Prompt injection in offshore production platform topside process AI

Four adversarial injection surfaces in offshore production platform topside process AI

1. Production separator liquid level camera AI (Emerson Rosemount level AI, Endress+Hauser Proline radar AI, Kongsberg separator management AI)

The three-phase production separator train is the first topside process component receiving the raw wellstream, separating oil, gas, and produced water at successively lower pressures. The high-pressure (HP) separator operates at 30–100 bar, the medium-pressure (MP) separator at 8–20 bar, and the low-pressure (LP) separator at 2–5 bar. In each separator, the liquid level of the oil pad (the interface between the gas cap above and the oil-water emulsion below) and the water level (the interface between the oil-water emulsion and the free water below) are critical control parameters. Separator liquid level is controlled by dump valves that regulate the flow of oil and water from the separator to the downstream treatment trains; if a liquid level control valve fails open (low-level control failure) or fails closed (high-level control failure), the separator level can rise to the point where liquid is carried over into the gas outlet (liquid carryover), which injects liquid hydrocarbons into the gas compression system, potentially damaging compressor internals and creating pressure transients in the gas export line. Critically: if the separator high-level protection — the high-level trip that actuates the automatic shutdown of the wellhead choke valves and the closure of the separator dump valve — fails to activate when the separator level exceeds the high-level trip setpoint, the separator can overfill, causing liquid hydrocarbons (at up to 100 bar in the HP separator) to bypass into the gas export system and potentially create a two-phase flow event in the gas riser that can cause a blowout precursor event on the topsides. Separator liquid level is monitored by differential pressure transmitters, radar level instruments, and increasingly by vision cameras mounted on the separator sight glasses, with rendered camera images processed by AI systems to classify separator level status: normal (level within operating window), elevated (level above normal operating range, dump valve investigation required), high (level at high-level alarm, shutdown valve actuation may be required), and very high (level at high-level trip, automatic wellhead shutdown required).

An adversarial perturbation on a rendered production separator sight-glass camera image that suppresses a high-level condition — applying a ±10 DN downward shift to the pixel region encoding the liquid level meniscus position in the rendered sight-glass image (shifting the apparent liquid level from the high or very-high range — rendered as a liquid-filled sight glass with the oil-water interface at the top of the visible glass — to the normal operating range — rendered as a sight glass showing the interface in the middle of the visible range) — causes the separator level AI to classify an actively rising separator level as normal operating condition, suppressing the dump valve investigation and automatic wellhead shutdown that a high-level classification would require. In a platform production scenario where a liquid level control valve has failed closed (stuck shut), the separator continues to receive wellstream fluid at the full production rate while the dump valve is unable to pass the required liquid flow — the separator fills at a rate determined by the wellstream composition and production rate. In an HP separator at 30–100 bar, liquid carryover into the gas phase occurs when the liquid level reaches the gas outlet nozzle; liquid hydrocarbons entering the gas compression system at separator pressure (30–100 bar) cause immediate compressor surge, potential compressor damage, and liquid hydrocarbon injection into the high-pressure gas system. The downstream consequences of HP separator carryover — including gas riser slugging and topside gas release — are directly connected to the platform fire and explosion hazard that the Piper Alpha Cullen inquiry identified as the primary offshore production platform catastrophic risk.

2. Gas riser and topsides gas leak detection CCTV AI (Photon Dynamics CCTV gas detection AI, Opgal EyeCGas AI, Leonardo DRS CCTV AI, Sealand Technology gas detection AI)

