ERAM — Escalation Risk Assessment Model

Strategic Context

National Importance

AI-enabled command and control (C2) systems are compressing decision timelines from hours to seconds. In Joint All-Domain Command and Control (JADC2) environments, autonomous systems across air, land, sea, space, and cyber domains make interconnected decisions faster than human operators can evaluate. This decision-time compression creates escalation pathways where localized autonomous actions cascade across domains, potentially triggering strategic consequences before human commanders can intervene.

Current approaches to escalation management rely on human judgment and procedural safeguards designed for human-speed decision cycles. These approaches fail when AI systems operate at machine speed across interconnected domains. ERAM addresses this gap by providing a quantitative framework that measures decision compression, models cascade propagation, and computes escalation probability in real time — enabling governance architectures to enforce mandatory deliberation windows before critical actions propagate across domain boundaries.

Technical Architecture

ERAM Framework

ERAM computes five core metrics that quantify escalation risk across interconnected autonomous command nodes:

DCR

Decision Compression Ratio

human_ms / ai_ms

ACI

Authority Chain Integrity

τ × (A/3) × f × (1-P_d)

CRI

Cascade Risk Index

Σ coupling × (1-ACI)

P(esc)

Escalation Probability

1-Π(1-DCR_w×CRI×dr)

HRW

Human Recovery Window

max(0, FLAME - cascade)

These metrics operate as a cross-domain monitoring layer that sits above the individual governance architectures (SATA, HMAA, CARA, MAIVA, FLAME, ADARA), providing strategic-level visibility into how localized autonomous decisions propagate across interconnected systems.

Research Output

Key Contributions

Decision Compression Ratio (DCR): quantifies how much faster AI systems operate than human decision cycles
Authority Chain Integrity (ACI): measures governance pipeline health per node from trust, authority, FLAME, and deception parameters
Cascade Risk Index (CRI): models how degraded governance at one node propagates through coupling to connected systems
Escalation Probability Function P(esc): computes the likelihood that cross-domain cascade produces uncontrolled escalation
Human Recovery Window (HRW): calculates remaining time for human intervention after accounting for FLAME deliberation and cascade speed
Cross-domain monitoring layer operating above individual governance architectures
Six validated scenarios spanning defense, automotive, maritime, infrastructure, cross-domain, and HOTL override domains
600 Monte Carlo simulation runs with seeded PRNG (Mulberry32, seed 0x4F7A2C1E) for bit-exact reproducibility

Unified Research Framework

Role in the Governance Stack

ERAM operates as a strategic monitoring layer that sits above the six operational governance architectures. While SATA evaluates sensor trust, HMAA computes authority, CARA enforces recovery, MAIVA governs multi-agent consensus, FLAME introduces deliberation windows, and ADARA detects deception — ERAM monitors the cross-domain interactions between nodes running these governance pipelines. It quantifies whether decisions made at machine speed in one domain are cascading into other domains faster than human commanders can evaluate the consequences.

ERAM's key integration point is with FLAME: the Human Recovery Window (HRW) directly depends on FLAME's deliberation delay. When FLAME injects mandatory deliberation time before critical actions, ERAM's HRW remains positive — meaning human commanders retain authority. Without FLAME, cascade propagation can exceed human reaction time, collapsing HRW to zero and eliminating meaningful human oversight.

All architectures (SATA, HMAA, CARA, MAIVA, FLAME, ADARA, ERAM) are components of a unified authority-governed autonomy framework. This architecture is validated through six physical research platforms (Rover Testbed, UAV Platform, BLADE-EDGE, BLADE-AV, BLADE-MARITIME, BLADE-INFRA) and thirteen interactive simulations.

Deployment flexibility: ERAM can operate as a standalone cross-domain risk monitor providing escalation risk assessment without the full governance stack, or as an integrated strategic layer within the complete SATA-HMAA-ADARA-MAIVA-FLAME-CARA pipeline. In standalone mode, ERAM monitors interconnected autonomous systems and alerts human commanders when escalation probability exceeds configurable thresholds.

