Glyphward

SEL Schweitzer Relay AI · GE Grid Solutions Promax AI · ABB Relion 615 AI · Siemens SIPROTEC AI · Hitachi Energy REB670 AI · NERC CIP-014-2 · NERC PRC-025-2 · IEEE C37.113 · IEEE C37.110 · transformer differential relay AI · distance relay impedance AI · bus differential AI · frequency ROCOF AI

Prompt injection in power substation protection relay AI

The power substation protection relay system — the network of current differential, distance, over-current, frequency, and voltage relays that detect fault conditions in transmission and distribution power systems and trip the appropriate circuit breakers to isolate the faulted element within milliseconds — is the primary automated safety barrier between a developing fault in the high-voltage power grid and a cascading grid disturbance affecting millions of people. Protection relay systems at transmission substations (66 kV to 765 kV) protect the four primary elements of the power grid: power transformers (differential protection, using the ratio of primary and secondary currents to detect internal winding faults that would destroy the transformer and potentially cause a transformer oil fire); transmission lines (distance protection, using the impedance seen by the relay to determine whether a fault is within the relay’s zone of protection); busbars (bus differential protection, using the aggregate of all currents flowing into and out of the busbar to detect a fault on the busbar itself); and the system frequency (under-frequency and rate-of-change-of-frequency (ROCOF) protection, shedding pre-assigned blocks of load to arrest frequency decline when generation falls short of demand). AI systems deployed in protection relay monitoring — including SEL (Schweitzer Engineering Laboratories)’ ACSELERATOR Analytic Solutions relay AI, GE Grid Solutions’ Promax relay performance AI, ABB’s Ability relay analytics AI, Siemens’ SIPROTEC 5 relay AI, and Hitachi Energy’s (formerly ABB Power Grids) REB670 differential protection AI — process rendered images from protection relay HMI displays, phasor measurement unit (PMU) displays, and relay test equipment to classify protection system operating status and alarm conditions. The Northeast US Blackout of August 14, 2003 — 50 million people in 8 US states and Ontario without power for up to 4 days, $6 billion in economic loss — demonstrated the catastrophic consequence of inadequate situational awareness in relay monitoring: the blackout was initiated by a software bug in FirstEnergy’s energy management system that caused the alarm display to fail, preventing operators from recognising and responding to overloaded transmission lines before they sagged into trees; subsequent cascading line trips and relay operations transformed a local Ohio grid problem into a widespread blackout. India’s grid disturbance of July 30–31, 2012 — 620 million people without power across 20+ states, the largest blackout in human history by population affected — identified inadequate relay coordination and insufficient under-frequency load shedding as contributing factors. NERC CIP-014-2 (Physical Security of Transmission Facilities), NERC PRC-001-2 (Establishment and Communication of Protection System Needs), NERC PRC-025-2 (Protection System Misoperations), IEEE C37.113-2015 (IEEE Guide for Protective Relay Applications to Transmission Lines), and IEEE C37.110-2007 (IEEE Guide for the Application of Current Transformers Used for Protective Relaying Purposes) govern protection relay system design, coordination, and performance but do not include adversarial robustness requirements for AI systems classifying rendered relay display images at protection system monitoring boundaries.

TL;DR

Power substation protection relay AI — transformer differential relay current phasor display AI, distance relay zone impedance display AI, bus differential protection display AI, and frequency/ROCOF under-frequency load shedding relay display AI — processes rendered relay HMI and PMU display images at grid safety boundaries where adversarial pixel injection can suppress transformer winding fault detection (transformer fire consequence), delay distance relay zone cascade trips (Northeast 2003 cascade structural parallel), prevent busbar fault isolation (regional supply loss consequence), and inhibit under-frequency load shedding (system frequency collapse consequence; India 2012 structural parallel). NERC PRC-001-2, PRC-025-2, and IEEE C37.113 govern protection relay performance but do not address adversarial robustness for AI systems classifying rendered relay displays. Glyphward threshold 30 for substation protection relay AI: severe cascade blackout consequence; multiple independent non-AI relay protection layers (primary/backup relay coordination, transmission system operator (TSO) manual switching authority, automatic reclose schemes) attenuate but do not eliminate the adversarial AI monitoring gap. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in power substation protection relay AI