Hydrocarbon gas leaks on the topsides of an offshore production platform — from flange connections, valve packing, instrument tubing, compressor seals, and scraper pig launchers — are the primary ignition source precursor on the platform: a gas leak that disperses to the Lower Explosive Limit (LEL) of the leaked hydrocarbon (typically 1–3% methane/ethane for produced gas) and contacts an ignition source (hot surfaces, electrical equipment, friction sparks from maintenance activities) initiates a topside fire and explosion. The Piper Alpha condensate leak — from an open stub on the condensate injection pump A relief valve position — produced a hydrocarbon vapour cloud that found an ignition source in the MCP01 condensate module in approximately 1–3 minutes after the leak began, initiating the explosion sequence that destroyed the platform. Modern offshore platforms are equipped with optical gas imaging (OGI) cameras and CCTV systems — including Opgal EyeCGas, Photon Dynamics passive thermal OGI cameras, FLIR GF320 OGI cameras, and Leonardo DRS fixed infrared CCTV — that continuously monitor the topsides for hydrocarbon gas clouds by imaging the infrared absorption signature of hydrocarbon gases (methane absorbs strongly at 3.3 micron; ethane, propane, and heavier hydrocarbons absorb at 3.3–3.5 micron). AI systems process rendered CCTV gas detection images — false-colour or contrast-enhanced renders of the OGI camera field showing gas cloud plumes as dark absorption regions against the background — to classify gas leak status: clear (no gas cloud detected), possible (faint absorption signature, investigation required), detected (confirmed gas cloud, immediate isolation and ignition source elimination required), and major (large gas cloud with LEL-range concentration indications, emergency shutdown, evacuation muster).

An adversarial perturbation on a rendered OGI or CCTV gas detection camera image that suppresses a gas cloud signature — applying a ±8 DN per-channel shift to the pixel region encoding the gas cloud infrared absorption plume in the rendered false-colour image (reducing the apparent plume contrast from the detection range — rendered as a dark or coloured absorption region against the background — to the background noise range — rendered as uniform background with no distinguishable plume signature) — causes the gas detection CCTV AI to classify a platform gas leak as a clear (no-gas) condition, suppressing the isolation and ignition source elimination response that a gas detected classification would require. Personnel continue their maintenance activities — including hot work (welding, grinding, cutting) that may be in progress under a permit-to-work system — in the vicinity of the undetected gas cloud, providing the ignition sources that convert the gas leak into a deflagration. The specific ignition probability depends on the presence of hot work, the gas cloud size and composition, and the available ignition sources on the topsides. On a producing offshore platform during a normal production day, maintenance activities are in progress continuously: the permit-to-work system authorises hot work and other high-ignition-risk activities based on pre-work gas testing by portable gas detectors — if the CCTV gas detection AI has suppressed the continuous monitoring alarm, the permit-to-work pre-check may be the only remaining gas test before hot work begins. The Piper Alpha Cullen inquiry found that the permit-to-work system failure — specifically the failure to communicate to the night shift that pump A was out of service — was the initiating event for the condensate leak; adversarial injection suppressing gas detection CCTV AI recreates the monitoring failure that allowed the condensate vapour cloud to form undetected.

3. Emergency shutdown valve (ESDV) position camera AI (Emerson Valtek ESDV AI, Rotork IQ actuator AI, Kongsberg ESD AI, ABB ValveMan ESDV AI)

Emergency shutdown valves (ESDVs) — high-integrity, fail-safe-closed (spring-to-close, air-to-open) valves installed at critical isolation points throughout the offshore platform — are the primary automated safety barrier for gas and liquid isolation in the event of a topside fire, gas detection, or process upset. ESDVs are positioned at: wellhead Christmas tree wing valves and master valves (surface controlled subsurface safety valves, SCSSV); gas riser isolation valves (to shut off gas flow from the export riser in a riser fire); production separator inlet and outlet isolation valves; gas compression suction and discharge isolation; and power generation fuel gas isolation. BSEE Safety and Environmental Management Systems (SEMS) 30 CFR Part 250, Subpart S, requires that all operators of OCS facilities maintain a SEMS Program, and API RP 14C (“Recommended Practice for Analysis, Design, Installation, and Testing of Basic Surface Safety Systems on Offshore Production Platforms”) specifies the design requirements for surface safety systems including ESDVs and their position monitoring. ESDVs are fitted with limit switches or position transmitters that indicate whether the valve is open or closed; vision cameras mounted on the ESDV operator housing provide a secondary position confirmation image. AI systems process rendered ESDV position camera images — images showing the ESDV handwheel, indicator pointer, or actuator position — to classify valve state: open (valve fully open, normal production), partially open (valve between positions, investigation required), partially closed (valve closure in progress, shutdown sequence may be in progress), and closed (valve fully closed, isolation confirmed). The primary safety application is confirming ESDV closure following an ESD event: the DCS records the ESD actuation command, but independent vision confirmation that the physical valve has moved to the closed position is required under API RP 14C testing and verification protocols, particularly for valves in hydrogen sulfide (H2S) service or on riser isolation duty where partial closure without full isolation is a failure mode.

