Why does ICS AI use threshold 40 rather than 35?

Threshold 40 for ICS AI reflects that most ICS AI adversarial injection consequences affect production economics rather than immediate human life, and that IEC 62443-compliant OT network segmentation reduces injection pathway accessibility. The cobot safety vision context (ISO/TS 15066, IEC 62061 SIL 2) is the exception, but cobot environments have supplementary physical safety measures (light curtains, physical guarding) that provide partial mitigation absent in ATC and surgical robotics contexts.

What IEC 62443 security requirements address AI adversarial robustness in OT?

IEC 62443-3-3 does not address AI adversarial robustness in any current Security Requirement (SR) category. ISA99 Working Group 4 is developing AI security guidance through ISA-TR62443-1-1, but no normative adversarial ML requirement exists as of 2026. The IIC AI Security Framework 2.0 and ENISA AI Security Guidelines for OT address adversarial ML conceptually without implementation-level requirements.

Does a Glyphward scan gate add impractical latency for real-time cobot safety vision?

Glyphward API p95 latency of 150-250ms adds approximately 37.5-62.5mm to the ISO/TS 15066 minimum protective separation (MPS) at 250mm/s cobot speed — accommodated by increasing the collaborative workspace safety zone boundary by this margin. The practical deployment is 1 scan per 5 frames at 30fps with cached clean-frame classification for intermediate frames, keeping the cobot at SSM reduced velocity throughout. At 6 scans/second for a 6,000 hr/year cobot cell, scan volume is within the Glyphward Pro tier 100k scans/month limit.

Industrial vision inspection AI · SCADA / DCS process AI · predictive maintenance AI · cobot safety vision AI · IEC 62443

Prompt injection in smart manufacturing and ICS AI

Q: How does adversarial pixel injection reach an ICS AI system if the OT network is air-gapped?

Three injection pathways operate within IEC 62443 OT segmentation: (1) USB media transfer of inspection model updates and calibration reference images; (2) ERP-to-MES data integration that carries inspection reference images through the Purdue DMZ; (3) vendor remote access for AI model calibration and updates from KLA, Cognex, ABB, Siemens, and Honeywell. All three pathways are within-boundary injection routes that do not require crossing the IT/OT network demarcation. MITRE ATT&CK for ICS T0862 (Supply Chain Compromise) documents this injection pathway class.

Q: How does adversarial injection in predictive maintenance AI differ from conventional ICS sensor spoofing?

Conventional sensor spoofing targets the raw sensor signal at the transducer, field wiring, or serial protocol layer. Adversarial injection in predictive maintenance AI targets the rendered FFT spectrogram visualization of correct sensor data, after the data reaches the visualization layer and before the AI classifier receives the image. The underlying vibration measurement is accurate; the attack operates within the AI processing pipeline between render and classification. Conventional ICS intrusion detection (Dragos, Claroty, Nozomi) does not monitor rendered image integrity at AI classification boundaries.

Modern manufacturing and industrial control system (ICS) environments deploy artificial intelligence across four distinct layers of the production and safety architecture: machine vision for inline quality inspection, AI-assisted SCADA and distributed control system (DCS) dashboards for process anomaly monitoring, predictive maintenance AI that classifies vibration and thermal spectrograms to forecast equipment failure, and collaborative robot (cobot) safety vision systems that enforce ISO/TS 15066 safety zones around human workers. Each of these layers processes images — rendered inspection frames, synthetic SCADA display screenshots, spectrogram visualizations, and real-time depth camera frames — at an AI classification boundary that is exposed to adversarial pixel perturbation. The global smart manufacturing market handled approximately $260 billion in revenue in 2025 (MarketsandMarkets, 2025), with AI-based quality inspection deployed at more than 60% of top-tier automotive assembly facilities (McKinsey Global Institute, 2024 Manufacturing AI Index) and semiconductor fabs running wafer inspection AI on 100% of production wafers at the 3nm and 5nm process nodes where a single undetected defect propagates to entire wafer yield loss. The ICS cybersecurity regulatory framework — IEC 62443 (Industrial Automation and Control Systems Security), NIST SP 800-82 (Guide to Industrial Control Systems Security, rev. 3), and ISA/IEC 62443-3-3 (System Security Requirements and Security Levels) — establishes Security Levels 2 and 3 as the requirement baseline for process-control systems in continuous-process industries (petroleum refining, chemical production, pharmaceutical manufacturing) and discrete manufacturing. However, the adversarial ML robustness requirements for AI components operating within ICS environments are not addressed by the existing IEC 62443 framework, creating a gap between OT cybersecurity compliance and the runtime adversarial injection risk that multimodal AI introduces into safety-rated production environments.

