What happened at DuPont Belle, West Virginia, in 2010 and why does it illustrate phosgene's unique hazard profile?

On 22 January 2010, a worker at the DuPont Belle plant in West Virginia was exposed to phosgene gas from a ruptured flexible hose in the phosgene and methyl isocyanate transfer area (CSB Case 2010-5-I-WV). The worker walked unassisted to the company medical clinic approximately 30 minutes after the exposure, reporting only mild symptoms consistent with routine chemical irritant exposure — a sore throat and slight coughing — because phosgene at the exposure concentration of approximately 10 ppm (5× IDLH) produces minimal acute sensory warning compared to its lethal potential. Approximately four hours after exposure, the worker developed rapidly progressive pulmonary edema — a consequence of COCl2 hydrolyzing in the alveolar fluid to produce carbamic acid and hydrochloric acid, causing diffuse alveolar damage and inflammatory flooding of the airspaces — and died despite emergency medical intervention. The case exemplifies phosgene's most dangerous property: the latency period between a potentially lethal exposure and the onset of incapacitating symptoms can be 2–24 hours, during which the exposed worker feels substantially normal and has no subjective reason to seek aggressive medical treatment or to reconstruct the exposure event for medical responders.

Why does OSHA PSM apply to phosgene at only 10 lbs — the lowest threshold in Appendix A?

The OSHA PSM TQ of 10 lbs for phosgene (COCl2) reflects the extreme acute inhalation toxicity of COCl2 and its role as a chemical weapon that accounted for an estimated 80–85% of all chemical weapon fatalities during World War I (1914–1918). At an IDLH of 2 ppm and a TLV-C ceiling standard of 0.1 ppm — the lowest ceiling OEL for any common industrial chemical — phosgene poses a severe community-scale toxic release hazard even from very small inventories; a 10 lb release of liquid phosgene (roughly 0.75 liters) flashing to vapor can produce IDLH concentrations over a significant downwind area under stable atmospheric conditions. The 10 lb TQ effectively means that any facility producing, using, or handling phosgene — including on-site captive production at MDI, TDI, or polycarbonate facilities — is subject to full OSHA PSM requirements regardless of how carefully the process is designed to minimize inventory. OSHA set the 10 lb TQ alongside equally stringent thresholds for other extremely toxic materials (hydrogen cyanide at 1,000 lbs, methyl isocyanate at 250 lbs) to ensure that the most acutely hazardous industrial chemicals receive maximum process safety scrutiny.

What is the significance of phosgene's ACGIH TLV-C rather than TLV-TWA classification?

The ACGIH TLV-C (ceiling value) designation means that the 0.1 ppm occupational exposure limit for phosgene must never be exceeded at any time during the work shift — it is not an average over 8 hours, as a TLV-TWA would be. This distinction is critical for monitoring system design: a TLV-TWA allows brief exceedances above the limit provided the time-weighted average remains below it, whereas a TLV-C means that a single instantaneous reading above 0.1 ppm constitutes an overexposure requiring immediate action. The ceiling classification reflects the mechanistic basis of phosgene toxicity — even brief exposures to concentrations well below the TWA equivalent can produce cumulative alveolar damage that manifests hours later as fatal pulmonary edema — and means that any CEMS or area detector AI system for phosgene must be capable of detecting and alarming on transient exceedances rather than trends. This makes the integrity of phosgene gas detection AI against adversarial pixel manipulation particularly consequential: a ±8 DN downward shift that suppresses a 2.4 ppm reading to 0.04 ppm not only defeats the IDLH alarm but defeats the TLV-C ceiling alarm and the one-half TLV-C investigation alarm simultaneously, during a window when worker exposure at 2.4 ppm is producing the delayed-onset pulmonary edema sequence.

Why does the phosgene scrubber pH attack use an upward shift rather than a downward shift?