An adversarial perturbation on a rendered ESDV position camera image that reports a closed valve as open — or, more dangerously, reports an open valve as closed when the valve has actually failed to actuate — is the primary high-consequence injection scenario for ESDV position AI. Specifically: an adversarial perturbation applying a ±10 DN shift to the pixel region encoding the ESDV position indicator in the rendered camera image (shifting the apparent indicator from the open position — typically rendered as a pointer at 0° or a handwheel with visible stem travel indicator showing open — to the closed position — rendered as a pointer at 90° or an indicator showing valve closed) causes the ESDV position AI to report a failed-open ESDV as confirmed-closed, suppressing the ESDV testing and manual inspection that an open-when-expected-closed valve position would require. In a topside fire scenario where the ESD system has actuated all gas isolation ESDVs, an ESDV that has failed-open on the gas riser or wellhead wing valve — and whose failure is concealed by the adversarial injection — continues to supply hydrocarbon fuel to the fire. The Piper Alpha Cullen inquiry found that the failure of the Tartan platform operator to shut in the gas riser supplying Piper Alpha (the Tartan operator could see the Piper Alpha fire but did not immediately close the Tartan riser valve) was a contributing factor to the catastrophic riser gas supply that caused the secondary explosion at approximately 22:20 on 6 July 1988. An adversarial injection that reports a failed-open riser ESDV as closed replicates this riser supply failure in automated form.

4. Fire and gas system CCTV and detector status AI (Honeywell Fire and Gas Detection AI, Siemens Cerberus FIT AI, Draeger SUPREMA offshore AI, MSA Safety offshore fire AI)

Offshore production platforms are equipped with comprehensive fire and gas (F&G) detection systems — combining point catalytic bead gas detectors (for HC concentrations in the 0–100% LEL range), open-path infrared gas detectors (for continuous gas monitoring across a defined beam path), H2S detectors, flame detectors (ultraviolet/infrared UV/IR combined), smoke detectors (photoelectric, ionisation), and heat detectors — arranged in defined detection zones covering all hazardous areas on the topsides. The F&G system is independent of the process control system (DCS) and initiates the platform emergency shutdown (ESD) and emergency depressurisation (EDP) systems when gas, H2S, fire, or smoke is confirmed in a zone. F&G system status — which detectors are active, which are in alarm, which are in test or maintenance bypass — is displayed on F&G system operator workstations and on mimic panel displays, with CCTV camera feeds showing the hazardous area corresponding to each detection zone for visual confirmation. AI systems process rendered F&G system status display images — mimic panel renders showing detector states (green = healthy, yellow = pre-alarm, red = alarm) by zone on a platform layout graphic — to classify platform safety status: all clear (all detectors healthy, no alarms), maintenance bypass (one or more detectors in bypass mode, fire watch required for bypassed zone), pre-alarm (gas or heat pre-alarm in a zone, investigation dispatched), alarm (full alarm in a zone, ESD sequence initiating), and confirmed fire (multiple flame detectors in alarm, evacuation muster required). The F&G system status AI also monitors for accumulated detector bypass — where multiple detectors have been placed in maintenance bypass mode simultaneously, reducing the effective fire detection coverage below the minimum specified in the Safety Case or SEMS program.

