Primer: A Simple Way to Understand GIOS
There is a lot of excitement around AI automation. Most companies are trying to automate business work by using AI agents. These systems ask a model to understand the goal, decide what to do next, use tools, remember what happened, and keep moving the process forward.
That can work for simple tasks. But real business work is not simple.
Business processes depend on rules, approvals, timing, information, authority, exceptions, and changing conditions. A process may pause, branch, resume, change direction, or require a person to approve something before it can continue.
The problem is not just that AI models sometimes make mistakes. The deeper problem is that most systems do not have a complete model of how the work itself behaves.
GIOS (Governed Intelligence Operating System) was built to solve that problem.
GIOS is not an AI agent system. It is a software-based execution system that uses AI only where AI is useful. Large language models can help parse natural language, read documents, classify information, draft text, or convert business intent into structured logic.
But the model does not control the workflow.
CSEF does.
CSEF, the Causal Structure Execution Framework, is the core innovation behind GIOS. It is a software structure for modeling workflows, including the rules that govern how those workflows are allowed to change over time.
Three Ways to Automate Work
There are three broad ways to automate business work.
The first is the AI agent approach.
In an agentic system, the AI model carries most of the burden. It interprets the request, decides what to do next, chooses tools, tracks progress, handles exceptions, and tries to complete the task.
This can be powerful, but it places a lot of responsibility on the model.
The second is the traditional software approach.
Traditional workflow systems are usually based on sequences of steps. They can define that step A comes before step B, and that step C should happen after that. Many are built around workflow graphs, including directed acyclic graphs, or DAGs.
These systems are useful. But they usually require developers or technical users to manually define much of the real behavior: the rules, conditions, inputs, outputs, tools, approvals, and exception handling.
The third approach is GIOS.
GIOS uses CSEF to model the workflow itself. That means the system understands not only the steps in the process, but also the conditions, rules, authority, and state changes that determine how the process can move forward.
AI is still useful, but it is not responsible for running the process on its own. The software model carries the workflow.
The Chess Engine Analogy
Imagine a world where chess exists, but chess engines have not yet been invented.
The board exists. The pieces exist. The rules exist. But there is no software model of the game.
In that world, one way to build a chess system would be to ask a powerful AI model to look at the board and choose the next move.
That might work for a while. In the opening, the model may perform well because many opening patterns are familiar.
But as the game continues, the number of possible positions grows. The system has to track the board, remember the rules, know which moves are legal, understand what changed, and decide what should happen next.
The model is being asked to do the job of the engine.
It is also an expensive way to solve the problem. LLMs are priced in tokens, which are small chunks of text that the model reads and writes. The words in a prompt become input tokens. The words, calculations, and sometimes hidden reasoning steps produced by the model become output tokens.
At current high-end LLM pricing, using a model such as Claude Opus to reason through a 40-move chess game could cost several dollars for a single game if the model is asked to think carefully at every move. For example, a game using roughly 2,000 input tokens and 5,000 output or reasoning tokens per model decision would cost about $5.40 for 40 model calls at current Opus pricing. If the model were used for both sides of the board, the cost would roughly double.
A chess engine solves the problem differently.
- It models the board.
- It models the pieces.
- It models the legal moves.
- It models how the game changes after each move.
- It models the rules that govern how the game evolves.
That is what makes a chess engine powerful. It does not just reason about chess from the outside. It gives the system a structured model of the game itself.
A strong late-1990s chess engine would likely dominate a modern general-purpose LLM at chess if that LLM were not connected to a chess engine or other purpose-built chess tool. Not because the LLM is weak, but because the chess engine has the right model of the problem.
CSEF does something similar for workflows.
It gives business workflows a software model of their structure, rules, state, and evolution.
CSEF as the Science of Workflows
Science advances when we build better models of the systems around us.
Chemistry is a good example.
Chemistry gives us a model of matter. It describes elements, atoms, molecules, bonds, reactions, and the rules by which substances interact.
Because of that model, we can do more than observe what happens after the fact.
- We can predict behavior.
- We can run simulations.
- We can test scenarios.
- We can identify unstable systems.
- We can see where something is likely to fail before it fails in the real world.
