+VLFBERHT+ | Robotics

Physical AI Safety

AI verification before the robot moves.

When AI controls physical systems, errors are not bugs -- they are injuries, destroyed equipment, and halted production lines. Ulfberht translates AI behavioral quality scores into force limits, speed ceilings, and hard stops before any actuator fires.

GQS 0.88 at surgical site → force ceiling 7.2N (nominal: 10N). GQS 0.31 → automatic retract.

Request a Demo View Platform
ISO 10218 aligned ISO 15066 aligned ISO 13482 aligned IEC 62304 aligned EU Machinery Reg 2023
ulfberht verify --domain robotics --mode surgical
$ verify "Surgical: advance instrument 2mm along planned trajectory"
[AOTC] Task classification: TIER 4 — HARD STOP (physical actuator)
       Human surgeon authorization: REQUIRED
[SENSOR] Haptic: 2.1N | Imaging: tissue boundary 0.8mm | Force: nominal
        Consensus: 3/3 — VERIFIED
[PES] Governance Quality Score: 0.88
     Force limit: 10N (nominal) → 7.2N (adjusted, k=3.0 surgical)
     Kinetic Risk Score: 0.31 | Irreversibility: 0.94 | Blast radius: 4.2mm
[LIFECYCLE] Stage: EXECUTE — Permission hash: a3f9...c821
          Social engineering: CLEAR | Goal drift: 0.02 (tolerance 0.10)
[SURGEON] Awaiting authorization... ✓ Approved (Dr. Chen, 14:23:07 UTC)
Decision: PROCEED | Force ceiling active | Audit: surg-20260325-0091

The Problem

Four failure modes that physical AI inherits from software AI.

Software AI failures are expensive. Physical AI failures are irreversible. Every failure mode that produces wrong text in a chatbot produces damaged tissue, halted lines, and injured workers when the same model controls actuators.

Risk 01

Sensor Hallucination

AI perception reports objects that don't exist, misses objects that do, or misclassifies environmental conditions. A hallucinated clearance of 50mm at 2mm actual proximity means the arm moves into the obstruction. Standard safety systems do not audit the AI's perceptual input before acting on it. Ulfberht does.

Risk 02

Action Irreversibility

A robot that cuts, welds, or places an object cannot ctrl+Z. Standard verification pipelines treat reversible and irreversible actions identically. Without pre-execution irreversibility classification (Patent P10, 6 tiers), a Tier 6 action -- permanent physical transformation -- is authorized at the same threshold as a Tier 1 home position move.

Risk 03

Multi-Robot Cascade

In coordinated fleets, one robot's misperception propagates to every downstream unit before operators can intervene. Without cryptographically signed trust certificates and per-robot Cascade Risk Scores (Patent Q11), a single degraded unit corrupts fleet-wide state. Trust decays exponentially: T(t) = T₀ × e^(-γ × Δt).

Risk 04

Operator Complacency

Operators working alongside reliable robots develop automation bias. Acceptance Rate climbs toward 100%. Time-to-Accept drops to milliseconds. The human gate becomes a rubber stamp. When the system eventually produces an error requiring human judgment, the operator's Skill Preservation Index has degraded to the point where intervention fails. Patent R12 monitors this.

How It Works

Five steps between intent and actuation.

Every physical command passes through a five-stage verification pipeline. No stage is skippable. Each is cryptographically logged. Any stage failure escalates instead of executing.

01

Sensor Fusion Verification

Camera, LiDAR, haptic, and force readings cross-validated. Disagreements escalate -- never resolved by majority vote. A 2/3 vote in favor of a collision course does not mean proceed.

02

Action Classification (AOTC)

Physical actuator commands are one of 7 hard-stop categories. They force Tier 4 regardless of confidence scores. Human authorization is architecturally required -- not optional, not bypassable by time pressure or authority assertion.

03

Physical Safety Translation (PES)

GQS translates into physical parameters: T_adj = T_nominal × f(GQS). Exponential (k=3.0) for surgical, k=1.5 for industrial, sigmoid for assistive. Lower confidence means lower force ceilings, slower speeds, tighter proximity bounds.

04

Swarm Integrity Check (Q11)

The acting unit presents its Governance Certificate via an 8-step Epistemic Handshake. Trust decay, Cascade Risk Score, and anti-collusion nonce challenge evaluated. High cascade risk blocks execution regardless of individual unit GQS.

