The Centaur Framework — Reference Index¶
Centaur Security Labs · 2026 · 21 references
Supporting index for The Centaur Framework. Click any title to open the source. Each entry includes a citation note explaining where and why it is cited in the paper.
Tags: PDF open-access paper · WEB article or report · LAW legislation · PAYWALL subscription required
§1 / §2.1 — The Centaur Concept and Division of Labor¶
[1] — The Chess Master and the Computer WEB
Garry Kasparov · The New York Review of Books, vol. 57, no. 2 · February 2010
Kasparov's account of Advanced Chess and the observation that the quality of the human-engine collaboration process mattered more than the capability of either party alone — the origin of the "weak human + machine + better process" formulation and the source of the Centaur model's name.
§1: The division of labor as the determinative variable in human-engine chess performance — the foundational claim from which the framework's three-layer architecture is derived. §2.1: Primary source for the Centaur Concept section.
[2] — Dark Horse ZackS Wins Freestyle Chess Tournament WEB
ChessBase News · 2005
The 2005 PAL/CSS Freestyle tournament result: amateur players using three computers and disciplined process outperformed grandmaster teams using more capable engines less systematically. The empirical origin of the weak-human-better-process claim.
§1 and §2.1: The specific tournament result that operationalizes Kasparov's observation — amateurs outperformed grandmasters not through better engines but through better collaboration process.
[3] — Computers and chess masters: The role of AI in transforming elite human performance PDF
Bilalić, M., Graf, M., & Vaci, N. · British Journal of Psychology, advance online publication · 2024
Analysis of 11.6 million decisions by elite chess players identifying conditions under which human-AI collaboration improves performance over either alone, and conditions where human input remains complementary rather than redundant. Note: cited as advance online publication — check DOI for final volume, issue, and page numbers before submission.
§2.1: Academic analysis supporting and qualifying the Freestyle tournament finding — demonstrates when human input is complementary and when engine assistance substitutes for it.
[9] — Training with AI: Evidence from chess computers PAYWALL
Gaessler, F. & Piezunka, H. · Strategic Management Journal, vol. 44, no. 11, pp. 2724–2750 · 2023
Longitudinal study examining how AI assistance changes human skill development and performance over time, finding that engine assistance substitutes for some human collaboration but does not eliminate the value of human judgment in contextually complex positions.
§2.1: Longitudinal evidence qualifying the static Freestyle result — human judgment remains complementary in specific decision types even as AI capability improves.
§1 / §3.3 — Accountability: Aviation and Medicine¶
[4] — 14 C.F.R. § 91.3 — Responsibility and Authority of the Pilot in Command LAW
Electronic Code of Federal Regulations · U.S. Government Publishing Office
The FAA regulation establishing that the pilot in command is directly responsible for and the final authority as to the operation of an aircraft — regardless of the level of autopilot capability. The accountability function is legally anchored to the certificate holder, not to the automation.
§1: The aviation analogy for the human layer's permanent accountability function — the FAA certificate holder does not become optional as autopilot capability improves. §3.3: Cited alongside the physician analogy to establish that professional accountability is non-delegable by design, not by current technical limitation.
[5] — Defining medical liability when artificial intelligence is applied on diagnostic algorithms: a systematic review PDF
Cestonaro, C., Delicati, A., Marcante, B., Caenazzo, L., & Tozzo, P. · Frontiers in Medicine, vol. 10, Article 1305756 · 2023
Systematic review of medical liability frameworks as AI diagnostic tools improve. Documents that the signing physician's accountability persists regardless of the AI tool's accuracy rate — the legal assignment of responsibility does not migrate to the tool as the tool improves.
§1: The physician analogy for the human layer's permanent accountability function — professional sign-off is legally required regardless of AI accuracy. §3.3: Establishes that the human layer's accountability function is a structural feature of professional and legal accountability, not a transitional concession to current AI capability.
§3.3 — Regulatory Accountability Frameworks¶
[6] — General Data Protection Regulation — Regulation (EU) 2016/679 LAW
European Parliament and Council · Official Journal of the European Union, L 119, pp. 1–88 · 4 May 2016
The GDPR's accountability principle (Article 5(2)) and liability provisions (Article 82) assign accountability for data processing decisions to named controllers, not to automated systems — regardless of the degree of automation involved.
§3.3: One of three regulatory instruments cited to establish that accountability is legally non-delegable to automated systems under current frameworks. The accountability principle is the operative provision.
[7] — NIS 2 Directive — Directive (EU) 2022/2555 LAW
European Parliament and Council · Official Journal of the European Union, L 333, pp. 80–152 · 27 December 2022
The revised Network and Information Systems Directive, governing cybersecurity risk management obligations for operators of essential services. Accountability for incident response and risk management decisions is assigned to named natural persons within the entity.