1. Transformer differential relay current phasor display AI (SEL-387 transformer differential relay AI, GE T60 transformer protection unit AI, ABB RET670 transformer differential relay AI, Siemens 7UT82/85/86/87 transformer differential protection AI — power transformer differential protection relay current phasor and operating characteristic display AI)

The power transformer differential protection relay — the primary protection element for large power transformers at transmission substations (rating: 10 MVA to 1,200 MVA, voltage: 115 kV to 765 kV) — detects internal winding faults (turn-to-turn, phase-to-phase, and winding-to-ground faults within the transformer tank) by comparing the ratio of the primary current (the current flowing into the high-voltage winding) to the secondary current (the current flowing out of the low-voltage winding), scaled by the transformer turns ratio. Under normal operating conditions or external fault conditions, the scaled primary and secondary currents are approximately equal (differential current approximately zero); during an internal winding fault, current flows into the transformer from both the primary and secondary sides to sustain the arc or plasma at the fault point — the differential current (the phasor sum of the scaled primary and secondary currents) rises above the relay’s operating threshold (typically 15–30% of rated current as the sensitive element pickup). The transformer differential relay trips the high-voltage circuit breaker and the low-voltage circuit breaker simultaneously, isolating the faulted transformer from the grid in 20–100 ms. AI systems process rendered images of the transformer differential relay HMI display — the dual-axis characteristic plot (percentage differential (Id%) on the Y-axis versus restraint current (Irt) on the X-axis, the classic “operate/restrain” characteristic showing the current operating point relative to the relay operating characteristic) — to classify differential protection status: normal (operating point in the restrain region below the characteristic, consistent with normal through-fault current or no fault), warning (operating point approaching the characteristic boundary — high through-fault current, monitor CT saturation), and operate (operating point above the characteristic in the operate region — relay should trip; if no trip occurred, annunciate relay malfunction or breaker failure).

An adversarial perturbation targeting the transformer differential relay phasor display AI applies a ±8 DN shift to the pixel region encoding the operating point marker in the rendered characteristic plot image — moving the apparent operating point from the operate region (above the relay characteristic, in the upper left quadrant where Id% exceeds the operating threshold at the current Irt level, rendered as a red dot in the operate zone with trip command annunciation) to the restrain region (below the characteristic, rendered as a green dot in the restrain zone, consistent with normal through-fault current). The AI classifies a transformer experiencing an internal winding fault — a developing turn-to-turn fault in the high-voltage winding of a 250 MVA, 345/115 kV autotransformer, with differential current rising to 18% of rated current at the current restraint level of 1.1 per-unit — as operating in the restrain region, no trip required. The protection relay’s hardware operates correctly (it would issue a trip command if its own current measurement circuit detects the differential current above the threshold), but the AI monitoring system classifies the relay as not-operating when the relay is in fact issuing a trip command — or, in a scenario where the relay itself has an AI-classified threshold that the adversarial display image is upstream of, the adversarial display causes the AI to suppress a relay pre-alarm that would have triggered operator investigation before the fault escalated. If the internal winding fault is not isolated, the arc energy in the transformer tank vaporises insulating oil (transformer mineral oil dielectric), igniting an oil fire; transformer tank overpressure from rapid oil vapour generation causes tank rupture or explosion (a Buchholz relay trip — the gas-oil relay detecting dissolved gas from the arc — is the backup protection, but requires seconds to minutes versus the 20–100 ms differential relay trip time). Transformer fires at transmission substations have burned for hours before suppression, causing transformer losses valued at $5–50M per transformer and requiring 12–24 months for replacement of large power transformers (which have long manufacturing lead times). IEEE C37.113-2015 Section 5.5 (Transformer Protection) describes transformer differential protection application principles — but does not address adversarial robustness requirements for AI systems classifying rendered differential relay characteristic plot images.