The attack direction for any given sensor is determined by the direction of the hazardous physical condition relative to the normal operating range. For the vent scrubber NaOH pH surface, the dangerous condition is a low pH (NaOH exhaustion), while normal operation is a high pH (strong NaOH excess at pH 12–14). To suppress this dangerously low reading and make it appear normal, the adversarial manipulation shifts the pH display pixel values upward — converting an actual pH 9.4 (near-exhausted NaOH, active COCl2 breakthrough) to a displayed pH 13.2 (strong alkali excess, full scrubbing capacity). This is the standard attack geometry for safety-critical low-side process variables: variables where a low value is dangerous (pH, inhibitor concentration, coolant flow, N2 blanket pressure) require upward pixel shifts to appear normal, while variables where a high value is dangerous (temperature, pressure, toxic concentration) require downward pixel shifts. A portfolio-level adversarial attack on a phosgene production unit might apply downward shifts to the reactor temperature, CEMS detector, and transfer line pressure images simultaneously with an upward shift on the scrubber pH image — four different shift directions, four simultaneous deceits — all designed to present a coherent “everything is normal” picture to the integrated AI monitoring system.

Why is threshold 35 for phosgene production AI?

Threshold 35 reflects the convergence of the most stringent hazard and regulatory indicators in Glyphward's scoring matrix. The OSHA PSM TQ of 10 lbs — essentially zero inventory threshold — places phosgene at the extreme end of regulatory concern alongside hydrogen fluoride and hydrogen cyanide. The TLV-C of 0.1 ppm and IDLH of 2 ppm are among the most restrictive occupational exposure limits for any industrial chemical in routine production use. The DuPont Belle 2010 fatality demonstrates the most dangerous property of phosgene for AI monitoring integrity: the delayed-onset toxicity means that workers exposed through a deceived gas detection system will not develop recognizable symptoms during the exposure event and will not initiate emergency medical treatment in time to prevent the 4–24 hour pulmonary edema sequence. The EPA RMP TQ of 500 lbs triggers community right-to-know and worst-case release analysis requirements. The WWI chemical weapon precedent — 80–85% of all chemical weapon fatalities from phosgene — contextualizes the scale of harm possible from an uncontrolled atmospheric release. Taken together, these factors place phosgene production at the maximum sensitivity threshold justified by Glyphward's framework.

OSHA PSM 29 CFR 1910.119 TQ 10 lbs · EPA RMP 40 CFR Part 68 TQ 500 lbs · ACGIH TLV-C 0.1 ppm · IDLH 2 ppm · DuPont Belle WV, 22 Jan 2010

Prompt injection in phosgene production AI

Phosgene (COCl2) is produced industrially by the catalytic reaction of carbon monoxide with chlorine gas over an activated carbon bed at 50–100°C, serving as the critical intermediate in the manufacture of methylene diphenyl diisocyanate (MDI), toluene diisocyanate (TDI), and polycarbonate monomers — materials underpinning the global polyurethane foam, insulation, and engineering plastic industries, with global phosgene production estimated at over 10 million tonnes per year through on-site captive use at facilities including BASF Ludwigshafen, Covestro (formerly Bayer MaterialScience) Leverkusen, and Dow Chemical Freeport Texas. Because phosgene is produced and consumed on-site rather than shipped, facilities maintain relatively small inventories, but OSHA PSM applies at just 10 lbs — one of the lowest threshold quantities in 29 CFR 1910.119 Appendix A — reflecting the extreme acute toxicity of COCl2: IDLH 2 ppm, TLV-C (ceiling) 0.1 ppm, and a delayed-onset pulmonary edema mechanism that renders exposed workers apparently well for hours before rapid, fatal deterioration. The DuPont Belle, West Virginia incident of 22 January 2010, in which a worker exposed to phosgene via a ruptured flexible hose walked to the clinic reporting mild symptoms and died approximately four hours later from acute pulmonary edema (CSB Case 2010-5-I-WV), illustrates the unique danger of phosgene's latency period — and why AI monitoring systems that are deceived into classifying toxic phosgene concentrations as below-alarm cannot be corrected by worker self-assessment of acute symptoms. Adversarial prompt injection attacks that manipulate the sensor and monitoring display images fed to phosgene production AI pipelines exploit this delayed-onset hazard profile at four distinct surfaces.

