Mining AI · Oil & gas AI · Pipeline inspection AI · Offshore platform AI

Prompt injection in mining and oil & gas AI

Mining and oil & gas AI spans two of the world’s largest extractive industries, both of which have rapidly adopted computer vision AI for geological characterisation, asset integrity management, and production operations monitoring — and both of which face severe process safety consequences when AI-assisted inspection or classification fails. MineSense Technologies, Maptek, Trimble MineStar, and Xplain Data operate geological AI platforms that process drillcore photographs, drill chip images, mine face photographs, and hyperspectral scanner images to classify rock types, grade mineral deposits, and support mine planning decisions that directly affect reserve calculations and project economics for copper, gold, iron ore, and lithium mining operations. Baker Hughes AIQ (Artificial Intelligence Quotient), Schlumberger Delfi AI, and ABB Ability Asset Vision are the leading AI platforms for oil and gas asset integrity management, processing pipeline corrosion inspection images from remotely operated vehicles (ROVs), inspection drones (Flyability Elios, Percepto, Airobotics), and robotic inspection crawlers (PII Pipeline Solutions, ROSEN) to assess corrosion severity, crack propagation, and wall thickness loss against pipeline integrity management (PIM) thresholds required by API 1160, ASME B31.8S, and the US DOT PHMSA pipeline integrity rule. Cognite Data Fusion and Aker Solutions IRM (Inspection, Repair, and Maintenance) AI platforms process offshore platform structural inspection images from ROVs, underwater inspection cameras, and aerial inspection drones operating on production platforms, FPSOs (Floating Production Storage and Offloading), and subsea infrastructure in the North Sea, Gulf of Mexico, and deepwater Brazilian pre-salt fields. The adversarial image injection threat to mining and oil & gas AI exploits the image upload and transfer pathways in geological data management portals, pipeline inspection AI platforms, and offshore integrity management systems. This page covers four injection surfaces and how Glyphward’s pre-scan gate addresses the threat at the mining and energy AI image ingestion boundary.

TL;DR

Mining and oil & gas AI — MineSense, Baker Hughes AIQ, Cognite, ABB Asset Vision — processes drillcore grade classification images, pipeline corrosion drone inspection photos, wellsite operations camera feeds, and offshore platform structural inspection imagery. Adversarially crafted images submitted through geological portal uploads, pipeline integrity AI APIs, and offshore inspection management systems can corrupt mineral reserve calculations, suppress pipeline corrosion flags, and falsify offshore structural integrity records. Glyphward scans each image at the ingestion boundary with a threshold of ≥ 55 for mining and oil & gas AI inputs (process safety — pipeline integrity failure or structural collapse → spill/explosion risk). Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in mining and oil & gas AI

1. Drillcore and borehole image injection in geological AI (MineSense, Maptek Eureka AI, Trimble MineStar)

Geological AI platforms process photographic images of drillcore (cylindrical rock samples extracted from drill holes during exploration and production drilling) and drill chip samples (rock fragments produced by rotary or percussion drilling) to classify rock types, estimate mineral grades, identify alteration zones, and characterise ore-waste contacts — determinations that feed block models used for mineral resource and reserve estimates under JORC Code (Australia), NI 43-101 (Canada), and SEC Regulation S-K 1300 (United States) reporting standards. MineSense Technologies’ ShovelSense and BeltSense AI platforms use X-ray fluorescence (XRF) sensors combined with camera imaging at loading shovels and conveyor belts to grade ore-waste material in real time at copper, gold, and nickel mines operated by Teck Resources, BHP, and Glencore. Maptek’s Eureka geological modelling platform and PointStudio AI incorporate automated core photograph classification to assign lithology codes and grade estimates to core tray images submitted by geologists through Maptek’s data portal. The adversarial injection surface involves drillcore photograph submissions: core photographs are standard geological documentation submitted by third-party core logging contractors, exploration geologists, and laboratory analysts through geological data management systems (GEOVIA, Datamine, acQuire) as part of resource estimation campaigns. An adversarially crafted core tray photograph — in which pixel-level perturbations applied to the visible mineralisation patterns (pyrite dissemination, visible copper staining, quartz vein density indicators) cause the AI geological classifier to assign a higher-grade lithology code than the physical mineralogy supports — submitted through a geological data portal by a contracted core logging service can corrupt the block model feeding a mineral resource estimate. For publicly listed mining companies reporting JORC or NI 43-101 resource estimates, a systematically inflated AI-derived grade estimate creates a material misrepresentation risk under securities law — with consequences analogous to the Bre-X Minerals scandal (fraudulent core assays inflating reported gold grades) but executed through adversarial AI manipulation rather than physical salting. The converse attack — adversarially crafted images that cause the AI to under-report grade at a rival’s mineral deposit or in a valuation due diligence exercise — has corporate intelligence and M&A manipulation applications. Trimble MineStar’s fleet management and mine control AI also incorporates face profiling and blast design image classification from photographs of blast holes and mine faces; adversarial injection in this context can corrupt blast design AI that optimises drill pattern and explosive loading parameters — with process safety consequences if incorrect blast parameters are acted on.