2. Distance relay zone impedance calculation display AI (SEL-421 distance relay AI, GE D60 distance relay display AI, ABB REL670 distance protection display AI, Siemens 7SA82/84/86/87 distance relay AI — transmission line distance protection zone impedance measurement and operating characteristic display AI)

The transmission line distance protection relay — the primary protection element for high-voltage transmission lines — detects faults on the protected line by measuring the apparent impedance seen by the relay at the relay location (the ratio of the measured voltage to the measured current, in ohms, representing the electrical impedance from the relay measurement point to the fault location). The relay is configured with multiple zones of protection — Zone 1 (the instantaneous trip zone, typically covering 80–85% of the protected line length, with a trip time of 15–50 ms), Zone 2 (covering 100–120% of the protected line, with a time delay of 0.3–0.5 s to coordinate with Zone 1 protection at the remote end), and Zone 3 (backup protection covering 120–200% of adjacent lines, with a time delay of 0.8–1.5 s) — based on the impedance of the protected line segment measured in the impedance (R-X) plane. A fault anywhere on the protected line segment causes the apparent impedance seen by the relay to fall within the Zone 1 or Zone 2 circle on the impedance plane; the relay trips the line circuit breaker within the zone delay time. Zone 3 protection is the most consequential for system cascade events: a Zone 3 trip caused by an apparent impedance that falls within the Zone 3 boundary — from a heavy load condition (high current, depressed voltage) rather than an actual fault on the Zone 3-protected lines — trips a healthy line and contributes to the cascade. The Northeast 2003 blackout included multiple instances of Zone 3 overreach (apparent impedance entering the Zone 3 boundary from heavy load current after the cascade had already begun) contributing to the cascade of line trips. AI systems process rendered images of the distance relay impedance measurement display — the R-X impedance plane plot showing the current apparent impedance operating point relative to the Zone 1, Zone 2, and Zone 3 characteristic circles or polygons — to classify distance protection status: normal (impedance in load region, well outside Zone 3 boundary), load-encroachment (impedance approaching Zone 3 boundary from heavy load — risk of Zone 3 overreach trip), zone-2-operate (impedance within Zone 2 — fault on protected line, verify Zone 1/Zone 2 coordination), and zone-1-operate (impedance within Zone 1 — fast trip, verify correct relay operation).

An adversarial perturbation targeting the distance relay impedance display AI applies a ±10 DN shift to the pixel region encoding the apparent impedance operating point in the rendered R-X plane display image — shifting the apparent operating point from the Zone 2 operating region (apparent impedance at 95% of the protected line impedance, in the Zone 2 operate circle but outside Zone 1 — indicating a fault near the remote end of the protected line, requiring a 0.3–0.5 s delayed trip) to the Zone 3 or load region (apparent impedance shifted outward on the R-X plane to outside Zone 2 — indicating no fault detected, impedance consistent with heavy load rather than a fault). The AI classifies a fault near the remote end of the protected line — a phase-to-ground fault at 90% of the line length, with apparent relay impedance at the relay at 88% of the line positive-sequence impedance — as load current or external fault rather than Zone 2 fault. The relay’s backup Zone 2 trip for this fault is inhibited by the AI classification (in an AI-assisted relay system where the AI decision gates the relay trip command); the fault current continues flowing through the faulted line segment. As fault current continues, the faulted line heats to its thermal limit in seconds to minutes; adjacent lines receiving the redistributed load from the faulted segment overstress their Zone 3 boundaries; the cascade scenario identified in the Northeast 2003 final NERC/DOE report — in which inadequate situational awareness and delayed corrective action allowed overloaded lines to trip successively — can develop. NERC PRC-025-2 (Protection System and Remedial Action Scheme Misoperations) requires that protection system misoperations be reported, analysed, and corrected — but defines misoperation as an incorrect relay operation of the hardware relay device, not as adversarial AI suppression of the relay HMI display classification. IEEE C37.113-2015 Section 4 (Distance Relay Application Guidelines) specifies Zone 1, 2, 3 setting principles — but does not address adversarial robustness for AI systems classifying rendered relay impedance characteristic display images. Free tier — 10 scans/day, no card required.

3. Bus differential protection display AI (ABB REB670 busbar differential display AI, SEL-487B bus differential relay display AI, GE B90 bus differential display AI, Siemens 7SS85 busbar protection display AI — high-voltage busbar differential protection operating characteristic display AI)