TL;DR

Four adversarial injection surfaces exist in phosgene production AI: (1) synthesis reactor temperature, where ±10 DN downward shift suppresses an actual 162°C reading (activated carbon deactivation zone, Cl2 slip 8–12%) to a displayed 68°C within normal range; (2) phosgene CEMS / area gas detector, where ±8 DN downward shift reduces an actual 2.4 ppm COCl2 reading (1.2× IDLH) to a displayed 0.04 ppm — 2.5× below the TLV-C 0.1 ppm ceiling — while workers remain in the area entering the delayed-onset fatal pulmonary edema window; (3) product transfer line pressure, where ±10 DN downward shift hides a 6.2 bar gauge liquid phosgene accumulation as a 2.8 bar vapor-phase normal condition, risking liquid hammer fitting failure on valve opening; (4) vent scrubber NaOH caustic pH, where ±8 DN upward shift displays a depleted-alkali pH 9.4 as a fully adequate pH 13.2, allowing COCl2 breakthrough to atmosphere. OSHA PSM TQ of only 10 lbs means essentially any phosgene present triggers full process safety management requirements. Glyphward pre-scans all four contexts at threshold 35. See the free scanner to test your pipeline.

Four adversarial injection surfaces in phosgene production AI

1. Phosgene synthesis reactor temperature AI (Bayer MaterialScience Leverkusen phosgene reactor AI / BASF Ludwigshafen phosgene synthesis AI / Dow Chemical Freeport phosgene production AI / Covestro isocyanate precursor phosgene AI — activated carbon bed temperature monitoring for CO + Cl2 → COCl2 catalytic synthesis)

The industrial CO + Cl2 → COCl2 synthesis reaction proceeds exothermically over an activated carbon (coke or coconut shell) catalyst bed at 50–100°C under slight positive pressure, typically in a jacketed tubular reactor with cooling water on the shell side to maintain catalyst temperature within the reaction window. Activated carbon catalyzes the reaction by adsorbing Cl2 and facilitating its combination with CO, and the catalyst remains active within the 50–100°C window; above approximately 150°C, activated carbon begins to deactivate through progressive oxidation of the catalytic sites, and the conversion equilibrium shifts such that unreacted Cl2 passes through the catalyst bed as “Cl2 slip.” At 8–12% Cl2 slip, the product phosgene stream is heavily contaminated with chlorine gas — which is separately subject to OSHA PSM at a TQ of 1,500 lbs — and the downstream MDI or TDI amine reactor receives a mixed phosgene/chlorine feed rather than pure COCl2. AI monitoring systems on Covestro, BASF, and Dow phosgene production platforms use reactor temperature trend images from the DCS historian display to classify catalyst bed condition and Cl2 slip risk, typically alerting when temperature trends approach 120°C and generating automated cooling water increase signals when sustained temperatures exceed 130°C.

In the adversarial scenario, the actual reactor temperature display reads 162°C — well above the activated carbon deactivation threshold, producing Cl2 slip of 8–12% by volume in the COCl2 product stream. A ±10 DN downward pixel-shift on the DCS temperature trend image fed to the phosgene synthesis reactor AI suppresses the displayed reading to 68°C — squarely within the normal 50–100°C operating range, consistent with a healthy catalyst bed and complete CO:Cl2 conversion. The AI classifier returns a “normal operating temperature, catalyst active” status; no cooling water increase command is issued; no catalyst change-out is flagged. Downstream consequences are severe: the MDI or TDI amine reactor receiving Cl2-contaminated phosgene undergoes rapid exothermic chlorination of the polyamine raw material — a reaction that generates heat faster than the amine reactor jacket can remove it — producing a quality failure that can escalate to a runaway exotherm in the amine synthesis step. Simultaneously, Cl2-contaminated product reaching polycarbonate monomer synthesis steps produces chlorinated byproducts that degrade polymer optical properties and generate HCl off-gas that overwhelms the downstream HCl recovery scrubber. All of this proceeds while the phosgene synthesis reactor AI reports nominal 68°C catalyst bed temperature.

