E-AGPO-HT v2.0 · EVANS 2026 · AURACELLE AI GOVERNANCE LABS · PROPRIETARY IP · GENEVA CYBER CONFERENCE · MAY 2026
1
Intel
›
2
Decision
›
3
Consequence
›
4
After-Action
85
DEFENDER
12
ADVERSARY
T-0
TURN
Scenario
AI Cybersecurity
AI ·MIRAGE CHAIN
AI ·IRONCLAD SIEGE
AI ·FRACTURE POINT
AI ·PHANTOM CIRCUIT
Nuclear Cybersecurity
NUCLEAR ·SAFEGUARD ZERO
NUCLEAR ·FISSION GATE
NUCLEAR ·YELLOWCAKE RUN
Master Governance Score
Governance Stability Score
0.42
g-GCC — MASTER GOVERNANCE SCORE
Master Governance Score. Aggregates cybersecurity, supply chain, and institutional domain health scores. When this score exceeds the cascade threshold, domain failures begin amplifying each other — governance stability is at risk.
Stress on physical and network infrastructure — data centres, OT systems, communication pathways. Rises when ICS/SCADA systems are under active threat or when infrastructure options are deferred.
⚠ CASCADE ≥0.70 · weight: 0.25 in g-GCC
SWD
0.31
NOMINAL
SWD — SOFTWARE DEPENDENCY
Stress propagating through software supply chain pathways — OSS libraries, vendor packages, CI/CD pipelines. Highest-weighted domain (0.40) because software compromise has the broadest blast radius.
⚠ CASCADE ≥0.70 · weight: 0.40 in g-GCC
SCTL
0.44
ELEVATED
SCTL — SUPPLY CHAIN TRUST LAYER
Overall trust integrity across the vendor ecosystem — SBOM coverage, vendor concentration, and dependency path health combined. ELEVATED here means you are approaching the cascade threshold where vendor trust failures propagate across domains.
⚠ CASCADE ≥0.70 · weight: 0.25 in g-GCC
GOV
0.22
NOMINAL
GOV — GOVERNANCE DOMAIN
Institutional and normative governance stress — decision authority clarity, regulatory compliance posture, allied coordination quality. Rises when decisions defer accountability or bypass established governance frameworks.
Reveals a technical intelligence reading — supply chain degradation rate, SBOM coverage gap, or component provenance score. Use when you need to assess blast radius before deciding.
Maps to: Supply assurance · Technical intelligence
📡
ADVERSARIAL SIGNAL
Reveals adversary π_A confidence or Q-value reading — how certain the threat actor is about your posture. Use when you need to gauge attack timing and intent before committing resources.
Maps to: Adversary signals · Coordination quality
⬡
GOVERNANCE QUALITY
Reveals a governance quality trajectory — which Q-dimension (coord, norm, sctl) is most at risk from inaction. Use to understand which governance lever has the highest marginal value before deciding.
Maps to: Decision authority · External stability
3 tokens · reveals hidden intel before you decide
Hover each token for details · Tokens reset each turn
Threat Metrics
SBOM-VIS
85%
SBOM-VIS — SOFTWARE BOM VISIBILITY
Percentage of vendor dependency tree covered by machine-readable Software Bills of Materials. Gaps here are the primary entry vector for SC-SBOM supply chain compromise — the adversary exploits what you cannot see.
⚠ CRITICAL <40% · HIGH <70% · NOMINAL ≥85% Drives: SC-SBOM stressor · Q_sctl · EO 14028
SC-CONC (HHI)
0.18
SC-CONC — VENDOR CONCENTRATION (HHI)
Herfindahl-Hirschman Index measuring vendor concentration across your critical supply chain. A single vendor controlling a large share creates a single point of failure. This metric directly maps to EO 14028 and EU CRA vendor diversification obligations.
⚠ CRITICAL >0.50 · HIGH >0.30 · NOMINAL <0.25 Drives: SC-CONC stressor · FRACTURE POINT scenario
SC-GREY
5%
SC-GREY — GREY-MARKET COMPONENT EXPOSURE
Percentage of OT/ICS components with unverified or non-authorized provenance. Even low exposure is dangerous — in IRONCLAD SIEGE, 5% grey-market presence is the implant entry vector. Hardware BOM completeness is the primary control.
Proportion of systems meeting their patch SLA window. OT/ICS systems with no available patch pathway are separately tracked as SC-PATCH-EOL. Decline here accelerates T_Orion — the time-to-exploitation clock — across all active scenarios.
Upload SOPs, tabletop reports, IR docs, or SOC reports to stress-test against E-AGPO-HT framework
Game Log
T-0
SYS
Wargame ready — select a scenario and begin
🎯
MIRAGE CHAIN
Software supply-chain compromise cascading to ICS/OT — SolarWinds-class
SC-SBOM
SC-CONC
🏛️
Governance Threshold Met
0.72
FINAL DECISION-PATH QUALITY
Your governance decisions maintained resilience above the stability floor.