The busbar — the copper or aluminium conductor assembly at a substation that connects all incoming and outgoing circuits to a common point, distributing power between the transmission lines and transformers connected to that substation — is the most critical structural element at a transmission substation: a busbar fault (a phase-to-phase or phase-to-ground arc on the busbar itself) causes all circuits connected to the faulted bus to supply fault current simultaneously into the fault point, producing an arc with thermal power proportional to the sum of all connected source currents. At a large transmission substation with 10–20 connected circuits each capable of supplying 10–50 kA fault current, the busbar arc thermal power can be 50–500 MW in the first hundred milliseconds — producing an explosion of vaporised copper, ionised plasma, and pressure wave that destroys the busbar structure and can ignite the oil-insulated equipment in the adjacent transformer bays. Bus differential protection — implemented by comparing the algebraic sum of all currents flowing into the busbar (from all connected sources: generators, transformer secondary feeds, cable circuits) against all currents flowing out (to all connected loads and outgoing lines), with the differential current equal to zero for external faults and non-zero for internal busbar faults — detects and isolates busbar faults by tripping all circuit breakers connected to the faulted bus within 10–20 ms (fast enough to limit arc energy to below the busbar structure destruction threshold in most cases). AI systems process rendered images of the bus differential relay display — the differential current magnitude and direction display on the busbar protection system HMI, showing the individual current contributions from each connected circuit and the total restraint and differential currents — to classify busbar protection status: normal (differential current below pickup threshold, all circuit currents consistent with the bus load balance), pickup-threshold (differential current approaching the relay pickup threshold — potential CT saturation or connection error, investigate), and busbar-fault (differential current above pickup threshold — relay should have tripped; if not, annunciate relay/breaker failure).

An adversarial perturbation targeting the bus differential protection display AI applies a ±8 DN suppression to the pixel region encoding the differential current bar or vector in the rendered HMI display image — reducing the apparent differential current from above-pickup-threshold (rendered in red, numerical differential current value 0.8–1.2 per-unit of relay pickup, indicating a bus fault in progress) to below-threshold (rendered in green, numerical value 0.05–0.10 per-unit, consistent with CT measurement error or normal unbalance). The AI classifies an active busbar arc fault — a phase-to-ground arc fault at the 345 kV busbar of a major transmission substation, with differential current from 8 connected circuits summing to 1.05 per-unit of the relay pickup threshold — as no-fault, normal differential balance. In an AI-gated system, the trip command to all connected circuit breakers is delayed or suppressed; the bus arc continues for additional tens to hundreds of milliseconds beyond the design trip time. Additional arc energy produces additional plasma and pressure: busbar structural damage that would have been limited to the arc flash zone (a localised section of the busbar structure) with a 15 ms trip time can extend to multiple adjacent bays or the entire substation yard with a 100+ ms arc duration. The consequence of a major transmission substation busbar fault with delayed or failed bus differential protection includes: destruction of 5–15 circuit bay structures at the substation (estimated replacement cost: $20–150M per substation); loss of all transmission lines and transformers connected to the faulted bus, producing a regional supply deficit; and a blackout affecting the load area supplied through that substation. NERC PRC-001-2 requires that transmission owners coordinate protection system settings — but does not specify adversarial robustness requirements for AI systems classifying rendered bus differential relay HMI display images. Free tier — 10 scans/day, no card required.

4. Frequency/ROCOF under-frequency load shedding relay display AI (SEL-351S UFLS relay display AI, GE F650 frequency relay display AI, ABB REF615 frequency relay display AI, Siemens 7SL82 frequency relay display AI — under-frequency and ROCOF load shedding relay activation display AI)

Under-frequency load shedding (UFLS) — the automatic disconnection of pre-assigned blocks of electrical load when system frequency falls below defined frequency thresholds (typically 59.5, 59.0, and 58.5 Hz in the 60 Hz NERC systems; 49.0, 48.8, and 48.5 Hz in European 50 Hz systems), triggered by under-frequency relays or ROCOF (rate-of-change-of-frequency) relays at distribution substations — is the last-resort automated mechanism to arrest frequency decline in a power system experiencing a generation-load imbalance. When a large generation unit trips suddenly (or multiple units trip in rapid succession during a cascade event), the remaining generators decelerate under the excess load; system frequency declines at a rate determined by the system inertia. If the frequency decline is not arrested by governor response (generator speed governors increasing fuel input in 10–30 seconds) and by UFLS load shedding (shedding load in blocks of 5–15% of total demand at each frequency threshold step), the system frequency can reach the under-frequency protection setpoints of the generators themselves (typically 57.5–58.0 Hz for 60 Hz generators, at which point the generator protection trips the unit offline to protect the turbine blades from resonant vibration) — producing a cascading generator trip cascade that results in complete system collapse. AI systems process rendered images of the UFLS relay display on the distribution substation control panel — the frequency measurement display (Hz value with graphical trend over the last 60 seconds), the ROCOF display (Hz/s rate of change), and the relay status display (armed, threshold 1 activated, threshold 2 activated, threshold 3 activated) — to classify UFLS system status: normal (frequency above 59.5 Hz / 49.0 Hz, UFLS not activated), pre-emergency (frequency 59.5–59.7 Hz / 49.0–49.2 Hz — approaching UFLS threshold 1, monitor closely), threshold-1-activated (UFLS has shed the first block of load at frequency threshold 1 — verify circuit breakers opened, monitor frequency response), and threshold-2/3-activated (UFLS has shed second or third load blocks — severe system emergency, notify control centre).

