Security & Governance

Security is architecture.
Not a feature layer.

IndustrialClaw was designed for environments where AI failures have operational, safety-critical, and regulatory consequences. The security model is structural — not bolted on.

What generic AI agents expose you to

  • Prompt injection through alarm text

    Malicious or malformed tag values, alarm descriptions, and inbound messages can hijack agent reasoning and trigger unintended actions.

  • Skill execution with no governance

    Open agent frameworks run any available tool without authorisation checks, version pinning, or verification of skill integrity.

  • Uncapped API spend

    Agents without budget limits can enter feedback loops or retry cascades that generate unbounded cost exposure in hours.

  • Open internet egress

    Consumer-grade agents assume unrestricted outbound access — a configuration that is architecturally incompatible with OT network segmentation requirements.

  • No audit trail

    Without an immutable log of agent decisions and actions, incident post-mortems and regulatory reviews are impossible to reconstruct accurately.

What IndustrialClaw was built to prevent

In a developer environment, a runaway agent burns API credits and produces an embarrassing output. In a manufacturing plant, refinery, or power facility, a misfire is an unplanned shutdown, a safety event, or a regulatory breach.

IndustrialClaw's security model was not designed as an afterthought applied to a general-purpose agent runtime. It was designed first — for environments where the cost of a mistake is measured in lost production, damaged equipment, and personal safety.

The design principle:

An agent that cannot escalate its own permissions, cannot reach the open internet, cannot exceed its spend cap, and logs every action it takes — has a blast radius of zero.

Six structural security guarantees

Each of these is an architectural constraint — not a configuration option. They apply to every agent, every skill, every deployment.

Prompt Injection Prevention

MITIGATED

OT-specific input sanitisation layer. Alarm text, historian tag values, and inbound messages are treated as data — never as instructions. Prevents alarm floods or malicious tag values from hijacking agent behaviour.

Skill Governance

VERIFIED

Vetted skill library with version pinning and hash verification. Every skill is treated as privileged infrastructure, not an npm package. Skills are approved, signed, and version-locked before deployment.

Blast Radius Control

ZERO

Agents operate with minimum-necessary permissions. Read-only by default. Write and action capabilities require explicit role-based authorisation per skill per asset class. No agent can escalate its own permissions.

Hard Spend Caps

ENFORCED

API budget limits and circuit-breakers prevent runaway agents. Operators set cost ceilings per agent per shift. When a cap is hit, the agent halts and escalates — it does not retry or self-fund.

Network Isolation

ACTIVE

Agent communications are bound to allowlisted OT/IT domains. No open internet egress from the agent layer. All external calls go through an approved connector registry.

Immutable Audit Trail

IMMUTABLE

Every agent action, every tool call, every decision logged to an immutable audit trail. Designed for regulatory review and incident post-mortems. You can replay exactly what every agent did and why.

The Governance Loop

Propose. Validate. Execute.

Every agent action passes through a four-stage governance loop before it reaches the execution layer. No exceptions.

OBSERVE MONITORING

Agent reads from connected data sources on trigger or schedule. Builds a structured operational context window.

PROPOSE PENDING

The agent generates a candidate action. The proposal is fully formed but has not yet been authorised.

VALIDATE EVALUATING

The governance layer evaluates the proposal against deontic rules, permission boundaries, and spend caps before execution.

EXECUTE AUTHORISED

Only validated actions reach the execution layer. The proposal and validation record are written to the immutable audit trail.

"Constraint validation happens on projected outcomes before execution — not on reasoning paths after the fact. This is a structural guarantee, not a monitoring layer."

Built toward IEC 62443

The most rigorous cybersecurity standard for industrial automation and control systems. IndustrialClaw's architecture is structured to progress through assessment and certification tiers.

Self-Assessment

SL1

3–6 months

Internal compliance documentation against IEC 62443-2-1 operational requirements. Starting point for regulated industries entering a governance program.

Third-Party Assessment

SL2

6–12 months

Assessment by an accredited body — TÜV SÜD, DNV, UL. Required for Safety Level 2 environments and those seeking vendor qualification documentation.

Product Certification

SL3

12–18 months

Full IEC 62443-4 product certification. Required for SL3 safety-critical deployments. Safety-critical oil & gas operations are the benchmark for this tier.

Data Sovereignty

The only industrial AI platform for air-gapped operations

Some plants cannot send operational data to the cloud. Regulatory requirements — NERC CIP, nuclear safety standards — competitive sensitivity, or network architecture make cloud AI architecturally off the table.

IndustrialClaw supports fully air-gapped deployment with local LLM inference, bringing the intelligence layer inside the network perimeter. No operational data leaves the facility. No connectivity to inference endpoints outside the controlled environment.

The governance model, audit trail, and skill execution framework all operate identically in air-gapped mode. The only difference is where inference runs.

Who this applies to

Regulated utilities

NERC CIP requirements prohibit specific categories of operational data from traversing public networks.

Defense-adjacent manufacturing

Export-controlled environments with strict data residency and network segmentation obligations.

Offshore operations

Limited and intermittent connectivity makes cloud inference architecturally unreliable.

Data residency requirements

Operations with legal or contractual obligations to keep data within a defined geographic or network boundary.

Ready to review the security architecture in detail?

We can walk through the threat model, governance layer design, and compliance path for your specific environment and regulatory context.

Talk to us