2. Phosgene CEMS / area toxic gas detector AI (Compur Optox-R phosgene CEMS AI / Mine Safety Appliances (MSA) phosgene sensor AI / Honeywell Analytics phosgene area monitor AI — continuous emissions monitoring and area detection in phosgene handling zones)

Phosgene production and transfer areas require continuous air monitoring using electrochemical or photoionization-based CEMS (Continuous Emissions Monitoring Systems) supplemented by personal and area fixed detectors, because the TLV-C of 0.1 ppm — a ceiling standard, not a time-weighted average — means that any exceedance, however brief, constitutes a reportable overexposure. AI monitoring platforms from Compur (Optox-R), MSA, and Honeywell Analytics use screenshot images of the CEMS digital display or area monitor panel to classify phosgene concentration status against the 0.1 ppm TLV-C and the 2 ppm IDLH, with automated alarm escalation at 0.05 ppm (one-half TLV-C, typical alarm setpoint for immediate investigation), 0.1 ppm (TLV-C ceiling, mandatory evacuation setpoint), and 2 ppm (IDLH, maximum atmospheric emergency). The critical hazard property of phosgene that makes AI gas detection integrity uniquely consequential is the delayed-onset pulmonary edema mechanism: at concentrations of 1–10 ppm, acute symptoms are limited to mild throat irritation, slight coughing, and a faintly sweet smell described as freshly cut hay; workers feel substantially well for 2–8 hours after exposure, then develop rapidly progressive, often fatal pulmonary edema as COCl2 hydrolyzes in the lung alveoli to produce carbamic acid and HCl, causing diffuse alveolar damage. The DuPont Belle victim walked unassisted to the company clinic 30 minutes after exposure to an estimated 10 ppm COCl2 for 15 minutes, reported mild symptoms, and died approximately four hours later.

The adversarial attack applies a ±8 DN downward pixel-shift to the Compur Optox-R or Honeywell Analytics CEMS display image fed to the phosgene area monitoring AI. The actual COCl2 concentration is 2.4 ppm — arising from a slow, continuous leak at a flanged connection on the reactor product exit nozzle — and is 1.2× the IDLH of 2 ppm. The pixel shift suppresses the displayed reading to 0.04 ppm, which is 2.5× below the TLV-C ceiling of 0.1 ppm and at the normal background noise floor of a well-maintained phosgene production area. The AI gas detection system classifies area status as “within acceptable limits — no action required.” Operations and maintenance personnel remain in the production area performing scheduled instrumentation rounds; they receive no alarm, no evacuation instruction, no direction to don supplied-air respirators. Acute symptoms of phosgene exposure at 2.4 ppm are mild — slight throat tickle, faint odor — and are easily dismissed as ambient industrial irritants. Between 2 and 8 hours later, exposed workers develop progressive dyspnea, cyanosis, and pulmonary edema; at that point, the exposure event is hours in the past, the phosgene leak may have been repaired by routine maintenance, and the causal connection between the AI-classified “clean” area and the medical emergency is difficult to establish without CEMS data review. OSHA PSM 10 lbs TQ covers this exposure entirely, but the AI monitoring layer has been completely disabled by the 8 DN pixel manipulation.

3. Phosgene product transfer line pressure AI (Emerson Rosemount 3051 differential pressure AI / Yokogawa EJX530A transfer line pressure AI / Honeywell STD700 pressure transmitter AI — product COCl2 transfer line pressure monitoring between synthesis reactor and downstream isocyanate or polycarbonate units)

Phosgene is transferred from the synthesis reactor to downstream MDI, TDI, or polycarbonate monomer synthesis units via insulated carbon steel or lined piping operating under modest positive pressure — typically 1–4 bar gauge in vapor-phase transfer — with transfer line pressure monitored by differential pressure transmitters whose output images are analyzed by AI classification systems. Phosgene has a boiling point of 7.56°C (45.6°F), meaning that at ambient temperatures above approximately 7.56°C, liquid phosgene can form in any section of the transfer line where the pressure is sufficient to liquefy vapor-phase COCl2. Dead-leg segments — horizontal pipe sections downstream of closed valves with no flow — are particularly prone to liquid accumulation when the line has been pressurized and then isolated; liquid COCl2 can pool in these segments at concentrations approaching 100% by mass, representing a much greater hazard potential than equivalent-pressure vapor-phase phosgene because liquid flashes violently to vapor at its 7.56°C boiling point on any contact with ambient air or warm surfaces, producing a dense COCl2 aerosol cloud. AI pressure monitoring systems are used to identify anomalous pressure buildup in isolated transfer line segments that would indicate liquid accumulation or valve seat leakage.