2. Pipeline corrosion inspection AI injection (Baker Hughes AIQ, Schlumberger Delfi AI, ABB Asset Vision)

Pipeline integrity AI processes inspection images from inline inspection (ILI) tools (magnetic flux leakage, ultrasonic wall measurement), external inspection drones (Flyability Elios 3 for internal tank and vessel inspection, Percepto Sparrow for external above-ground pipeline corridors), and robotic crawlers (ROSEN Group ROSENpig, PII Pipeline Solutions) to classify corrosion severity, crack depth, and wall thickness loss against the engineering assessment thresholds in the pipeline’s integrity management plan. Baker Hughes AIQ’s pipeline inspection AI classifies corrosion indications in drone inspection photographs and ILI data visualisations submitted by pipeline operators through the Baker Hughes Leucipa AI platform and Cordant digital operations platform. Schlumberger’s Delfi Digital Subsurface Environment processes pipeline inspection images submitted by offshore operators through operator data rooms and cloud-based integrity management portals. The adversarial injection surface involves inspection drone image submissions: pipeline inspection drone operators at midstream pipeline operators (Williams Companies, TC Energy, Enterprise Products Partners, ADNOC Pipelines) transfer inspection image sets from drone missions through secure upload portals to the pipeline integrity AI platform for automated defect classification. An adversarially crafted external corrosion inspection image — in which pixel-level perturbations applied to a corroded pipe surface area reduce the apparent pitting depth or surface area of an active corrosion feature — submitted through the inspection drone upload portal can cause the pipeline integrity AI to classify an active corrosion indication below the operator’s dig-and-repair trigger threshold, deferring a maintenance excavation action. For high-pressure gas transmission pipelines (class 3 and 4 locations, HCAs — High Consequence Areas) where a corrosion-driven pipeline failure results in a high-pressure gas rupture and ignition, the consequence of a deferred corrosion repair triggered by a corrupted AI inspection classification can be a fatal pipeline explosion — the category of event associated with incidents including the San Bruno PG&E pipeline explosion (2010, 8 deaths) and the Bellingham, Washington Olympic Pipe Line rupture (1999, 3 deaths). PHMSA’s pipeline integrity rule (49 CFR Part 192 and Part 195) requires operators to use engineering-critical assessment (ECA) methods for integrity decisions; adversarial manipulation of the inspection AI input data that feeds ECA calculations constitutes corruption of the integrity management process required by federal pipeline safety regulation.

3. Wellsite operations camera AI injection (TotalEnergies AI, Weatherford AI, Keyera)

Wellsite operations AI processes camera images from production well pads, compression stations, and processing facilities to monitor equipment health, detect safety hazards (hydrocarbon leaks, flare status, personnel proximity to hazardous equipment), and assess production equipment condition. TotalEnergies’ AI-powered wellsite monitoring platform, deployed at upstream production assets in the North Sea, Middle East, and North Africa, uses camera feeds and periodic site photograph submissions to classify equipment condition — surface wellhead equipment, Christmas tree valve status, separator condition, and flare system status — through AI models integrated with the TotalEnergies remote operations centre. Weatherford AI and Keyera’s gas processing AI platforms incorporate wellsite equipment photograph submissions from field operators and third-party field inspection contractors through web portal and mobile application upload workflows to support AI-assisted equipment health assessment and work order generation in CMMS (Computerised Maintenance Management Systems) platforms. The adversarial injection surface involves wellsite inspection photograph submissions: field operators at remote well pad locations and third-party inspection contractors routinely submit wellsite equipment condition photographs through mobile applications (Inpixon, Field360, iSite) and operator portal upload forms as part of well pad inspection routines and scheduled maintenance programmes. An adversarially crafted wellsite equipment photograph — in which pixel-level perturbations applied to a surface safety valve (SSV), emergency shutdown valve (ESDV), or wellhead pressure gauge image cause the AI equipment condition classifier to assign a “normal operating condition” status when the physical equipment shows a visible leak path, valve stem corrosion, or pressure gauge damage — submitted through a mobile field inspection application can suppress a work order generation that the AI would otherwise have triggered. For upstream oil and gas production facilities where a failed surface safety valve or blowout preventer component reaches a critical failure state without triggering a maintenance action, the consequence is an uncontrolled well kick or blowout — the category of incident associated with the Macondo Deepwater Horizon disaster (2010) and the Piper Alpha platform explosion (1988, 167 deaths). The adversarial injection surface is accessible to a field contractor who has legitimate access to the mobile inspection application but wants to suppress a maintenance action for financial reasons (deferred work order = deferred shutdown cost).