05

Authorization and Audit

Cryptographically signed permission set verified for this action at this task stage. Social engineering patterns (false identity, urgency, authority assertion) checked. Goal drift measured. All clear or no execution.

pipeline trace -- full verification log
# Stage 1: Sensor Fusion
PASS camera: 97.3% | lidar: 98.1% | haptic: nominal
PASS consensus: 3/3 modalities agree within 0.4mm
# Stage 2: AOTC Classification
TIER 4 physical actuator command — HARD STOP
REQ human authorization required before proceed
# Stage 3: PES Physical Translation
GQS 0.88 → force ceiling 7.2N (k=3.0 surgical, was 10N)
KRS 0.31 | speed ceiling 12mm/s | retract threshold: 0.30
# Stage 4: Swarm Integrity
CERT governance certificate valid (issued 00:04:12 ago)
CRS cascade risk: 0.07 — isolated unit, no downstream
# Stage 5: Lifecycle Authorization
PERM hash a3f9...c821 valid for EXECUTE stage
DRIFT goal drift: 0.02 (tolerance: 0.10) — CLEAR
SE social engineering: CLEAR
AUTH ✓ Dr. Chen authorized at 14:23:07 UTC
RESULT: PROCEED | Force ceiling active | Audit: surg-20260325-0091

Patent PES — Physical Embodiment Safety

How AI confidence becomes force limits.

GQS 1.0 means the AI is operating at full confidence. GQS 0.0 means minimum. The safety envelope responds to both values and everything between them. The function shape is deployment-specific: surgical requires exponential decay because small confidence drops near 1.0 carry the highest tissue risk.

Exponential Function (k=3.0)

Surgical Robotics

IEC 62304 / ISO 13482

Medical
GQS 1.00 — full confidence 10.0N max force
GQS 0.88 7.2N max force
GQS 0.60 2.0N max force
GQS 0.30 — hard threshold Instrument retracts

T_adj = T_nominal × e^(-3.0 × (1-GQS)). When AI confidence drops from 1.0 to 0.6, maximum force reduces from 10N to 2N. At 0.3, instrument retracts automatically.

Exponential Function (k=1.5)

Industrial Robotics

ISO 10218 / ISO 15066

Industrial
GQS 1.00 — full confidence 250mm/s max speed
GQS 0.75 180mm/s max speed
GQS 0.50 100mm/s max speed
GQS 0.40 — hard threshold Safe state entry

T_adj = T_nominal × e^(-1.5 × (1-GQS)). Speed reduces from 250mm/s to 100mm/s as GQS drops from 1.0 to 0.5. At 0.4, robot enters safe state. Kinetic Risk Score (KRS) = probability-weighted sum of damage severities.

Kinetic Circuit Breaker (Patent P10) — intercepts every actuator command

Every actuator command is decomposed into an Intent Payload before execution. Reversibility is classified across 6 tiers: fully reversible (home position), configuration reversible, operationally reversible, contextually reversible, partially irreversible (surface contact), cognitively/reputationally irreversible. Cognitive Contamination Radius is computed -- the count of human decision nodes downstream affected by this action's consequences. A state machine monitors GQS degradation over the active session and auto-tightens the circuit threshold as behavioral quality falls, without waiting for a hard threshold breach.

Robot Categories

Different robots. Different standards. Different governance.

Ulfberht maintains separate verification profiles per robot category, each tuned to its applicable standard and the specific failure modes that category produces.

Industrial — ISO 10218

Linear PES

Fixed Industrial Arms

High-payload arms in fenced cells. Primary risks: sensor drift over long production runs and goal specification gaming when throughput targets conflict with quality targets. PES uses linear GQS translation. KRS computed from payload mass, velocity, and human-accessible zone proximity. Torque and speed GQS-gated. Long-run behavioral drift detected before threshold breach.

Collaborative — ISO 15066

Continuous PES

Cobots

Human-present environments create continuous dynamic risk. Speed and force ceilings tighten as human distance decreases -- not as a fixed zone boundary, but as a continuous function of measured proximity and GQS. Patent R12 cognitive friction runs in parallel, monitoring operator complacency and injecting evaluation friction when Acceptance Rate trends toward rubber-stamp territory.

Medical — IEC 62304

Exponential PES k=3.0

Surgical Systems

Every tissue contact is Tier 5-6 on the reversibility scale. Surgical deployment uses exponential PES (k=3.0), mandatory Tier 4 AOTC for all instrument movements, and continuous haptic-imaging-force consensus. Surgeon authorization is architecturally required before any instrument advance command reaches the actuator. Not a UI prompt -- an architectural gate with cryptographic audit trail.