TL;DR

Industrial vision inspection AI, SCADA/DCS AI monitoring dashboards, predictive maintenance spectrogram AI, and cobot safety zone vision AI all process images at AI classification boundaries within IEC 62443 OT environments. Adversarially crafted images can suppress yield-critical defect alerts, corrupt process anomaly detection, mask equipment failure signatures, and disable cobot safety-stop functions — at a threshold of 40 across all ICS AI contexts, reflecting the high-consequence industrial safety environment. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in smart manufacturing and ICS AI

1. Inline vision inspection AI — semiconductor wafer, automotive, and pharmaceutical quality gates

Machine vision quality inspection AI represents the highest-volume imaging pipeline in industrial AI: TSMC’s 3nm and N5P process nodes run KLA Instruments CIRCL AI-based die-level defect inspection on 100% of production wafers, processing wafer surface scans at 300mm diameter with sub-nanometer resolution at throughput rates of 200–300 wafers per hour per inspection station. The inspection AI classifies defect types (particle contamination, bridging, opens, CMP dishing, EUV stochastic printing defects) from brightfield and darkfield optical scans rendered as 2D intensity maps — grayscale or false-color images in which pixel intensity encodes surface reflectance anomaly at each wafer location. The defect classification neural network operates on these rendered inspection images, classifying each die region into pass/fail/disposition categories. In automotive assembly, Cognex ViDi vision AI and Keyence AI-based inspection systems classify painted surface defects (orange peel, sink marks, runs, scratches) on body panels from structured-light camera frames in real time at the end-of-line quality gate, with false-negative miss rates targeted below 0.5 per 100,000 panels under the AIAG CQI-23 painted surface quality standard.

An adversarial pixel perturbation embedded in the inspection image — a structured noise pattern superimposed on the raw camera frame before AI classification — can cause the defect detection network to misclassify a defect-present die region as defect-free, bypassing the quality gate and passing a non-conforming component into the production flow. In semiconductor manufacturing, a single DRAM or logic die that passes an adversarially corrupted wafer inspection AI but carries a latent EUV stochastic defect propagates into field failure when the manufactured chip reaches the end customer — a field return event with downstream liability exposure under IPC-A-610 acceptance requirements and, in automotive-grade semiconductor supply (AEC-Q100 qualified product), under IATF 16949:2016 customer complaint resolution requirements. The adversarial injection surface for inline vision inspection AI is the rendered image input to the classification model — the same rendered inspection frame that a conventional adversarial example attack would target, now accessible in an industrial environment where networked inspection stations receive image streams from production equipment over OT network segments governed by IEC 62443-3-3 Security Level 2.

2. SCADA and DCS AI process anomaly monitoring dashboards

Supervisory Control and Data Acquisition (SCADA) and Distributed Control System (DCS) platforms — Siemens SIMATIC PCS 7, Honeywell Experion PKS, ABB System 800xA, Yokogawa Centum VP, Emerson DeltaV — have deployed AI-based process anomaly detection across continuous-process industries including petroleum refining (crude distillation unit AI, FCC AI, hydrocracker AI), chemical production (reactor temperature profile AI, distillation column flooding prediction AI), and pharmaceutical manufacturing (bioreactor dissolved oxygen AI, lyophilizer cycle AI). These AI components process rendered SCADA display screenshots — synthetic control room displays showing trend charts, PID controller output traces, process flow diagrams with live values overlaid, and alarm annunciator panels — as inputs to AI classification models that detect anomalous process patterns. The AI processes the rendered dashboard image rather than the underlying process data stream directly, because SCADA AI vendors have built anomaly detection products that analyze operator display renders as a deployment-agnostic approach that does not require integration into the SCADA historian or process data bus.

An adversarial perturbation in the rendered SCADA dashboard image — a structured pixel modification that shifts the apparent trend line of a critical process variable (reactor temperature, vessel pressure, flow rate) in the rendered chart display — can cause the AI anomaly detection model to misclassify a developing process upset as normal operation. In a petroleum refinery FCC (fluid catalytic cracker) unit, a reactor temperature excursion that is not detected by the AI anomaly model — because the rendered trend chart displaying the rising temperature profile has been adversarially perturbed to appear flat — can propagate to an afterburn event in the regenerator that causes equipment damage and, at the extreme of the distribution, a fire or explosion event. The IEC 62443-3-3 Security Level 2 requirements for SCADA networks address network segmentation, authentication, and access control; they do not address adversarial ML robustness for AI components that process rendered display images as their primary input modality.