4. Offshore platform inspection drone image injection (Cognite AI, ABB Asset Vision, Aker Solutions IRM)

Offshore structural integrity AI processes inspection images from underwater ROVs, above-water aerial drones, and close-visual inspection (CVI) teams submitted through offshore integrity management platforms to classify structural defects, corrosion severity, coating degradation, and fatigue crack indicators on production platforms, FPSOs, and subsea structures. Cognite Data Fusion’s integrity management module, deployed by Equinor, Aker BP, and Vår Energi on Norwegian Continental Shelf (NCS) platforms, processes ROV inspection video frames and drone inspection images submitted by inspection service providers (Stinger Technology, Oceaneering International, Subsea 7 IMR) through Cognite’s API and data connector integrations. Aker Solutions’ IRM AI platform and ABB Ability Asset Vision process offshore structure inspection images through integrity management portals used by offshore operators across the UK Continental Shelf (UKCS), Gulf of Mexico, and deepwater West Africa. The adversarial injection surface involves inspection service provider image submissions: third-party inspection service providers — Oceaneering International, TechnipFMC, Saipem — transfer ROV inspection video frames, multi-beam sonar images, and close-visual inspection photographs to offshore operators through data transfer portals, cloud storage integrations (Microsoft Azure, AWS S3), and direct API uploads. An adversarially crafted ROV inspection image — in which pixel-level perturbations applied to a jacket leg node, a conductor guide frame, or a mooring chain inspection area cause the AI structural classification model to assign a “within threshold — monitor next inspection cycle” classification when the physical feature exceeds the crack acceptance criteria in the structural integrity management plan (SIMP) — submitted through a cloud portal data transfer can defer a repair action that the AI would otherwise have flagged for immediate intervention. For North Sea and Gulf of Mexico fixed platforms in the late-life phase — where fatigue crack growth rates in jacket legs and conductor guides are accelerating — a deferred structural repair triggered by a corrupted AI classification contributes to the structural failure risk profile. HSE (UK) Offshore Installations (Prevention of Fire and Explosion, and Emergency Response) Regulations 1995 (PFEER) and BSEE (Bureau of Safety and Environmental Enforcement) structural integrity requirements establish the legal framework for offshore structural integrity management; adversarial corruption of the AI inspection data layer that feeds structural integrity assessments creates regulatory liability analogous to falsified inspection records under these frameworks.

Integration: mining and oil & gas AI image ingestion with Glyphward pre-scan

Mining and oil & gas AI image ingestion flows from geological data portal uploads, pipeline inspection drone transfer portals, wellsite mobile inspection applications, and offshore integrity management cloud integrations into AI processing queues. Insert Glyphward’s pre-scan at the ingestion boundary before images reach the geological, pipeline integrity, or structural AI:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Process safety threshold: pipeline integrity failure or structural collapse
# has spill/explosion/fatality consequence. 55 for standard; 50 for safety-critical.
THRESHOLD_MINING_ENERGY_AI = 55
THRESHOLD_PROCESS_SAFETY_CRITICAL = 50  # surface safety valves, SSVs, BOP systems


class MiningEnergyAIContext(str, Enum):
    GEOLOGICAL_CORE = "geological_core"             # drillcore / drill chip images
    PIPELINE_INSPECTION = "pipeline_inspection"     # corrosion / ILI / drone images
    WELLSITE_EQUIPMENT = "wellsite_equipment"       # surface equipment condition photos
    OFFSHORE_STRUCTURAL = "offshore_structural"     # platform / FPSO structural inspection


