Safety by Design
The same question every industrial buyer asks. Here's how we answer it.
Air-gapped · EU AI Act-aligned · Five-tier safety authorization · Full audit trail.
5-Tier Authorization
Brain's AI agent operates under a strict 5-tier model. Read operations are always allowed. Safety-critical actions require admin approval AND explicit confirmation. No exceptions, no shortcuts, no black boxes.
Category
Read
Authorization
Always allowed
Example
“What's the current temperature?”
Category
Inform
Authorization
Always allowed
Example
“Show me the alarm log”
Category
Configure
Authorization
Agent enabled (default)
Example
“Create a new tag for tank 3”
Category
Control
Authorization
Operator approval or pre-approved rule
Example
“Start the heater at 60°C”
Category
Safety-Critical
Authorization
Admin approval + confirmation
Example
“Disable the overpressure alarm”
All five Brain agents (Engineering, Commissioning, Watchdog, Responder, Optimizer) operate under the same tier model — see /agents.
Compared to Other AI-PLC Platforms
Siemens TIA Portal Eigen has no published authorization model. Rockwell FactoryTalk Studio Copilot relies on standard RBAC. Beckhoff CoAgent has no equivalent tier system. CODESYS MCP defers all safety decisions to the host application. Brain’s 5-tier model with auto-lock and emergency stop is unique in the market today.
Auto-Lock
If Brain's AI agent executes 3 or more Tier-3 actions in 60 seconds, all autonomous modes are disabled automatically. Requires manual re-enable by an admin. This prevents runaway loops and accidental cascading changes.
T+0s
Tier-3 action #1
Within 60s window
T+18s
Tier-3 action #2
Within 60s window
T+47s
Tier-3 action #3
Within 60s window
Result
All autonomous modes disabled
Requires manual admin re-enable.
Emergency Stop
POST /ai/emergency-stop. Kills all agent activity instantly. Cancels pending actions. Disables all autonomous modes. Notifies all operators. One call, full shutdown.
curl · emergency-stop.sh
POST https://brain.local/ai/emergency-stop
Authorization: Bearer YOUR_ADMIN_TOKEN
Content-Type: application/json
{
"reason": "Unusual behavior detected",
"disable_until": "manual"
}
// Response
HTTP 200 OK
{
"status": "all_autonomous_disabled",
"actions_cancelled": 7,
"operators_notified": 4,
"timestamp": "2026-04-23T14:32:08Z"
}Audit Trail
Every AI action is logged to SQLite with: the tool used, the arguments, the tier, who approved it, when, and what the result was. Queryable via admin dashboard. Exportable for compliance audits. Immutable.
audit_log.sqlite · event #4f82a1c9e
IMMUTABLE{
"id": "evt_4f82a1c9e",
"timestamp": "2026-04-23T14:18:42.193Z",
"tool": "plc.set_setpoint",
"tier": 3,
"args": {
"tag": "HEATER_01.setpoint",
"value": 60.0,
"unit": "celsius"
},
"approved_by": "operator:mkowalski",
"approval_method": "pre_approved_rule:rule_88c",
"result": "success",
"duration_ms": 142,
"previous_value": 55.0,
"session_id": "sess_9a3b7e2"
}Degraded Mode
AI service down
PLC keeps running.
Backend crash
PLC keeps running.
Network outage
PLC keeps running, alarms still fire locally.
Cabinet power loss
PLC restores last known state on power-on.
The PLC engine, hardware drivers, and alarm processing all run independently of the AI agent. See /reliability for the full degraded-mode behavior.
Approve & Remember
When an operator approves a Tier-3 action, they can select “Approve & Remember” to create a pre-approved rule. Future identical situations are handled without re-prompting. The agent learns YOUR safety boundaries.
Day 1
Pending approval · Tier 3
Start heater HTR_01 at 60°C?
Tank TK_03 temperature low · warmup sequence required
Operator clicks Approve & Remember. A pre-approved rule is created.
Day 30
✓ HTR_01 → 60°C (auto, rule:88c)
✓ HTR_02 → 45°C (auto, rule:88c)
✓ PUMP_03 ON (auto, rule:91a)
✓ VALVE_V7 → 45% (auto, rule:91a)
✓ HTR_01 → 62°C (auto, rule:88c)
✓ MIXER_M2 → 180rpm (auto, rule:94e)
✓ + 14 more approved operations...
20+ operations executed autonomously. Every one logged, auditable, and revocable.
Limits and Revocation
Every Approve & Remember rule is stored with the operator who approved it, the conditions that match, and an expiration date (default 90 days, configurable). Rules can be revoked instantly by any admin. Every autonomous action under a rule is logged with the rule ID for full traceability. Rules cannot escalate above Tier 3 — Tier 4 always requires fresh admin approval, no remembering allowed.
Change Management
PLC changes go through a Git-native workflow. Every change is proposed as a diff, reviewed by authorized engineers, approved with signature, and deployed with one-click rollback. Zero unreviewed PLC changes. Ever.
01
AI or engineer proposes a PLC change as a Git diff. Every changed line is annotated with intent and impact analysis.
02
Authorized engineers inspect the diff, run it in simulation, and see automated impact analysis: which alarms could fire, which HMI screens reference these tags, which recipes are affected.
03
Signed approval required before deploy. Cryptographic signatures stored in audit trail. Approval can require multiple signoffs.
04
One-click deploy with instant rollback. Previous version is kept available for 90 days. Zero unreviewed changes ever reach the PLC.
Safety Stats
5
Tiers of authorization
2s
Hardware watchdog timeout per I/O board
100ms
PLC scan cycle (continues independent of AI)
0
Unreviewed PLC changes
∞
Immutable audit trail
Incident Response
Every Brain cabinet has an external emergency stop button physically wired to a hardware safety relay — independent of the controller, independent of the AI. The hardware E-stop cannot be overridden by software. AI safety failures are escalated to operators within 1 second via local alarm and configurable notification channels (email, SMS, webhook). Post-incident, the full audit trail provides a complete forensic record for root-cause analysis.
Safety Roadmap
Today
5-tier authorization, auto-lock, emergency stop, audit trail, Approve & Remember, change management workflow, hardware watchdogs.
In Progress
IEC 62443 industrial cybersecurity certification (Q4 2026), EU AI Act conformity assessment package (2027), IEC 61508 functional safety qualification (target 2027), CE marking (2026).
(Certification timelines published when available.) See /reliability for the broader reliability roadmap.
Verify, Don’t Trust