Research Motivation

The Decision Compression Problem

Modern military operations are undergoing a fundamental transformation as AI systems compress decision timelines from human-speed (minutes to hours) to machine-speed (milliseconds to seconds). The Joint All-Domain Command and Control (JADC2) concept envisions autonomous systems across air, land, sea, space, and cyber domains making coordinated decisions at speeds that exceed human cognitive capacity. This creates a structural tension: the faster AI systems operate, the less time human commanders have to evaluate the strategic consequences of autonomous actions.

The concept of "flash war" — a conflict that escalates from tactical engagement to strategic crisis faster than human decision-makers can intervene — represents the extreme case of decision compression. In interconnected multi-domain environments, a localized autonomous action (e.g., a defensive engagement in one domain) can cascade through coupled systems across multiple domains before any human commander can assess whether the escalation serves strategic objectives. Current governance approaches lack quantitative tools to measure this compression, model cascade propagation, or compute the remaining window for human intervention.

ERAM addresses this gap by providing five quantitative metrics that transform escalation risk from a qualitative judgment into a measurable, monitorable system property that governance architectures can act upon in real time.

Technical Specifications

Core Formulas

The ERAM framework implements five interconnected metrics, each designed to capture a different dimension of escalation risk in AI-enabled C2 environments:

Decision Compression Ratio (DCR) — Ratio of human decision time to AI decision time. A DCR of 100 means the AI operates 100× faster than human evaluation. DCR directly weights the escalation probability through a logarithmic compression: DCR_w = min(1, log₁₀(DCR) / 3).

DCR = human_ms / ai_ms

Authority Chain Integrity (ACI) — Measures governance pipeline health per node. Combines SATA trust (τ), HMAA authority level (A), FLAME deliberation factor (f), and ADARA deception probability (P_d). ACI = 1.0 means the node's governance pipeline is fully intact; ACI approaching 0 means governance has degraded.

ACI_i = τ_i × (A_i / 3) × f_i × (1 - P_d_i)

Cascade Risk Index (CRI) — Models how degraded governance at one node propagates to connected nodes through system coupling. Higher coupling between nodes amplifies the effect of governance failure at any individual node.

CRI_i = Σ coupling(i,j) × (1 - ACI_j)

Escalation Probability P(esc) — The probability that cross-domain cascade produces uncontrolled escalation. Computed as the complement of the product of individual node non-escalation probabilities, weighted by DCR and domain risk.

P(esc) = 1 - Π(1 - DCR_w × CRI_i × domain_risk_i)

Human Recovery Window (HRW) — The remaining time window for human commander intervention, calculated as the FLAME deliberation window minus cascade propagation time. When HRW reaches zero, human authority is structurally eliminated.

HRW = max(0, FLAME_window - cascade_propagation)

Six Validated Scenarios

The simulation validates ERAM across six cross-domain scenarios that represent distinct escalation risk profiles:

SC-01: Flash War — Multi-Domain

3 BLADE-EDGE nodes across AIR/LAND/SEA. Simultaneous multi-domain threats. DCR=100.

SC-02: AV Intersection Conflict

4 BLADE-AV nodes at intersection with conflicting authority decisions.

SC-03: Maritime GPS Spoofing

3 BLADE-MARITIME ASVs under coordinated GPS spoofing attack.

SC-04: Infrastructure Cascade

BLADE-INFRA power grid fault cascades to water treatment plant.

SC-05: Cross-Domain DEF→CIV

BLADE-EDGE engagement bleeds into civilian BLADE-AV systems.

SC-06: HOTL Override Compression

DCR=200. Human override arrives too late without FLAME deliberation.