async def scan_energy_image(
    image_source: str | Path | bytes,
    context: MiningEnergyAIContext,
    site_id_hash: str,         # SHA-256 of site/asset identifier (not raw)
    asset_id_hash: str,        # SHA-256 of component/asset identifier (not raw)
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan a mining / oil & gas AI image for adversarial injection payloads before
    forwarding to geological, pipeline integrity, or structural AI.
    """
    if isinstance(image_source, (str, Path)):
        image_bytes = Path(image_source).read_bytes()
    else:
        image_bytes = image_source

    image_b64 = base64.b64encode(image_bytes).decode()
    image_sha256 = hashlib.sha256(image_bytes).hexdigest()
    scan_id = str(uuid.uuid4())

    threshold = (
        THRESHOLD_PROCESS_SAFETY_CRITICAL
        if context == MiningEnergyAIContext.WELLSITE_EQUIPMENT
        else THRESHOLD_MINING_ENERGY_AI
    )

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "energy_context": context.value,
                "site_id_hash": site_id_hash,
                "asset_id_hash": asset_id_hash,
                "client_scan_id": scan_id,
                "image_sha256": image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "site_id_hash": site_id_hash,
        "asset_id_hash": asset_id_hash,
        "energy_context": context.value,
        "scan_id": result["scan_id"],
        "client_scan_id": scan_id,
        "image_sha256": image_sha256,
        "score": result["score"],
        "flagged_region": result.get("flagged_region"),
        "threshold": threshold,
        "action": "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_energy_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialEnergyImageError(
            f"Mining/energy AI image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"site={site_id_hash[:8]}... asset={asset_id_hash[:8]}..."
        )
    return result


async def scan_inspection_mission(
    image_paths: list[Path],
    context: MiningEnergyAIContext,
    site_id_hash: str,
    asset_id_hash: str,
) -> dict:
    """Scan a drone inspection mission batch concurrently before AI processing."""
    allowed, blocked, errors = [], [], []

    async with httpx.AsyncClient() as client:
        tasks = [
            scan_energy_image(p, context, site_id_hash, asset_id_hash, client)
            for p in image_paths
        ]
        results = await asyncio.gather(*tasks, return_exceptions=True)

    for path, result in zip(image_paths, results):
        if isinstance(result, AdversarialEnergyImageError):
            blocked.append({"path": str(path), "error": str(result)})
        elif isinstance(result, Exception):
            errors.append({"path": str(path), "error": str(result)})
        else:
            allowed.append({"path": str(path), "scan_id": result["scan_id"]})

    return {
        "site_id_hash": site_id_hash,
        "context": context.value,
        "total": len(image_paths),
        "allowed": len(allowed),
        "blocked": len(blocked),
        "errors": len(errors),
        "blocked_items": blocked,
    }


async def write_energy_audit_record(record: dict) -> None:
    """Persist audit record to your integrity management audit log (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialEnergyImageError(Exception):
    """Raised when a mining/energy AI image exceeds the adversarial injection threshold."""
    pass

The site_id_hash and asset_id_hash fields provide the integrity management evidence chain: a blocked inspection image record links scan_id + site_id_hash + asset_id_hash + image_sha256 for post-incident investigation without storing raw facility or asset identifiers in the audit log. For pipeline and offshore structural inspection contexts, route blocked images to an immediate integrity alert — a deferred inspection action triggered by a blocked adversarial image should default to the conservative physical inspection option rather than relying on the AI classification. Get early access

Coverage matrix

Control	Geological core AI injection	Pipeline inspection AI injection	Wellsite equipment AI injection	Offshore structural AI injection
Text-only PI scanner (Lakera, LLM Guard)	No — pixel payloads not seen	No — pixel payloads not seen	No — pixel payloads not seen	No — pixel payloads not seen
Pipeline integrity management plan (API 1160, ASME B31.8S)	Not applicable to geological AI	Requires integrity assessment; does not inspect drone images for adversarial pixel content	Not applicable	Not applicable to offshore structural AI
Inspection service provider audit and qualification	Qualifies geologist competence; does not scan submitted images for adversarial manipulation	Audits inspection procedures; does not inspect transferred images for adversarial perturbation	Audits field contractor competence; does not scan mobile app uploads for adversarial content	Audits ROV/dive inspection contractors; does not inspect uploaded frames for adversarial manipulation
Glyphward	Yes — threshold 55; site_id_hash + scan_id + image_sha256 geological audit trail	Yes — threshold 55; asset_id_hash + scan_id; PHMSA-compatible audit record	Yes — threshold 50 (safety-critical); site_id_hash + scan_id + image_sha256	Yes — threshold 55; asset_id_hash + scan_id; HSE/BSEE-compatible audit record

Related questions

How does the adversarial injection threat differ between onshore pipeline and offshore subsea inspection AI?