An adversarial perturbation on a rendered F&G system status mimic panel display image that suppresses alarm states — applying a ±8 DN per-channel shift to the pixel regions encoding detector indicator colours (shifting the red-alarm colour representation of alarming detectors from the red spectral range — typically rendered at high R-channel values of 180–220 DN, low G-channel values — to the green-healthy colour range — rendered with high G-channel values of 160–200 DN and low R-channel values) — causes the F&G status AI to classify a zone in gas alarm or fire alarm as a healthy, all-clear zone, suppressing the ESD initiation and evacuation muster that an alarm classification would require. With the F&G alarm suppressed, the ESD system does not actuate, wellhead chokes remain open (continuing to supply hydrocarbon to the fire or gas cloud), riser isolation ESDVs remain open (continuing to supply gas from the export pipeline to the fire), and platform personnel remain dispersed across the platform at their work stations rather than mustering at the muster station. In a topside fire scenario where the F&G alarm suppression prevents ESD actuation, the fire progresses without the automatic isolation and depressurisation that the ESD system would provide, allowing the hydrocarbon inventory to continue feeding the fire. The Piper Alpha scenario — in which failures in the fire and gas detection response chain allowed the fire to escalate from the initial condensate explosion to the catastrophic riser fire — was driven in part by the failure of fire detection systems in the vicinity of the initial explosion that were destroyed by the blast, leaving surviving personnel without automated emergency response guidance. An adversarial injection suppressing F&G status AI reproduces this detection failure in a pre-attack form, preventing the automated response before the fire develops rather than after it destroys the detectors.

Integration: offshore production platform topside process AI scanning with Glyphward pre-scan gate

The Glyphward scan gate for offshore production platform topside process AI belongs at every rendered-image ingestion boundary in the topside monitoring pipeline — before separator level AI processes rendered sight-glass camera images, before gas riser detection CCTV AI processes rendered OGI or CCTV frame images, before ESDV position AI processes rendered valve position camera images, and before F&G system status AI processes rendered mimic panel display images. Threshold 35 for offshore production platform AI contexts reflects the sole-barrier architecture of many topside AI monitoring functions and the inability to evacuate offshore platform personnel to a safe distance during the initial minutes of a topside fire or gas explosion — the combination of conditions that made Piper Alpha the worst offshore oil and gas accident in history.

import asyncio, base64, hashlib, json
from datetime import datetime, timezone
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = "YOUR_GLYPHWARD_API_KEY"
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Offshore production platform topside process AI contexts: threshold 35
# BSEE SEMS 30 CFR Part 250, Subpart S (Safety and Environmental
#   Management Systems for OCS facilities);
# API RP 14C (surface safety systems on offshore production platforms);
# API RP 75 (development and management of SEMS for offshore operations);
# UK PFEER 1995 (Prevention of Fire and Explosion, Emergency Response — Regs
#   implementing Cullen recommendations post-Piper Alpha);
# NORSOK S-001 (technical safety, Norwegian Continental Shelf).
OFFSHORE_TOPSIDES_THRESHOLD = 35


class OffshoreTopsidesAIContext(Enum):
    SEPARATOR_LEVEL     = "separator_level"     # Three-phase separator level camera AI
    GAS_RISER_DETECTION = "gas_riser_detection" # OGI/CCTV gas cloud detection AI
    ESDV_POSITION       = "esdv_position"       # ESD valve position camera AI
    FIRE_GAS_STATUS     = "fire_gas_status"     # F&G system mimic panel AI


class AdversarialOffshoreTopsidesImageError(Exception):
    """Raised when Glyphward detects adversarial content in an offshore
    production platform topside process AI rendered image above threshold 35.