3. Predictive maintenance AI — vibration and thermal spectrogram classification

Industrial predictive maintenance AI — deployed on rotating equipment (centrifugal compressors, gas turbines, large electric motors, cooling tower fans) and static equipment (heat exchangers, pressure vessels) — classifies machine health state from vibration spectrogram images and thermal infrared camera frames. Emerson’s AMS Machinery Manager AI, SKF Enlight AI, Honeywell Forge Condition Monitoring AI, and Siemens Sievert AI all process Fast Fourier Transform (FFT) vibration spectrogram renders — frequency-domain images in which horizontal axis represents vibration frequency (0–25,600 Hz typical range), vertical axis represents spectral amplitude, and characteristic fault frequency peaks (inner race defect frequency, outer race defect frequency, ball pass frequency, sub-synchronous instability patterns) appear as amplitude spikes at predictable locations based on rotating equipment geometry — through a convolutional neural network that classifies machine health into categories including normal, imbalance, misalignment, bearing defect, looseness, and cavitation. The AI model classifies the rendered spectrogram image rather than the raw vibration signal directly, because the rendered image is the input format most consistent with human expert interpretation and the format used to build the training corpus from historical maintenance records.

A targeted adversarial perturbation on the rendered FFT spectrogram image — suppressing the amplitude representation of a characteristic inner race defect frequency peak — can cause the predictive maintenance AI to misclassify a bearing in early failure as healthy, preventing the maintenance work order that would allow planned bearing replacement during the next scheduled outage window. Undetected bearing failure in a large industrial centrifugal compressor (a $2M–$20M capital asset in a petroleum refinery or chemical plant) progresses from early defect to catastrophic failure within 2–8 weeks of the first detectable vibration signature, with catastrophic failure involving shaft deflection, seal damage, and potentially casing breach — a process safety event under OSHA 1910.119 Process Safety Management (PSM) regulations and EPA Risk Management Program (RMP) requirements for processes involving highly hazardous chemicals above threshold quantities. The adversarial injection surface for predictive maintenance AI is the rendered spectrogram visualization — precisely the image format that a Glyphward pre-scan gate intercepts before AI classification.

4. Collaborative robot (cobot) safety vision AI — ISO/TS 15066 safety zone enforcement

Collaborative robot deployments — Universal Robots UR10e/UR16e, ABB YuMi, KUKA LBR iiwa, Fanuc CRX series, OMRON TM series — in automotive assembly, electronics manufacturing, and pharmaceutical packaging use depth camera and RGB-D vision AI to enforce ISO/TS 15066 power-and-force-limiting (PFL) and speed-and-separation-monitoring (SSM) collaborative operation modes. In SSM mode, the cobot safety controller continuously monitors the separation distance between the robot’s moving links and any detected human worker in the collaborative workspace, reducing robot velocity as a function of separation distance to maintain minimum protective separation (MPS) compliance. The safety vision AI — Intel RealSense D415/D435-based or SICK SafeVisionary2-based depth classification — processes depth camera frames (rendered as false-color depth maps or point cloud visualizations) through a safety-rated human detection and distance estimation AI model. The safety AI’s classification output directly controls the cobot safety controller’s velocity scaling and protective stop functions — it is a safety-rated function under IEC 62061 (Functional Safety of Machinery) and ISO 13849 (Safety of Machinery — Safety-Related Parts of Control Systems) with a target PL (Performance Level) of PLd or PLe (Safety Integrity Level 2 or 3).

An adversarial perturbation on the depth camera frame — a structured pixel noise pattern that reduces the apparent depth of a detected human operator to below the minimum protective separation threshold — can cause the cobot safety AI to classify the workspace as clear of human presence, disabling the SSM velocity reduction and running the cobot at full programmed speed in a workspace where a human worker is present. ISO/TS 15066 Annex A establishes biomechanical limits for human-robot contact forces; a cobot operating at full programmed speed in an undetected-worker scenario can generate contact forces significantly exceeding those limits. The adversarial injection surface for cobot safety vision AI is the depth camera frame or its rendered visualization — an image input to a safety-rated AI classification function that directly governs physical robot motion.

