<div> Biological immune systems do not ask permission to act. They earn the right through evolutionary rehearsal. </div> <div> <span>Autonomous defensive capabilities exist. Endpoint detection and response (EDR) and extended detection and response (XDR) platforms classify threats using machine learning. Security Orchestration, Automation, and Response (SOAR) systems execute automated playbooks. Cloud security services block known-malicious traffic without human intervention. For threats that match predefined categories, machines already act at machine speed.</span> </div> <div> <span>The problem is what happens when they don't match.</span> </div> <div> <span>Current autonomous defence operates under two regimes: vendor-asserted trust, where operators accept accuracy claims without environment-specific evidence; or pre-authorised response, where humans approve action classes in advance. Both work for known threats. Neither addresses the legitimacy of autonomous action against novel, time-critical attacks, zero-days, behavioural anomalies, abuse patterns that fall outside existing signatures and playbooks.</span> </div> <div> <span>This paper introduces earned autonomy: a governance framework for delegating defensive authority to machines. Like identity and access management, authority must be demonstrated before granted, scoped, and continuously validated, but applied to machine judgment rather than user access. We present IBSR (Inline Block Simulation Report) and Guard as a reference implementation: IBSR learns behavioural patterns and produces judgment through rehearsal on live traffic, Guard executes blocking at kernel level, and the separation ensures autonomous action is never taken without prior evidence of competence.</span> </div> <div> <span>The gap is not capability, it is legitimacy. Digital infrastructure requires an equivalent governance mechanism: not assumed trust, but demonstrated competence.</span> </div>