Fleet / AMR — Q11

Swarm Trust

Autonomous Mobile Robots

Warehouse and logistics fleets introduce the coordination problem at scale. Each robot maintains a Governance Certificate refreshed at mission assignment. Anti-Collusion monitoring detects when multiple robots are converging on a coordinated error pattern -- before any single robot's action makes it physical. Per-robot Cascade Risk Scores determine which units get quarantined before cascade begins.

Personal Care — ISO 13482

Sigmoid PES

Assistive and Care Robots

Elderly care and rehabilitation robots operate in unstructured environments with vulnerable users and no safety fencing. GQS-to-force translation uses a sigmoid function: gradual reduction through the mid-range, hard cutoff at the lower tail. ISO 13482 personal care robot bounds govern the PES calibration targets. No safety fence means the software envelope must be conservative at all GQS levels.

Defense — Air-Gapped

Hash-Locked

Military and Defense

No external network dependencies. Governance certificates generated and verified on-device inside a secure enclave. PES safety parameters are hash-locked at mission assignment -- not modifiable by any runtime command, including commands claiming authorized controller origin. Patent 34 social engineering detection remains active for in-mission command injection. Post-mission audit logs cryptographically sealed.

Capabilities

Every verification layer, patent-derived.

Each capability maps to a specific patent mechanism addressing a specific failure mode in physical AI systems.

PES — Patent 31

GQS-to-Physical Safety Translation

AI confidence scores translated into force ceilings, speed limits, and proximity thresholds in real time. Three translation functions (linear, exponential, sigmoid) mapped to deployment context and applicable standard.

AOTC — Patent 43

Physical Actuator Hard-Stop

All physical actuator commands are classified Tier 4 hard-stop regardless of confidence scores. Human authorization is architecturally required. Cannot be bypassed by confidence score, time pressure, or authority assertion.

P10 — Patent 12

Kinetic Circuit Breaker

Every actuator command decomposed into Intent Payload. Six-tier reversibility classification. Cognitive Contamination Radius computed. State machine auto-tightens as session GQS degrades over time.

Q11 — Patent 13

Swarm Zero-Trust

Cryptographic governance certificates. Eight-step Epistemic Handshake. Trust decay: T(t) = T₀ × e^(-γ × Δt). Anti-collusion nonce challenge-response. Per-robot Cascade Risk Score.

Patent 34

Agentic Lifecycle Governance

Four-stage compliance at plan, select, execute, evaluate. Permission sets cryptographically signed outside agent context. Social engineering detection. Goal drift measurement throughout extended workflows.

R12 — Patent 14

Cognitive Friction

Operator complacency monitoring. Acceptance Rate, Time-to-Accept, Challenge Frequency tracked per operator. Skill Preservation Index computed. Friction injected when complacency exceeds threshold.

Multi-Modal

Sensor Fusion Consensus

Camera, LiDAR, haptic, force, and depth cross-validated before perception-dependent actions. Disagreements escalate rather than resolve. No single sensor failure propagates to actuation.

Cryptographic

Immutable Audit Chain

Every verification decision, GQS value, sensor reading, and authorization event cryptographically logged. Chains cannot be modified post-hoc. Required for IEC 62304 medical device software traceability and post-incident investigation.

Use Cases

Four deployment scenarios. One verification architecture.

Scenario 01 — Highest Stakes

Surgical Robotics

A medical device company integrates AI-assisted surgical guidance. Every proposed instrument trajectory passes sensor consensus (haptic, imaging, force), AOTC hard-stop classification, and PES force translation before the surgeon sees an authorization request. The request includes the GQS, adjusted force ceiling, KRS, tissue boundary clearance, and goal drift -- so the surgeon sees exactly how confident the AI is and what physical constraints have been applied before authorizing a single millimeter of instrument advance.