An adversarial perturbation targeting the frequency relay display AI applies a ±10 DN elevation shift to the pixel region encoding the system frequency numerical value in the rendered relay display image — shifting the apparent system frequency from the UFLS-triggering range (frequency at 59.3 Hz and declining at 0.3 Hz/s, in the zone below the threshold-1 UFLS activation setpoint of 59.5 Hz — rendered with red frequency indicator and threshold-1 alarm on the relay display) to the pre-emergency or normal range (displayed as 59.7 Hz, above the UFLS threshold-1 setpoint — rendered in yellow or green). The AI classifies a power system in the early stage of a frequency collapse — following the simultaneous trip of two 500 MW generating units from a grid protection operation, with system frequency declining from 60.0 Hz at 0.3 Hz/s — as frequency above UFLS threshold-1, no load shedding required. In an AI-gated UFLS activation system where the AI confirmation is required before the UFLS relay can shed load, the UFLS load shedding for threshold-1 is delayed by the AI classification; frequency continues to decline. At the 59.0 Hz UFLS threshold-2 level (reached approximately 1.7 seconds after threshold-1, at 0.3 Hz/s decline rate), threshold-2 UFLS activates, shedding the combined threshold-1 + threshold-2 load simultaneously; the sudden large block load shedding may cause frequency to overshoot above 60 Hz (over-frequency from excess load shedding), triggering generator over-frequency trips. The India blackout of July 30–31, 2012 — 620 million people, the largest blackout in human history — was driven in part by insufficient under-frequency load shedding: the Indian grid’s UFLS implementation provided inadequate load relief at the 49.0 Hz threshold because many UFLS relays had been bypassed or misconfigured, allowing frequency to decline to values that triggered generator protection trips, causing the cascade to become uncontrollable. NERC Standard EOP-006-3 (Loss of Control Centre Functionality) and NERC Standard EOP-010-2 (Evaluation of Real-Time Reliability Conditions) address system frequency emergency procedures — but do not specify adversarial robustness requirements for AI systems classifying rendered UFLS relay frequency display images. Free tier — 10 scans/day, no card required.

Integration: substation protection relay AI with Glyphward pre-scan gate

The Glyphward scan gate for power substation protection relay AI belongs at every rendered-image ingestion boundary in the relay monitoring and decision pipeline — before transformer differential relay phasor display AI processes rendered characteristic plot images, before distance relay impedance display AI processes rendered R-X plane images, before bus differential protection display AI processes rendered HMI differential current images, and before frequency/ROCOF relay display AI processes rendered frequency trend and activation display images. Threshold 30 for substation protection relay AI reflects the catastrophic consequence of a protection relay failure contributing to a grid cascade — the Northeast 2003 blackout (50 million people, $6 billion loss) and the India 2012 blackout (620 million people) establish the scale of harm from protection monitoring failures — combined with multiple independent non-AI protective layers: the protection relay hardware operates independently of the AI monitoring system in most existing deployed relay architectures (the relay hardware’s own current/voltage measurement and trip logic is independent of the AI display classification, and would operate correctly even if the AI display is adversarially manipulated); NERC-mandated backup relay schemes (Zone 2 time-delayed protection provides backup for Zone 1 failure; remote backup at the opposite line terminal provides backup for local relay failure); and transmission system operator (TSO) manual switching authority (operators at the energy control centre can manually trip circuit breakers and re-route load even when AI monitoring systems are unavailable or compromised). These independent layers justify threshold 30 rather than 25 (single-barrier AI contexts). The cascade blackout scale consequence (tens to hundreds of millions of people) keeps the threshold at 30 rather than 35 (consequences with more contained geographic scope).