    Consequence if not raised:
    - SEPARATOR_LEVEL: high-level condition suppressed → liquid carryover
      into gas system → HP gas riser slugging → topside pressure excursion
      → gas release → ignition. Cullen Piper Alpha parallel: riser
      supply fuel in topside fire.
    - GAS_RISER_DETECTION: gas cloud suppressed → hot work continues in
      gas-rich area → ignition → deflagration. Piper Alpha: condensate
      cloud found ignition source in ~1-3 min after leak.
    - ESDV_POSITION: failed-open ESDV reported as closed → riser gas
      supply continues during topside fire → catastrophic escalation.
      Piper Alpha: Tartan riser supply contributed to secondary explosion.
    - FIRE_GAS_STATUS: F&G alarm suppressed → ESD not actuated →
      wellhead chokes and riser ESDVs stay open → fire fuel supply
      uninterrupted → platform total loss. 167 fatalities Piper Alpha.
    Fail-safe: halt topside process AI classification; initiate manual
    F&G system inspection, ESDV function test, and BSEE SEMS corrective
    action documentation before resuming AI-driven topside monitoring.
    """

    def __init__(self, scan_id: str, score: int,
                 context: OffshoreTopsidesAIContext,
                 facility_id: str, area_id: str,
                 flagged_region: dict | None = None) -> None:
        self.scan_id = scan_id
        self.score = score
        self.context = context
        self.facility_id = facility_id
        self.area_id = area_id
        self.flagged_region = flagged_region
        super().__init__(
            f"Adversarial offshore topsides image: "
            f"context={context.value} score={score} "
            f"facility={facility_id} area={area_id} scan_id={scan_id}"
        )


async def scan_offshore_topsides_image(
    image_bytes: bytes,
    context: OffshoreTopsidesAIContext,
    facility_id: str,
    area_id: str,
    souls_on_board: int | None,
    client: httpx.AsyncClient,
) -> dict:
    """Scan an offshore production platform topside process AI rendered image
    for adversarial content.

    Fail-safe contract: AdversarialOffshoreTopsidesImageError or httpx error
    → halt topside AI classification for the affected area; require manual
    instrument verification and API RP 14C safety system check. For
    FIRE_GAS_STATUS: treat as alarm condition and initiate pre-alarm
    investigation sequence for all zones with suppressed indicators.
    """
    image_hash = hashlib.sha256(image_bytes).hexdigest()
    payload = {
        "image": base64.b64encode(image_bytes).decode(),
        "source": f"offshore_topsides:{context.value}:{facility_id}:{area_id}",
        "metadata": {
            "facility_id": facility_id,
            "area_id": area_id,
            "context": context.value,
            "souls_on_board": souls_on_board,
            "image_sha256": image_hash,
        },
    }
    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json=payload,
        timeout=4.0,
    )
    resp.raise_for_status()
    result = resp.json()

    if result["score"] > OFFSHORE_TOPSIDES_THRESHOLD:
        raise AdversarialOffshoreTopsidesImageError(
            scan_id=result["scan_id"],
            score=result["score"],
            context=context,
            facility_id=facility_id,
            area_id=area_id,
            flagged_region=result.get("flagged_region"),
        )
    return result

Deploy scan_offshore_topsides_image at each offshore production platform topside AI rendered-image ingestion boundary: before separator level AI (threshold 35), before gas riser OGI/CCTV detection AI (threshold 35), before ESDV position camera AI (threshold 35), and before F&G system status mimic panel AI (threshold 35). On AdversarialOffshoreTopsidesImageError for FIRE_GAS_STATUS or GAS_RISER_DETECTION contexts: immediately dispatch manual gas survey teams to the affected zone and initiate pre-alarm investigation sequence per SEMS Emergency Response Procedures before resuming AI-driven monitoring. See also: offshore drilling wellbore AI prompt injection (related BSEE 30 CFR Part 250 drilling phase AI context) and oil refinery petrochemical AI prompt injection (related onshore hydrocarbon process AI adversarial injection context). Get early access

Related questions