The attack surface and consequence profile differ significantly between onshore pipeline and offshore subsea inspection AI. For onshore pipeline inspection AI (Baker Hughes AIQ processing ROSEN or PII ILI data; ABB Asset Vision processing Percepto drone images), the primary submission pathway is third-party data transfer: ILI service providers and external inspection drone operators transfer large inspection datasets — typically gigabytes of images per inspection campaign — through secure file transfer portals or cloud storage to the pipeline operator’s integrity AI platform. The high image volume creates a more complex attack surface: an adversary who controls a third-party inspection provider can inject adversarially crafted images into a larger dataset where individual image manipulation is harder to detect through statistical audit. For offshore subsea inspection AI (Cognite processing Oceaneering ROV images; Aker Solutions IRM processing Saipem dive inspection photographs), the primary submission pathway involves ROV video stream transfers and close-visual inspection photographic packages submitted by offshore crew through vessel satellite uplink and platform data connections. The lower bandwidth and more constrained submission environment slightly reduces the ease of bulk image manipulation, but increases the value of targeted single-image attacks against critical structural elements — a single adversarially crafted image of a jacket leg fatigue crack submitted as part of a CVI package can defer a repair action with potentially catastrophic structural consequence. The consequence severity is higher for offshore structural AI (platform collapse, multiple fatalities, major environmental damage) than for onshore pipeline AI for most scenarios, but the PHMSA regulatory enforcement environment for onshore pipeline operators is more developed and has higher enforcement precedent for integrity management failures.

Does the geological AI injection threat affect securities-law mineral resource disclosures?

Yes, and this is one of the highest-consequence non-safety adversarial injection scenarios in the mining sector. Mineral resource and reserve estimates reported under JORC Code 2012 (Australia/South Africa), NI 43-101 (Canada), or SEC Regulation S-K 1300 (United States) are public disclosures with strict competent person / qualified person certification requirements and securities fraud liability. The qualified person (QP) who certifies a resource estimate is legally responsible for the accuracy of the estimate — but the QP typically relies on AI-assisted grade estimation from drill core photograph classification and automated logging systems as a significant data input. An adversarial attack on geological AI grade classification that inflates AI-derived grade estimates — submitted through a third-party core logging contractor’s image upload workflow — creates a systematic upward bias in the block model that the QP’s review of AI outputs may not detect if the AI is considered a reliable primary data source. If the inflated estimate is disclosed in a public mineral resource statement and the inflated grade later contradicts production data, the securities fraud consequence is analogous to the Bre-X Minerals gold grade manipulation — which resulted in $6 billion in market cap losses, multiple securities fraud prosecutions, and a restructuring of QP certification requirements globally. The difference from traditional mining fraud is that the adversarial AI manipulation leaves no physical trace in the core samples — the samples are unaltered; the manipulation exists only in the adversarially crafted image submitted to the AI classification system, which the Glyphward audit trail is specifically designed to detect and preserve.

Are drone inspection image uploads secured by encryption and access controls that prevent adversarial injection?

Drone inspection image upload portals at pipeline and offshore operators typically implement TLS encryption in transit and OAuth 2.0 or SAML SSO access controls that authenticate the inspection service provider as a legitimate data submitter. These controls prevent unauthenticated external actors from submitting arbitrary images — but they do not prevent an authenticated inspection service provider from submitting images that have been adversarially crafted before upload. The adversarial injection threat model assumes an attacker who has legitimate access to the submission pathway — an insider at the inspection service provider, a compromised inspection contractor account, or a third-party core logging contractor who has been paid to manipulate images. In this threat model, encryption and access controls are irrelevant to the adversarial payload: the attacker is authenticated and the image is encrypted in transit, but the image content has been adversarially modified before it enters the encrypted channel. The correct control layer for this threat is adversarial content detection at the AI ingestion boundary — after authentication and decryption, before the image reaches the AI classification model — which is what Glyphward’s pre-scan gate provides. This is analogous to the distinction between transport security and payload inspection in web application security: HTTPS prevents man-in-the-middle interception but does not prevent an authenticated user from submitting a malicious payload through the encrypted channel.