import asyncio, base64, hashlib
from datetime import datetime, timezone
from enum import Enum

import httpx

GLYPHWARD_API_KEY = "YOUR_GLYPHWARD_API_KEY"
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Power substation protection relay AI contexts: threshold 30
# NERC CIP-014-2 (Physical Security of Transmission);
# NERC PRC-001-2 (Protection System Coordination);
# NERC PRC-025-2 (Protection System Misoperations);
# IEEE C37.113-2015 (Protective Relay Applications to Transmission Lines);
# IEEE C37.110-2007 (Current Transformers for Protective Relaying).
RELAY_PROTECTION_THRESHOLD = 30


class RelayProtectionAIContext(Enum):
    TRANSFORMER_DIFF   = "transformer_diff"   # Transformer differential relay AI
    DISTANCE_IMPEDANCE = "distance_impedance" # Distance relay zone impedance AI
    BUS_DIFFERENTIAL   = "bus_differential"   # Busbar differential protection AI
    FREQ_ROCOF_UFLS    = "freq_rocof_ufls"   # Frequency/ROCOF UFLS relay AI


class AdversarialRelayProtectionImageError(Exception):
    """Raised when Glyphward detects adversarial content in a substation
    protection relay AI rendered monitoring image above threshold 30.

    Consequence if not raised:
    - TRANSFORMER_DIFF: internal winding fault differential current suppressed
      → relay trip inhibited → arc fault in transformer tank continues →
      transformer oil fire / tank explosion; $5–50M transformer loss; 12–24
      month replacement lead time for large transmission transformers.
    - DISTANCE_IMPEDANCE: Zone 2 fault impedance shifted to load region →
      delayed fault clearance on protected line → line thermal damage →
      adjacent line overload → Zone 3 overreach cascade; Northeast 2003
      structural parallel (50M people, $6B loss from cascading line trips).
    - BUS_DIFFERENTIAL: busbar arc fault differential current suppressed →
      delayed bus trip → arc energy exceeds busbar structure design limit →
      multi-bay busbar destruction → regional supply loss ($20–150M).
    - FREQ_ROCOF_UFLS: UFLS threshold-1 frequency suppressed above setpoint →
      threshold-1 load shedding delayed → frequency continues declining →
      generator under-frequency protection trips → cascade generator loss →
      system blackout; India 2012 structural parallel (620M people).
    Fail-safe: immediately notify protection engineers and TSO operations;
    require independent reading of physical relay current/frequency displays
    or SCADA historian values (not AI-classified display images); do not rely
    on AI relay display classification for any trip/no-trip decision pending
    adversarial investigation. Relay hardware itself (independent of AI) will
    continue to operate correctly; the adversarial risk is in AI-gated relay
    supervision or AI-assisted operator decision-making layers above the relay.
    """

    def __init__(self, scan_id, score, context, substation_id, element_id,
                 flagged_region=None):
        self.scan_id = scan_id
        self.score = score
        self.context = context
        self.substation_id = substation_id
        self.element_id = element_id
        self.flagged_region = flagged_region
        super().__init__(
            f"Adversarial relay protection image: context={context.value} "
            f"score={score} substation={substation_id} element={element_id} "
            f"scan_id={scan_id}"
        )


async def scan_relay_protection_image(image_bytes, context, substation_id,
                                       element_id, client):
    image_hash = hashlib.sha256(image_bytes).hexdigest()
    payload = {
        "image": base64.b64encode(image_bytes).decode(),
        "source": f"relay:{context.value}:{substation_id}:{element_id}",
        "metadata": {
            "substation_id": substation_id,
            "element_id": element_id,
            "context": context.value,
            "image_sha256": image_hash,
            "scan_timestamp_utc": datetime.now(timezone.utc).isoformat(),
        },
    }
    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json=payload,
        timeout=4.0,
    )
    resp.raise_for_status()
    result = resp.json()
    if result["score"] >= RELAY_PROTECTION_THRESHOLD:
        raise AdversarialRelayProtectionImageError(
            scan_id=result["scan_id"],
            score=result["score"],
            context=context,
            substation_id=substation_id,
            element_id=element_id,
            flagged_region=result.get("flagged_region"),
        )
    return result