In the adversarial scenario, the actual phosgene product transfer line pressure reads 6.2 bar gauge, significantly above the normal 1–3 bar gauge operating pressure for vapor-phase COCl2 transfer. The elevated pressure indicates that liquid phosgene has accumulated in a low-point dead-leg segment downstream of a closed block valve following a planned maintenance isolation; the 6.2 bar gauge pressure reflects the vapor pressure of liquid phosgene at the prevailing ambient temperature plus the line charge pressure. A ±10 DN downward pixel-shift on the pressure transmitter display image fed to the transfer line pressure AI suppresses the displayed reading to 2.8 bar gauge — consistent with normal vapor-phase COCl2 at typical operating pressure, suggesting no liquid accumulation. The AI classifier returns a “normal transfer line pressure — safe for valve operation” status. An operations technician, relying on this AI classification, opens the block valve to re-establish flow for start-up — allowing the isolated, liquid-filled dead-leg section (at 6.2 bar) to discharge suddenly into the lower-pressure downstream piping. The resulting liquid phosgene hammer imparts a mechanical shock wave through the piping system; at a pipe elbow or instrumentation tap fitting operating at lower design pressure, a mechanical failure occurs; liquid phosgene at 6.2 bar discharges and immediately flashes to vapor at 7.56°C boiling point, producing a dense COCl2 vapor cloud at 100% concentration at the release point. This is a catastrophic, immediately-dangerous-to-life-and-health scenario originating entirely from a 10 DN pixel manipulation on a pressure display image.

4. Phosgene vent scrubber (NaOH caustic absorber) pH AI (Endress+Hauser Liquiline CM444 pH AI / METTLER TOLEDO M400 transmitter AI / Yokogawa FLXA402 pH AI — inline pH monitoring of NaOH scrubber effluent for COCl2 vent stream neutralization verification)

Phosgene synthesis and transfer operations generate vent streams — from reactor pressure relief, purge cycles, and equipment draining — that must be neutralized before atmospheric discharge. The standard engineering control is a packed-bed NaOH caustic absorber (vent scrubber) where COCl2 reacts with water and sodium hydroxide: COCl2 + H2O → CO2 + 2HCl, then 2HCl + 2NaOH → 2NaCl + 2H2O. The scrubber effluent pH is the primary continuous indicator of NaOH availability and scrubbing effectiveness; at full NaOH availability (pH 13–14), essentially all COCl2 in the vent stream is absorbed before the gas exits the scrubber packing; as NaOH is consumed, the effluent pH drops toward neutral, indicating that the caustic capacity is approaching exhaustion and COCl2 breakthrough to atmosphere is imminent. AI monitoring systems from Endress+Hauser, METTLER TOLEDO, and Yokogawa use inline pH probe display images from the scrubber effluent circuit to classify NaOH status and trigger automated NaOH replenishment or scrubber bypass alarms. This surface is notable because the safety-critical condition is a low pH value (NaOH depleted), meaning the adversarial attack uses an upward pixel shift — making the depleted scrubber appear to have ample caustic capacity — rather than the downward shift used on the pressure and temperature surfaces.

