ISO/IEC 42001 is showing up in procurement RFPs. Everybody has a framework. Nobody has a meter. That is the gap. CIRCUIT — Circuit-Informed Risk & Control, Understanding, Inventory & Transparency is deliberately small. It is three things, and only three things: It accounts honestly for what you can actually inspect. Open-weight models you host can reach the full maturity ceiling. API and foundation models are capped lower. Embedded vendor AI is capped lower still you own the blast radius, they own the weights. The ceilings aren't a judgment on vendors; they're an honest accounting of access. CIRCUIT also crosswalks to NIST AI RMF, the EU AI Act, ISO 42001, SR 11-7, SOC 2, and MITRE ATLAS, and ships with a 29-question “Show Me Your Circuits” vendor questionnaire so a security team can make the transparency gap visible on a single page. Vendors respond to pressure, not to individual requests. One security team, one researcher, or one incident responder asking a vendor to prove its model is inspectable is easy to ignore. Hundreds asking the same question, in the same format, is impossible to ignore. That coordinated demand is the entire strategy — and it only works if the standard is open. CIRCUIT is released under Apache 2.0 so that no single organization owns it and any team can adopt, extend, and govern it collectively. It builds on the open work of NIST, MITRE, OWASP, and CSA and the goal is to pay that forward. Jumpmind is the initial adopter, not the owner. This is where the FIRST community comes in. CIRCUIT needs practitioners to pressure-test the maturity rubric against real deployments, contribute regulatory crosswalks for jurisdictions beyond the EU and US, refine the vendor questionnaire, and report where the framework breaks. The repository is open now issues, discussions, and an adopters list included. If you run AI controls you cannot currently inspect, you are exactly who this is for. Interpretability moved from a research curiosity to a shippable security control in eighteen months. The governance stack has not caught up. That is our problem to fix together.