Deploy scan_relay_protection_image before each protection relay AI classification call. On AdversarialRelayProtectionImageError for TRANSFORMER_DIFF: immediately verify the actual relay hardware status from the physical relay panel or SCADA historian; notify the protection engineer and control centre; do not rely on the AI display classification to determine whether the relay is in the operate or restrain region. On AdversarialRelayProtectionImageError for FREQ_ROCOF_UFLS: immediately read the physical frequency meter at the affected substation or query the TSO’s EMS (Energy Management System) phasor data historian for actual system frequency; notify the TSO operations centre to enable manual UFLS if frequency is in the emergency range. See also: gas turbine combined cycle power plant AI prompt injection (related power generation AI adversarial surfaces) and free scanner — 10 scans/day, no card required. Get early access

Related questions

What caused the Northeast US Blackout of August 14, 2003 and how did relay monitoring failures contribute?

The Northeast US Blackout of August 14, 2003 — which left 50 million people in 8 US states and Ontario, Canada without power for up to 4 days and caused an estimated $6 billion in economic losses — was initiated by a series of events in the FirstEnergy Corporation (FE) territory in Ohio. The initiating events included: failure of FE’s Eastlake 5 generating unit (680 MW) at 13:31 EDT; failure of the FE EMS (Energy Management System) alarm processing software at 14:14 EDT due to a software bug (a race condition in the alarm processing thread that caused the alarm display to stop updating, leaving operators without alarm information while the system continued to record events in the historian); and a series of transmission line contacts with untrimmed trees (the Chamberlin-Harding 345 kV line at 15:05, the Hanna-Juniper 345 kV line at 15:32, the Star-South Canton 345 kV line at 15:41) that tripped the lines from correctly operating distance protection relays. The EMS alarm failure meant that operators at the FE control centre were unaware that these lines had tripped and did not take corrective action to redistribute load before the remaining lines became overloaded. After 15:41, the cascade spread rapidly beyond Ohio to Michigan, New York, Pennsylvania, New Jersey, Connecticut, Massachusetts, and Vermont — involving over 500 generating units at 256 power plants tripping in the subsequent 10 minutes. The NERC-DOE final report (August 2004) identified the FE EMS alarm failure as the critical factor that prevented operators from recognising and responding to the developing disturbance — a monitoring system failure that is structurally analogous to adversarial pixel suppression in relay display AI: both cause the monitoring system to present an incorrect status to operators at the moment when corrective action would have prevented cascade escalation.

What is transformer differential protection and why must it operate within 20-100 ms?

Transformer differential protection is the primary protection scheme for power transformers, operating on the principle that under normal operation or for faults external to the transformer, the current flowing into the high-voltage winding equals the current flowing out of the low-voltage winding (scaled by the turns ratio). An internal fault (arc or winding failure within the transformer tank) creates additional current flowing into the transformer from both sides toward the fault point, causing a differential current above the relay pickup threshold. The relay compares the scaled primary and secondary currents in real time: if the differential current Id exceeds the operating threshold (typically 15–30% of rated transformer current), the relay issues a trip command to both the primary (HV side) and secondary (LV side) circuit breakers. The 20–100 ms trip time requirement is determined by the thermal energy of the arc fault in the transformer tank: at a fault current of 10–50 kA and arc voltage of 1–10 kV, the arc power is 10–500 MW; transformer oil ignites when the arc energy raises the local oil temperature above the oil flash point (approximately 160–185°C for mineral transformer oil); and transformer oil fires can accelerate to involve the entire transformer tank and adjacent equipment within 30–120 seconds of ignition. A trip delay from 20–50 ms (design) to 200–500 ms (adversarially delayed) can mean the difference between a fault contained to the transformer windings (repairable) and a transformer oil fire (total loss, 12–24 month replacement lead time, $5–50M cost). IEEE C37.113 Section 5.5 specifies transformer differential relay coordination — including the percentage differential characteristic to prevent misoperation during external faults with CT saturation — but does not address adversarial robustness for AI relay monitoring systems.

What is ROCOF (rate-of-change-of-frequency) protection and how does it relate to under-frequency load shedding?