§3.3: Second regulatory instrument establishing named-human accountability in security operations — specifically applicable to the security operations context the Centaur Framework addresses.
[8] — Digital Operational Resilience Act — Regulation (EU) 2022/2554 LAW
European Parliament and Council · Official Journal of the European Union, L 333, pp. 1–79 · 27 December 2022
DORA applies to EU financial entities and their critical ICT third-party providers, establishing accountability for ICT risk management decisions with named senior management responsibility. The accountability chain cannot be delegated to automated systems.
§3.3: Third regulatory instrument cited to establish that the human layer's accountability function reflects current legal requirements across multiple EU frameworks, not only a design preference.
§2.2 — Human-AI Teaming in Security Operations¶
[14] — Alert fatigue in Security Operations Centres: Research challenges and opportunities PAYWALL
Tariq, S., Chhetri, M. B., Nepal, S., & Paris, C. · ACM Computing Surveys, vol. 57, no. 9, Article 224 · March 2025
Systematic review of alert fatigue in SOC environments, documenting the cognitive load accumulation patterns — volume, urgency, false-positive rate — that drive analyst error and missed detections. Establishes alert fatigue as a documented, measurable problem rather than an anecdotal complaint.
§2.2: Empirical basis for alert fatigue as a real and measurable problem in the domain the Centaur Framework addresses — motivation for the human layer's scoped residual review function.
[15] — Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres PAYWALL
Chhetri, M. B., Tariq, S., Singh, R., Jalalvand, F., Paris, C., & Nepal, S. · ACM Transactions on Internet Technology, vol. 24, no. 3, Article 12 · 2024
Develops and evaluates a human-AI teaming framework specifically designed to mitigate alert fatigue in SOC environments, demonstrating measurable improvements in analyst decision quality when AI handles triage and humans handle contextual judgment — a direct empirical parallel to the Centaur Framework's layer division.
§2.2: Related framework showing that the division of labor between AI triage and human judgment measurably improves decision quality — the closest existing empirical parallel to the Centaur Framework's approach in the security operations domain.
[16] — Beyond the Hype: A Benchmark Study of AI in the SOC WEB
Cloud Security Alliance & Dropzone AI · October 2025
Controlled benchmark study (n=148) finding that AI-assisted analysts completed security investigations 45–61% faster and scored 22–29% higher on accuracy; fatigue-induced completeness degradation was reduced by roughly half in the AI-assisted group. Co-published with a vendor (Dropzone AI) — controlled design is an improvement over typical industry white papers, but vendor co-authorship warrants weighting accordingly.
§2.2: Quantitative evidence for analyst augmentation benefit — cited with explicit disclosure of vendor co-authorship. The controlled design justifies citation; the commercial interest justifies the caveat.
[10] — Human-in-the-Loop Cyber Intrusion Detection Using Active Learning PAYWALL
Kim, Y., Dán, G., & Zhu, Q. · IEEE Transactions on Information Forensics and Security, vol. 19, pp. 8658–8672 · 2024
Applies active learning to cyber intrusion detection, demonstrating that incorporating analyst feedback into the model's training loop improves detection rates while reducing analyst workload. Note: DOI 10.1109/TIFS.2024.3402148 has a conflicting signal — verify against IEEE Xplore document 10613858 before final publication.
§2.2: Human-in-the-loop ML for security detection — the training-loop parallel to the Centaur Framework's model layer improvement mechanism. Cited as evidence that human-AI collaboration in security classification is an active research area with measurable results.
§2.3 — Responsibility Attribution in Automated Systems¶
[11] — Artificial Intelligence Risk Management Framework (AI RMF 1.0) PDF
National Institute of Standards and Technology · NIST AI 100-1 · January 2023
The NIST AI RMF provides voluntary guidance for managing AI risk across the system lifecycle, with explicit treatment of human oversight as a risk management function. The MAP, MEASURE, MANAGE, and GOVERN functions each include human accountability as a design requirement.
§2.3: Authoritative U.S. government framework establishing human oversight as a required risk management function — the code-layer and human-layer requirements of the Centaur Framework align with NIST's MAP and GOVERN functions.
[12] — EU Artificial Intelligence Act — Regulation (EU) 2024/1689 LAW
European Parliament and Council · Official Journal of the European Union, L 2024/1689 · 12 July 2024
Article 14 specifies that providers and deployers of high-risk AI systems must implement human oversight measures commensurate with the system's risk and level of autonomy. Article 9 additionally requires a continuous risk management system — identification, analysis, evaluation, and mitigation of risks across the AI system's lifecycle — establishing a regulatory basis for the code layer's systematic safety constraint enforcement, logging, and ground-truth verification functions.