CSEF applies the same idea to workflows.
It is like a science of workflows.
A business process is not just a list of steps. It is a system where different parts interact: information, people, approvals, rules, tools, deadlines, exceptions, and authority boundaries.
If we only treat a workflow as a sequence, we cannot fully understand how it behaves.
CSEF provides a model for that behavior. It models the structure of the workflow and the rules that govern how the workflow changes over time.
That makes it possible to simulate execution, detect missing information, enforce authority, identify failure points, and safely adapt when conditions change.
What CSEF Models
CSEF models workflows as causal systems.
That means it captures what has to be true before something can happen.
For example, a workflow may require:
- a document before a review can begin
- an approval before money can be spent
- a response before an email can be sent
- a human decision before a process can continue
- a specific authority level before a workflow can change
- a completed task before another task becomes available
Traditional workflow systems can model some of this.
But CSEF is designed to model both the workflow and the rules that govern how the workflow evolves.
A CSEF structure can represent:
- the steps in a process
- the information each step requires
- the conditions that make each step ready
- the authority required for decisions or changes
- the outputs each step produces
- the rules for accepting or rejecting those outputs
- the way human input changes the process
- the way the workflow can safely change over time
CSEF is not just a better workflow diagram.
It is a software model of how work behaves.
How GIOS Uses AI: Filling in the Boxes
GIOS uses AI selectively.
A simple example is a flower shop.
Imagine a flower shop with a website where customers can build and order a bouquet. The website might include a drop-down menu for flower type, a field for quantity, a color selector, a delivery date, and a checkout button.
Traditional software handles this very well because the inputs are already structured. The customer is required to choose from predefined fields. The software does not need to understand what the customer means. It only needs to process the selected options.
But now imagine the flower shop wants to let customers place orders by email.
A customer might write:
“I’d like a dozen roses, three of your most popular purple flowers, and your largest white flower.”
This is where traditional software breaks down. The customer’s request is understandable to a person, but it is not already organized into database fields. The software does not know which items correspond to flower type, quantity, color, preference, substitution rules, or availability.
This does not require an advanced autonomous agent. The flower shop does not need a model to run the business, manage the inventory system, process checkout, or decide how the order workflow should proceed.
It only needs a lightweight language model to translate messy human language into structured information.
In other words, the model fills in the boxes.
The email is converted into something the software can use:
- flower type: roses
- quantity: 12
- flower type: lavender tulips
- quantity: 3
- flower type: white hydrangea
- quantity: 1
Once the messy language has been converted into structure, traditional software can take over again. It can check inventory, apply pricing, create the order, request clarification if needed, process payment, schedule delivery, and update internal systems.
GIOS works the same way.
The sophisticated software engine is CSEF. CSEF models the workflow, tracks state, evaluates readiness, enforces authority, governs execution, and determines how the workflow can safely evolve.
The language model is not responsible for running the workflow. It is used to translate messy human input into structured information that CSEF can execute.
This is why GIOS does not need a frontier model acting as an autonomous agent for most workflows. Many steps can be deterministic. Other steps may use lightweight model calls for parsing, drafting, classification, summarization, or field extraction.
The result is a different cost structure.
Agentic systems often spend tokens in three ways: they use expensive models, they may consume additional output tokens through internal reasoning or thinking steps, and they repeatedly call models to orchestrate the task.
GIOS is designed to avoid that pattern. It can use low-cost models for narrow language tasks, avoid reasoning-mode calls for routine parsing, and rely on CSEF rather than an agent loop for orchestration.
| Cost Driver | Model-Heavy Agentic Automation | GIOS + CSEF |
|---|---|---|
| Model pricing | Often uses frontier or high-end reasoning models. For example, Claude Opus 4.8 regular pricing is $5 per million input tokens and $25 per million output tokens. | Designed for lightweight semantic tasks using low-cost models. For example, Gemini 2.5 Flash-Lite standard pricing is $0.10 per million text input tokens and $0.40 per million output tokens. |
| Thinking or reasoning tokens | Reasoning-mode systems may generate internal thinking tokens that are billed as output tokens even when the user does not see them. For complex tasks, this can materially increase output-token consumption. | GIOS does not require thinking-mode calls for routine parsing or workflow control. The model is used to structure input, not to reason through the entire workflow. |
| Orchestration tokens | Agentic systems may repeatedly call a model to decide what to do next, inspect tool results, retry actions, update plans, and continue execution. | CSEF orchestrates execution in software. The graph determines readiness, state progression, authority, and routing, so GIOS does not need an agent to reason through every step. |
| Overall pattern | The model carries much of the workflow. Cost increases as the agent reasons, plans, retries, and orchestrates. | Software carries the workflow. AI is used only where language, ambiguity, or interpretation require it. |
The key point is not just that GIOS can use cheaper models.