The ±8 DN upward pixel-shift attack on the Endress+Hauser Liquiline CM444 or Yokogawa FLXA402 pH display image fed to the phosgene scrubber pH AI suppresses an actual effluent pH of 9.4 to a displayed pH of 13.2. At pH 9.4, the NaOH in the scrubber is nearly exhausted — the carbonate/bicarbonate buffer region — and COCl2 absorption efficiency has dropped sharply; phosgene breakthrough to the atmosphere is occurring at a rate that may reach tens of parts per million at the scrubber outlet depending on vent flow rate. Displayed as pH 13.2, the AI scrubber monitoring system classifies NaOH availability as “fully adequate — strong alkali excess” and issues no replenishment alarm; operations makes no emergency NaOH addition. COCl2 continues to break through the exhausted scrubber into the process area atmosphere; OSHA PSM 10 lbs TQ applies to this vent stream release; no automated scrubber bypass to the emergency flare is initiated because the AI pH monitoring confirms adequate scrubbing. The upward attack direction — displaying a depleted scrubber as fully charged — is the standard geometry for safety-critical low-side process variables where a dangerously low value must appear normal, and is the complementary attack pattern to the downward shifts applied to pressure and temperature high-side surfaces. Protecting the scrubber pH AI with a Glyphward pre-scan gate at threshold 35 closes the most insidious phosgene release pathway — try the free scanner to test your pipeline.

Integration: phosgene production AI with Glyphward pre-scan gate

Glyphward integrates as a pre-scan gate on the image path between DCS/CEMS display screenshot capture and the phosgene production AI inference pipeline. Threshold 35 is chosen to reflect the OSHA PSM TQ of only 10 lbs (essentially no inventory threshold — any phosgene process is PSM-covered), the TLV-C ceiling standard of 0.1 ppm reflecting zero tolerance for any exceedance, the IDLH of 2 ppm, the DuPont Belle 2010 fatality demonstrating that delayed-onset toxicity makes worker self-rescue impossible once symptomatic pulmonary edema develops, and the EPA RMP TQ of 500 lbs. Each of the four contexts — REACTOR_TEMPERATURE, CEMS_GAS_DETECTOR, TRANSFER_LINE_PRESSURE, SCRUBBER_PH — requires separate scan calls so that a compound four-surface attack (where all four images are manipulated simultaneously) is individually detected and individually audited in the OSHA PSM management of change record.

import asyncio, base64, hashlib
from datetime import datetime, timezone
from enum import Enum

import httpx

GLYPHWARD_API_KEY = "YOUR_GLYPHWARD_API_KEY"
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Phosgene production AI contexts: threshold 35
# OSHA PSM 29 CFR 1910.119 COCl2 TQ 10 lbs (one of lowest in Appendix A)
# EPA RMP 40 CFR Part 68 TQ 500 lbs
# ACGIH TLV-C 0.1 ppm (ceiling — not TWA); OSHA PEL 0.1 ppm (ceiling)
# NIOSH REL 0.1 ppm (ceiling); IDLH 2 ppm
# DuPont Belle WV, 22 Jan 2010: 1 fatality, delayed pulmonary edema (CSB 2010-5-I-WV)
# Cl2 co-reactant OSHA PSM TQ 1,500 lbs; Cl2 slip at >150°C adds compound hazard
PHOSGENE_PRODUCTION_THRESHOLD = 35


class PhosgeneProductionContext(Enum):
    REACTOR_TEMPERATURE = "reactor_temperature"
    CEMS_GAS_DETECTOR = "cems_gas_detector"
    TRANSFER_LINE_PRESSURE = "transfer_line_pressure"
    SCRUBBER_PH = "scrubber_ph"


class AdversarialPhosgeneProductionImageError(Exception):
    """Raised when any phosgene production monitoring image scores >= 35.
    REACTOR_TEMPERATURE uncaught: 162°C Cl2 slip (8-12%) shown as 68°C on-spec.
    CEMS_GAS_DETECTOR uncaught: 2.4 ppm COCl2 (1.2x IDLH) shown as 0.04 ppm.
    TRANSFER_LINE_PRESSURE uncaught: 6.2 bar liquid phosgene shown as 2.8 bar vapor.
    SCRUBBER_PH uncaught: depleted NaOH pH 9.4 shown as fully-charged pH 13.2."""