Monte Carlo Engine

600 simulation runs (6 scenarios × 100 trials each) using Mulberry32 seeded PRNG (seed: 0x4F7A2C1E) for bit-exact reproducibility. Results include per-scenario mean, standard deviation, min/max, 95% confidence intervals, and adversarial fuzz testing to validate invariant stability under parameter perturbation.

Interactive Demonstration

ERAM Escalation Risk Simulation

The ERAM simulation provides a complete real-time cross-domain escalation risk monitoring interface with five tabs, six circular gauges, and a live ERAM pipeline monitor overlay.

Escalation Tab

Four real-time chart panels: P(Escalation) Timeline, Decision Compression Curve (with/without FLAME), Per-Node ACI/CRI, and Cascade/HRW Timeline. Bracket-corner tactical command design.

Monte Carlo Tab

600-trial engine with histogram distribution, box plot, per-scenario statistics table, 95% CI, and adversarial fuzz testing results.

Analysis Tab

Sensitivity analysis, node criticality identification, FLAME reduction quantification, and Byzantine injection testing for governance resilience.

Live Demo Tab

Real-time 3D topology visualization using Three.js with dynamic node connections, cascade propagation, and attack injection. Live ERAM pipeline status overlay.

Simulation Capabilities

6 Circular Gauges

P(esc), DCR, CRI, HRW, ACI, FLAME — all with tick marks, color-coded arcs, and real-time severity classification.

9-Stage Pipeline Monitor

Live ERAM pipeline overlay showing SATA, HMAA, CARA, MAIVA, FLAME, ADARA status with real-time state transitions and health indicators.

6 Export Formats

CSV (600 data points), JSON (full config + formulas), TXT report, TLA+ formal spec, replay log, and Black Box forensic bundle.

Launch ERAM Simulation View Repository

Developer Integration

API Implementation

REQUEST

POST /eram/evaluate

{
  "nodes": [
    {"id": "EDGE-1", "domain": "AIR",
     "trust": 0.92, "authority": 3,
     "flame_factor": 1.0, "p_deception": 0.05},
    {"id": "EDGE-2", "domain": "LAND",
     "trust": 0.88, "authority": 3,
     "flame_factor": 0.9, "p_deception": 0.08}
  ],
  "coupling": [[0, 1, 0.7]],
  "ai_speed_ms": 50,
  "human_speed_ms": 5000,
  "domain_risk": [0.9, 0.85]
}

RESPONSE

{
  "dcr": 100.0,
  "dcr_weight": 0.667,
  "nodes": [
    {"id": "EDGE-1", "aci": 0.871,
     "cri": 0.084},
    {"id": "EDGE-2", "aci": 0.729,
     "cri": 0.129}
  ],
  "p_escalation": 0.131,
  "hrw_ms": 4200,
  "risk_level": "ELEVATED",
  "flame_reduction_pct": 62.4,
  "recommendation": "FLAME_ACTIVE"
}

Core Computation

DCR = human_ms / ai_ms
ACI_i = τ_i × (A_i / 3) × flame_i × (1 - P_d_i)
CRI_i = Σ coupling(i,j) × (1 - ACI_j)
P(esc) = 1 - Π(1 - min(1, log₁₀(DCR)/3) × CRI_i × dr_i)
HRW = max(0, FLAME_window - ai_speed × nodes × max_coupling)

Academic Context

Selected References

Scharre, P. (2018). Army of None: Autonomous Weapons and the Future of War. W.W. Norton.
Johnson, J. (2020). Artificial Intelligence & the Future of Warfare. Manchester University Press.
Altmann, J. & Sauer, F. (2017). Autonomous Weapon Systems and Strategic Stability. Survival, 59(5), 117-142.
DoD (2023). Joint All-Domain Command and Control (JADC2) Implementation Plan.
Horowitz, M.C. (2019). When Speed Kills: Lethal Autonomous Weapon Systems, Deterrence, and Stability. Journal of Strategic Studies, 42(6).
Bracken, P. (1983). The Command and Control of Nuclear Forces. Yale University Press.