Decision Quality Score
0.74
DECISION-PATH QUALITY · WIN THRESHOLD: 0.50
Governance Confidence
Technical Resilience82%
TECHNICAL RESILIENCE
Composite of detection capability, infrastructure hardening, and patch velocity. Declines when you accept operational risk options or defer technical remediation.
Governance layer · Supply assurance
Regulatory Compliance74%
REGULATORY COMPLIANCE
Reflects adherence to NIS2, EO 14028, CISA KEV, and EU CRA obligations. Rises when you choose options that mandate SBOM delivery or formal vendor notification. Falls when you accept risk without documentation.
Drives: Regulatory Compliance score
Diplomatic Coordination65%
DIPLOMATIC COORDINATION
Inter-institutional coordination quality with allied CSIRTs, NATO partners, and international bodies. Rises when you choose options involving STIX/TAXII sharing or allied briefings. Key for Geneva context.
Drives: Diplomatic Coordination score
Public / Sector Trust70%
PUBLIC / SECTOR TRUST
Stakeholder and public confidence in institutional governance. Declines when incidents are poorly communicated or when operational disruption is high. Feeds cultural acceptance index.
Drives: Governance Confidence · Cultural Acceptance
Supply Chain Trust (τ̄)88%
SUPPLY CHAIN TRUST (τ̄)
Mean τ (tau) trust score across the vendor dependency tree. Aggregates trust scores across the vendor dependency tree. When this falls below 0.40, cascade threshold approaches — catastrophic multi-domain failure becomes probable.
Executive Order 14028 mandates machine-readable SBOMs for software sold to the US federal government. Your decisions in-game affect SBOM coverage — deferring vendor audits reduces this score toward non-compliance.
EU NIS2 Directive requires notification to national authorities within 72 hours of becoming aware of a significant incident. Each turn represents roughly 6–12 hours. Choosing containment-only options without notification triggers non-compliance.
Window opens on T-1 detection · Expires T-6 (~72hr)
CISA KEV · Patch SLA
3 entries approaching 14d SLA
CISA KEV · PATCH SLA
CISA Known Exploited Vulnerabilities catalog mandates patching within 14 days for federal agencies. Three entries approaching SLA means your PATCH-VEL will decline if you deprioritise remediation options in upcoming turns.
SLA breach directly degrades PATCH-VEL and Q_sctl
EU CRA · Vendor Contracts
SBOM obligations: 6/9 vendors
EU CYBER RESILIENCE ACT · VENDOR CONTRACTS
The EU CRA requires vendors of digital products to maintain and deliver SBOMs and disclose vulnerabilities. 6 of 9 vendors are contractually obligated — 3 remain outside scope, creating SC-CONC exposure that decisions can close or widen.
Full compliance = 9/9 · Drives SC-CONC HHI trajectory
Policy Stress
Cultural Acceptance71%
CULTURAL ACCEPTANCE
Societal and organisational willingness to accept governance interventions — monitoring expansion, vendor restrictions, mandatory disclosure. Low acceptance raises the political cost of technically correct decisions.
Active adversarial narrative operations degrading public attribution confidence and allied consensus. Rising pressure reduces the decision window before political constraints override technical response options.
⚠ HIGH >50% — erodes allied coordination and public trust simultaneously
Allied Coord. Quality68%
ALLIED COORDINATION QUALITY
Real-time quality of CSIRT-to-CSIRT and NATO/UN partner coordination. Reflects shared threat intelligence fidelity, notification timeliness, and joint response alignment. Central to Budapest Convention supply chain provisions.
Auracelle Orion v4 is a turn-based cyber governance wargaming simulation that stress-tests policy decisions across realistic supply chain attack scenarios. Each 5-turn scenario compresses a full incident lifecycle — from initial threat entry through governance consolidation — into a structured decision environment that quantifies the quality of your governance choices using the E-AGPO-HT v2.0 framework.
Governance Framework
The simulation is powered by the E-AGPO-HT v2.0 framework — Auracelle's proprietary governance wargaming engine. Domain health indicators aggregate across cybersecurity, supply chain, nuclear safeguards, and institutional dimensions. Every decision is quantified and scored to produce a governance quality outcome that tracks coordination, compliance, resilience, and attribution across the full scenario lifecycle.
HOW TO PLAY
① Use intelligence briefings to assess threat scope before committing ② Choose from 4 governance response options, each with explicit trade-offs ③ Review the governance consequences of your decision and the counterfactual ④ Build institutional resilience across 5 turns — then review your full decision path in After-Action Review
POLICY RELEVANCE
Calibrated against NIS2, EO 14028, CISA KEV, EU CRA, and Budapest Convention supply chain provisions. Designed for NATO, UN, and national CSIRT policy contexts.