IEC 62304 ISO 13482 Exponential PES k=3.0 Mandatory authorization
surg-20260325-0091
$ verify "advance instrument 2mm"
AOTC TIER 4 — HARD STOP (physical actuator)
SENSOR haptic: 2.1N | imaging: boundary 0.8mm
CONSENSUS 3/3 — VERIFIED
GQS 0.88 → force ceiling 7.2N (was 10N)
KRS 0.31 | irreversibility: 0.94
LIFECYCLE drift: 0.02 — CLEAR
SURGEON ✓ Dr. Chen (14:23:07 UTC)
PROCEED | audit: surg-20260325-0091

Scenario 02

Collaborative Assembly

An automotive manufacturer runs 40 cobots alongside human assemblers. Human position changes constantly. Ulfberht runs PES translation at every planning cycle using a live proximity factor -- as a worker steps closer, speed and force ceilings tighten continuously, not at a fixed 500mm threshold. Patent R12 cognitive friction runs in parallel, tracking each operator's acceptance rate to catch automation complacency before it becomes a safety incident.

ISO 15066 Continuous proximity factor R12 operator monitoring

Scenario 03

Warehouse Fleet Governance

A logistics operator runs 200+ AMRs across three fulfillment centers. When Robot 47's confidence degrades after a camera occlusion event, its Cascade Risk Score rises. Before it can affect the 12 downstream robots depending on its position data, the fleet trust layer flags it for human inspection and reroutes the dependent units. The human operator sees a specific robot ID, its current Cascade Risk Score, and the route change recommendation -- not a generic fleet alert.

Q11 swarm trust Cascade prevention Per-robot CRS

Scenario 04

Military and Defense

Air-gapped deployment. No cloud dependency. Governance certificates generated and verified entirely on-device via secure enclave. PES safety parameters are hash-locked at mission assignment -- they cannot be modified by any command received during active operation, including commands claiming to originate from authorized controllers. Patent 34 social engineering detection intercepts false authority and urgency injection at the lifecycle governance stage. Post-mission audit logs are cryptographically sealed and verifiable without network access.

Air-gapped Hash-locked parameters Sealed audit chain Social engineering detection

Patent R12 — Cognitive Friction

The operator is part of the safety system. Until they aren't.

When robots work correctly for weeks, operators stop checking. Acceptance Rate climbs toward 100%. Time-to-Accept drops to milliseconds. When the system eventually produces an error, the operator's Skill Preservation Index has degraded alongside their attention. Patent R12 monitors this degradation and restores it before that moment arrives.

01

Acceptance Rate Tracking

Per-operator acceptance rate monitored over rolling 1h, 8h, and 30d windows. Rate approaching 100% over extended periods is a complacency signal, not a quality signal. A robot that is never questioned is a robot whose errors will go undetected.

02

Time-to-Accept Measurement

Time between authorization request and confirmation is measured per action type. Sustained reduction in Time-to-Accept for high-KRS or high-irreversibility actions indicates the operator has stopped evaluating and started approving reflexively.

03

Skill Preservation Index

Tracks each operator's demonstrated ability to correctly evaluate robot actions against a calibrated baseline. SPI below threshold triggers mandatory friction injection -- a deliberate evaluation window before approval. Not punitive. Protective.

04

Injected Verification Challenges

When complacency threshold is exceeded, known-state verification challenges are injected into the authorization queue. Operators must correctly identify actual state before proceeding. Failure triggers supervisor notification and mandatory re-qualification.

Operator complacency dashboard — Operator 7, Station C

Acceptance Rate (30d) 98.7% ↑ ALERT
Avg Time-to-Accept (high KRS actions) 0.8s (baseline: 4.2s)
Skill Preservation Index 0.41 (threshold: 0.60)
Challenge Frequency (7d) Active — 3 injected

Friction injection active. Operator 7 sees mandatory 4s evaluation window on all KRS > 0.5 actions. 3 verification challenges queued for next shift. Supervisor: Chen, M. Notification sent 14:18 UTC.

<2ms

pre-execution verification
latency target

6

reversibility tiers
classified per action

8

step Epistemic Handshake
between robots (Q11)

5

robotics standards
mapped to patent claims

0

unverified actuator commands
authorized to execute

+VLFBERHT+ | Robotics

Verify your physical AI.

Schedule a technical demonstration with our robotics verification team. We will run Ulfberht against your specific robot platform, action types, sensor configuration, and the irreversibility profile of your deployment.

Contact Robotics Sales View Platform Architecture

Standards posture

ISO 10218 (Industrial Robots) Aligned
ISO 15066 (Collaborative Robots) Aligned
ISO 13482 (Personal Care Robots) Aligned
IEC 62304 (Medical Device Software) Aligned
IEC 61508 (Functional Safety) Aligned
EU Machinery Regulation 2023 Designed for
Pre-execution verification Native

Standards posture represents design intent and alignment targets. Formal certification engagements available on request.