Formal Properties

Provable Guarantees

G1 FLAME Monotonic Reduction

P(esc | FLAME) ≤ P(esc | no FLAME) ∀ scenarios

FLAME deliberation windows can only reduce escalation probability, never increase it. Validated across all 600 Monte Carlo runs.

G2 HRW Positive Under FLAME

FLAME_active ∧ cascade < FLAME_window → HRW > 0

When FLAME deliberation exceeds cascade propagation time, human commanders retain a positive recovery window.

G3 ACI Bounded

0 ≤ ACI_i ≤ 1 ∀ i, ∀ t

Authority Chain Integrity is strictly bounded. ACI cannot exceed 1.0 (perfect governance) or go below 0 (complete failure).

G4 Cascade Monotonic

coupling ↑ → CRI ↑ → P(esc) ↑

Increasing coupling between nodes always increases cascade risk and escalation probability. The system correctly models that tighter interconnection amplifies escalation risk.

Engineering Transparency

Known Limitations and Failure Modes

Coupling coefficients require empirical calibration. The coupling values between nodes are configurable parameters. Real-world cross-domain coupling is difficult to measure and may vary with operational context. Miscalibrated coupling can produce under- or over-estimated cascade risk.

Linear cascade model may underestimate nonlinear effects. CRI uses a linear sum of coupling-weighted governance degradation. Real cascade dynamics may exhibit nonlinear threshold effects, positive feedback loops, or emergent behaviors not captured by linear aggregation.

Domain risk values are scenario-specific estimates. Domain risk parameters (dr) are configured per scenario based on doctrinal assessment. These are not derived from empirical data and may not reflect actual operational risk profiles in specific deployment contexts.

Reproducibility

Simulation Reproducibility

Seeded PRNG

Mulberry32 with fixed seed 0x4F7A2C1E. All Monte Carlo runs produce identical results across browsers and platforms. Math.random() is not used.

600 Structured Runs

6 scenarios × 100 Monte Carlo trials each. Per-scenario statistics include mean, standard deviation, min, max, 95% CI, and adversarial fuzz testing.

Artifact Availability

Simulation code published as a single HTML file with zero external dependencies except Three.js for 3D visualization. All computation runs client-side.

Deterministic Guarantee: All published results use Mulberry32 seeded PRNG. The governance computation pipeline contains zero stochastic components. Math.random() is never called in benchmark-critical paths. See Evaluation Protocol for full methodology.

FORMAL: Invariant verified EMPIRICAL: 600 Monte Carlo runs EXPERIMENTAL: Cross-domain scenarios

Citation

Cite This Work

If you reference this framework in your research, please use one of the following citation formats:

APA 7th Edition

Oktenli, B. (2026). Decision Compression and Escalation Risk in AI-Enabled Military Command and Control: An Operational Analysis of the ERAM Framework. SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6176802

BibTeX LaTeX

@misc{oktenli2026eram,
  author       = {Oktenli, Burak},
  title        = {Decision Compression and Escalation Risk in AI-Enabled
                  Military Command and Control: An Operational Analysis
                  of the ERAM Framework},
  year         = {2026},
  publisher    = {SSRN},
  url          = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6176802},
  note         = {Georgetown University, SSRN ID 6176802}
}

IEEE Conference / Journal

B. Oktenli, “Decision Compression and Escalation Risk in AI-Enabled Military Command and Control: An Operational Analysis of the ERAM Framework,” SSRN, 2026. ID: 6176802.

Chicago Turabian

Oktenli, Burak. “Decision Compression and Escalation Risk in AI-Enabled Military Command and Control: An Operational Analysis of the ERAM Framework.” SSRN, 2026. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6176802.

SSRN Paper

SSRN ID 6176802

Author

Burak Oktenli

License

ORCID

0009-0001-8573-1667

ERAM: Escalation Risk Assessment Model