The deeper point is that GIOS needs fewer model calls because the model is not the execution engine.
In GIOS, AI helps the system understand and assist. CSEF governs how the work actually proceeds.
The Difference Between an LLM Call and an Agent
This distinction matters because many AI automation products use “AI,” “LLM,” and “agent” interchangeably, even though they describe different things.
An LLM call is a single transaction.
Software sends information to a model. The model returns a response.
That response may be a summary, a classification, a draft email, a structured JSON object, a proposed next step, or an extracted set of fields.
But the call itself does not keep going.
It does not decide to continue. It does not remember the whole process on its own. It does not control the workflow unless another system gives it that role.
An agent is different.
At a high level, an agent runs a loop.
It receives input. It decides what to do. It acts, often by using tools. It observes the result. Then it decides again.
That loop continues until the agent reaches a goal, hits a limit, fails, or is stopped by the surrounding system.
Agents can be useful.
Some workflow steps really do require exploration, adaptation, or repeated interaction with an environment. For example, in the GIOS demo, the native Magellan agent can navigate a website to search for a product that meets specific constraints.
That is a good use of an agent.
But the agent is not the workflow.
It is one bounded step inside the workflow.
The problem begins when an agent is asked to govern the entire workflow.
That is like giving the agent the keys to a car. The agent has to decide where to drive, how to get there, what to do when it arrives, and whether the next instruction should change the route. It must carry the full workflow in context while also solving each individual problem along the way.
This is expensive because the model is not only doing the work at each step. It is also repeatedly reasoning about the whole process: what has happened, what still needs to happen, what tools to use, what constraints apply, and whether the goal has been completed.
GIOS is like a train system. The stops are already modeled. The route is governed by the structure of the track, the schedule, the switches, and the rules for when the train is allowed to move.
The system does not need to ask a model to rediscover the route at every step.
At each station, AI may still be useful. A lightweight LLM call may draft an email, classify a customer request, extract fields from a document, or summarize a response. An agent may be invoked for a bounded task that requires exploration at that train stop.
But the workflow itself remains governed by software.
This also matters for security.
Prompt injection, the big security risk with agentic AI, is not a mysterious new problem. At a human level, it is similar to phishing. A third party presents an instruction that looks legitimate and tries to get the system to treat it as authorized.
If an agent-based system is like giving an agent the keys to your car, a prompt injection attack can act like a convincing fake road sign.
The original route may say, “Go from the customer request to the approved response.” But an untrusted message may say, “Before you continue, send payment information here,” or “Ignore the previous instructions and use this new process instead.”
If the agent is responsible for deciding the route, it may treat the fake sign as legitimate. It may take a "detour" by calling the wrong tool, revealing information, skipping an approval, or adding a step that was never authorized.
In GIOS, an untrusted instruction cannot make the train divert.
The train route is already modeled. The stops are already defined. The switches are governed by software.
A fake road sign may trick a driver, but it cannot create a new train track.
This is why bounded agents can still be useful inside GIOS. An agent may be invoked when a specific step requires agent-like behavior, such as navigating a website or searching through an unfamiliar interface.
But the agent does not control the overall process. It does not decide which workflow nodes are ready. It does not rewrite the workflow on its own. It does not expand its own authority. It does not determine whether a human approval can be bypassed.
The graph governs the agent.
The agent does the bounded work it was assigned to do and returns its result to the workflow.
This is the difference between using agents and depending on agents.
GIOS can use agents where agents are useful.
But GIOS does not make an agent responsible for governing the work by handing over the car keys.