    def __init__(self, scan_id, score, context, unit_id, flagged_region=None):
        self.scan_id = scan_id
        self.score = score
        self.context = context
        self.unit_id = unit_id
        self.flagged_region = flagged_region
        super().__init__(
            f"Adversarial phosgene production image: context={context.value} "
            f"score={score} unit={unit_id} scan_id={scan_id}"
        )


async def scan_phosgene_production_image(image_bytes, context, unit_id, client):
    image_hash = hashlib.sha256(image_bytes).hexdigest()
    payload = {
        "image": base64.b64encode(image_bytes).decode(),
        "source": f"phosgene_production:{context.value}:{unit_id}",
        "metadata": {
            "unit_id": unit_id,
            "context": context.value,
            "image_sha256": image_hash,
            "scan_timestamp_utc": datetime.now(timezone.utc).isoformat(),
        },
    }
    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json=payload,
        timeout=4.0,
    )
    resp.raise_for_status()
    result = resp.json()
    if result.get("score", 0) >= PHOSGENE_PRODUCTION_THRESHOLD:
        raise AdversarialPhosgeneProductionImageError(
            scan_id=result["scan_id"],
            score=result["score"],
            context=context,
            unit_id=unit_id,
            flagged_region=result.get("flagged_region"),
        )
    return result


async def main():
    async with httpx.AsyncClient() as client:
        with open("phosgene_production_screenshot.png", "rb") as f:
            image_bytes = f.read()
        result = await scan_phosgene_production_image(
            image_bytes,
            PhosgeneProductionContext.REACTOR_TEMPERATURE,
            unit_id="PHOSGENE-REACTOR-1A",
            client=client,
        )
        print(f"Clean scan: {result['scan_id']} score={result['score']}")


asyncio.run(main())

Frequently asked questions

What happened at DuPont Belle, West Virginia, in 2010 and why does it illustrate phosgene's unique hazard profile?: A worker exposed to phosgene from a ruptured flexible hose at the DuPont Belle plant on 22 January 2010 walked unassisted to the company clinic reporting only mild symptoms, then died approximately four hours later from acute pulmonary edema — the classic delayed-onset toxicity of COCl2 (CSB Case 2010-5-I-WV). At an estimated 10 ppm exposure for 15 minutes (5× IDLH), acute sensory warning is minimal; the fatal alveolar damage mechanism acts over hours, making self-rescue impossible once the exposure has occurred through a deceived monitoring system.
Why does OSHA PSM apply to phosgene at only 10 lbs — the lowest threshold in Appendix A?: The 10 lb PSM TQ reflects phosgene's extreme acute toxicity (IDLH 2 ppm, TLV-C 0.1 ppm) and its history as a chemical weapon responsible for 80–85% of WWI chemical weapon fatalities. Even very small liquid phosgene inventories can produce IDLH-range atmospheric concentrations over large downwind areas on release, justifying a threshold that effectively covers any phosgene-handling facility regardless of design inventory.
What is the significance of phosgene's ACGIH TLV-C rather than TLV-TWA classification?: A TLV-C (ceiling) means the 0.1 ppm limit must never be exceeded at any instant — not averaged over 8 hours. This reflects phosgene's mechanism: even brief exceedances produce cumulative alveolar damage that manifests hours later as fatal pulmonary edema. AI gas detection systems for phosgene must alarm on transient exceedances, not trends; a pixel attack that suppresses 2.4 ppm to 0.04 ppm defeats the ceiling, TLV-C, and investigation alarms simultaneously.
Why does the phosgene scrubber pH attack use an upward shift rather than a downward shift?: Because the dangerous condition is a low pH (NaOH exhaustion, COCl2 breakthrough), the attack must make the low reading appear high — an upward pixel shift converts actual pH 9.4 (near-depleted caustic, active COCl2 breakthrough) to displayed pH 13.2 (strong alkali excess). Downward shifts suppress dangerously high values; upward shifts suppress dangerously low values. A compound portfolio attack applies all four directions as needed across the four phosgene surfaces.
Why is threshold 35 for phosgene production AI?: Threshold 35 reflects the OSHA PSM TQ of 10 lbs, TLV-C of 0.1 ppm, IDLH of 2 ppm, the DuPont Belle fatality demonstrating that delayed-onset toxicity makes worker self-rescue impossible post-exposure, EPA RMP TQ of 500 lbs, and phosgene's WWI role accounting for 80–85% of chemical weapon deaths — converging on the maximum sensitivity threshold in Glyphward's framework.