ROCOF (Rate-of-Change-of-Frequency) protection detects rapid frequency changes in the power system that indicate a sudden generation-load imbalance, providing a faster initial response to system emergencies than simple under-frequency protection. The system frequency rate of change (df/dt, in Hz/s) is directly proportional to the generation deficit: df/dt = −(ΔP / (2H × S>base)), where ΔP is the power imbalance (MW), H is the system inertia constant (MWs/MVA), and S>base is the system MVA base. For a modern power system with declining inertia (increasing renewable generation with no rotating inertia), the ROCOF for a given generation deficit event is higher than for a synchronous-generator-dominated grid: a 2,000 MW generation deficit in a system with H = 4 s produces df/dt of approximately 0.3–0.5 Hz/s; the same deficit in a system with H = 2 s (higher renewable penetration) produces df/dt of approximately 0.6–1.0 Hz/s, reaching the UFLS threshold-1 (59.5 Hz) in 0.5–2.0 seconds rather than 1.0–4.0 seconds. ROCOF relays detect this rapid frequency change and can trigger load shedding faster than simple under-frequency relays (which wait for the frequency to actually reach the threshold before tripping). The adversarial injection risk for ROCOF relay display AI is that an adversarial elevation of the displayed frequency (making a declining 59.3 Hz appear as 59.7 Hz) also suppresses the ROCOF gradient (a declining frequency trend appearing as a stable frequency) — preventing both the under-frequency threshold detection and the ROCOF rate-of-change detection from triggering the correct UFLS response. NERC Standard EOP-010-2 (Evaluation of Real-Time Reliability Conditions) requires TSOs to monitor system frequency continuously and initiate emergency load shedding when frequency reaches defined thresholds — without specifying adversarial robustness for AI systems classifying rendered frequency display images.

What are NERC reliability standards for protection relay coordination and what do they require?

NERC (North American Electric Reliability Corporation) reliability standards relevant to power substation protection relay performance include: NERC PRC-001-2 (Establishment and Communication of Needs by Transmission Owners and Generator Owners) requires that transmission owners and generator owners establish and communicate protection system needs to the applicable transmission operator — but defines “needs” in terms of relay settings coordination requirements, not AI system requirements. NERC PRC-025-2 (Protection System and Remedial Action Scheme Misoperations) requires that transmission owners, generator owners, and distribution providers analyse and report protection system misoperations and implement corrective actions; a “misoperation” is defined as an operation (or non-operation) of protection system equipment that is not in accordance with its documented design intent — but this definition applies to hardware relay misoperations, not to AI display classification errors that influence operator decision-making above the relay hardware layer. NERC CIP-014-2 (Physical Security) requires transmission owners to assess and protect their critical transmission facilities against physical attacks that could damage equipment and cause regional system instability — explicitly addressed at physical threats, not adversarial AI attacks on relay monitoring display systems. NERC CIP-013-2 (Supply Chain Risk Management) requires entities to manage cybersecurity risks in the supply chain for industrial control systems — the closest NERC standard to addressing AI system security, but focused on vendor supply chain integrity rather than adversarial pixel perturbation of rendered relay display images. None of the NERC reliability standards explicitly address adversarial AI attacks on relay monitoring system displays.

Why is Glyphward threshold 30 for power substation protection relay AI rather than 25 or 35?

Threshold 30 for substation protection relay AI reflects the catastrophic grid cascade scale consequence (Northeast 2003: 50 million people, $6 billion; India 2012: 620 million people) combined with the critical architectural distinction that in most current deployed relay systems, the relay hardware operates independently of any AI monitoring display: the SEL, GE, ABB, or Siemens relay hardware has its own current measurement, phasor calculation, and trip logic that operates correctly regardless of what any AI display classification says. The adversarial injection risk is therefore primarily at the AI-assisted operator decision-making layer (where operators use AI display classification to decide whether to intervene before the relay operates) and at emerging AI-gated relay architectures (where AI confirmation is required before a relay trip command is executed — a design pattern not yet dominant but developing as utilities deploy AI relay monitoring). These independent relay hardware layers justify threshold 30 rather than 25 (single-barrier AI contexts). The potential cascade blackout scale and duration (days of blackout for 50–620 million people) keep the threshold at 30 rather than 35 (consequences with more contained geographic scope or shorter duration). If the AI-gated relay design pattern becomes dominant, the threshold should be revisited toward 25.