§2.3: The regulatory instrument most directly applicable to Centaur compliance — Article 14 human oversight requirements map to H2, H3, H4, and H5; Article 9 risk management system requirements map to C3, C4, and C5.
[13] — IEEE Std 7001-2021: IEEE Standard for Transparency of Autonomous Systems PAYWALL
IEEE · approved 9 December 2021, published 4 March 2022
Defines measurable, testable transparency levels for autonomous systems across stakeholder categories, providing an engineering standard for the kind of decision-process visibility the Centaur Framework requires of the code layer. Establishes that transparency is a designable and testable property, not an aspirational quality.
§2.3: Engineering standard for transparency in autonomous systems — establishes that the code-layer logging and audit requirements (C3, C4, X4) are achievable and testable, not unique to the Centaur Framework's aspirations.
§2.4 — Related Operational Frameworks¶
[17] — MITRE ATT&CK®: Design and Philosophy PDF
Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. · The MITRE Corporation, Technical Report PR-19-01075-28 · March 2020
The design rationale behind MITRE ATT&CK — a structured knowledge base of adversary tactics, techniques, and procedures. ATT&CK defines what security analysis tasks look like at the operational level, providing the basis for distinguishing model-layer work (pattern recognition, TTP mapping) from human-layer work (contextual threat prioritization).
§2.4: ATT&CK as the operational taxonomy that defines what belongs in the model layer versus what requires human contextual judgment — the practical referent for the model layer's responsibility scope.
[18] — TIBER-EU Framework PDF
European Central Bank · Frankfurt am Main · May 2018
The European framework for threat intelligence-based ethical red-team testing of financial sector entities. Establishes accountability structures for controlled adversary simulation including named engagement authorities, defined scope, and documented rules of engagement — the domain where the human layer's authorization function (H1, H3) is most precisely specified in existing practice.
§2.4: Existing operational framework with the most precise specification of the human layer's authorization function — the H1 and H3 requirements parallel TIBER-EU's engagement authority and rules-of-engagement structure.
[19] — Penetration Testing Execution Standard (PTES) WEB
Community standard · pentest-standard.org
The PTES defines the procedural baseline for penetration testing methodology across seven phases: pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. Centaur-compliant tools are intended to execute this methodology more consistently than unaugmented analyst teams.
§2.4: The methodological baseline that defines what Centaur-compliant penetration testing tools are designed to execute — the model layer's scope covers PTES phases where procedural consistency is the value; the human layer covers the authorization and contextual interpretation phases.
§2.2 — LLM-Based Penetration Testing Agents¶
[21] — PentestGPT: An LLM-Empowered Automatic Penetration Testing Tool PDF
Deng, G., Liu, Y., Mayoral-Vilches, V., Liu, P., Li, Y., Xu, Y., Zhang, T., Liu, Y., Pinzger, M., & Rass, S. · USENIX Security '24 · August 2024
Evaluates large language models as penetration testing agents across HackTheBox and real-world targets. Finds that while models show competence in isolated exploitation steps, they exhibit systematic degradation over multi-step sessions: loss of session context, inability to track attempted techniques, and premature objective-achieved claims. These failure modes are structurally identical to the halt-detection and format-drift failures documented in §3, providing independent empirical grounding for the code-layer controls prescribed in this framework. Note: page range should be verified against final USENIX Security '24 proceedings; arXiv:2308.06782 is the publicly accessible preprint.
§2.2: Empirical characterization of LLM penetration testing failure modes in a controlled evaluation — establishes that the code-layer controls in §3 address a documented class of real failure, not a theoretical concern. The specific failure modes (completion signaling inconsistency, context accumulation errors) motivate the halt discipline and ground-truth verification requirements directly.
§3.1 / §5 (C5) — The Stochastic Trap¶
[20] — The Stochastic Trap: An Architectural Critique of Current AI Security Tools WEB
Jay Hawkins · Centaur Security Labs · 2026
Companion paper documenting three manifestations of the Stochastic Trap — the failure mode of applying probabilistic reasoning to deterministic roles — observed during ARCHER development: output format drift under context pressure, routing errors on ambiguous task phrasings, and halt detection failure. For each failure mode, identifies the architectural pattern that produced it and the remediation that addressed it.
§3.1: Compensating logic as the observable signal of a model-layer boundary violation — the boundary condition section references this paper for the full analysis of why compensating logic indicates a misassigned responsibility. §5 (C5): Using a second AI model to generate a ground-truth verifier reintroduces the Stochastic Trap — the verifier must be deterministic by definition, and a probabilistic verifier inherits the same failure mode it was designed to catch. Glossary: Stochastic Trap definition.