Integration: ICS AI image scanning with Glyphward pre-scan gate

The Glyphward scan gate for ICS and smart manufacturing AI belongs at the rendered image ingestion boundary before each AI classification step — before the wafer/panel inspection AI receives the rendered inspection frame, before the SCADA AI receives the dashboard screenshot, before the predictive maintenance AI receives the rendered spectrogram, and before the cobot safety AI receives the depth camera frame or rendered depth visualization. Threshold 40 across all ICS AI contexts reflects the high-consequence industrial safety environment, including potential for process safety incidents under OSHA 1910.119 PSM and EPA RMP. The implementation below uses JSONL audit logging with IEC 62443 and ISA-62443-3-3 Security Level references.

import asyncio, base64, hashlib, json
from datetime import datetime, timezone
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = "YOUR_GLYPHWARD_API_KEY"
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# All ICS / smart manufacturing AI contexts: threshold 40
# IEC 62443-3-3 SL-2 and IEC 62061 PLd requirements apply.
ICS_AI_THRESHOLD = 40


class ICSAIContext(Enum):
    WAFER_INSPECTION          = "wafer_inspection"          # Semiconductor wafer defect AI
    PANEL_INSPECTION          = "panel_inspection"          # Automotive painted-surface AI
    PHARMA_VISUAL_INSPECTION  = "pharma_visual_inspection"  # FDA 21 CFR 211.68 visual inspection
    SCADA_ANOMALY             = "scada_anomaly"             # SCADA/DCS process anomaly AI
    PREDICTIVE_MAINTENANCE    = "predictive_maintenance"    # Vibration/thermal spectrogram AI
    COBOT_SAFETY_VISION       = "cobot_safety_vision"       # ISO/TS 15066 SSM depth AI


class AdversarialICSImageError(Exception):
    """Raised when Glyphward detects adversarial pixel content in an ICS
    AI image above threshold 40 (IEC 62443-3-3 SL-2 OT environment).

    Consequence if not raised: defect passed to production flow, process
    anomaly undetected, equipment failure masked, or cobot safety stop
    function disabled.
    """

    def __init__(self, scan_id: str, score: int, context: ICSAIContext,
                 asset_id: str, flagged_region: dict | None = None) -> None:
        self.scan_id = scan_id
        self.score = score
        self.context = context
        self.asset_id = asset_id
        self.flagged_region = flagged_region
        super().__init__(
            f"Adversarial ICS AI image: "
            f"context={context.value} score={score} asset={asset_id} scan_id={scan_id}"
        )


async def scan_ics_ai_image(
    image_bytes: bytes,
    context: ICSAIContext,
    asset_id: str,
    facility_id: str,
    frame_timestamp: str,
    client: httpx.AsyncClient,
) -> dict:
    """Scan an ICS / smart manufacturing AI image for adversarial pixel content.

    Args:
        image_bytes: Rendered inspection frame, SCADA screenshot, FFT
            spectrogram image, or depth camera frame bytes.
        context: ICSAIContext identifying the industrial AI pipeline.
        asset_id: Equipment or inspection asset identifier (e.g., wafer lot ID,
            compressor tag, cobot cell ID).
        facility_id: Plant or facility identifier.
        frame_timestamp: ISO 8601 image capture or render timestamp.
        client: Shared httpx.AsyncClient for connection reuse.

    Returns:
        Glyphward scan result dict.

    Raises:
        AdversarialICSImageError: if score exceeds threshold 40.
        httpx.HTTPStatusError: on Glyphward API error (fail-closed).
    """
    image_hash = hashlib.sha256(image_bytes).hexdigest()
    payload = {
        "image": base64.b64encode(image_bytes).decode(),
        "source": f"ics_ai:{context.value}:{facility_id}:{asset_id}",
        "metadata": {
            "facility_id": facility_id,
            "asset_id": asset_id,
            "frame_timestamp": frame_timestamp,
            "image_sha256": image_hash,
            "context": context.value,
        },
    }
    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json=payload,
        timeout=4.0,
    )
    resp.raise_for_status()
    result = resp.json()

    await _write_ics_scan_audit(
        image_hash=image_hash,
        scan_id=result["scan_id"],
        score=result["score"],
        context=context,
        asset_id=asset_id,
        facility_id=facility_id,
        frame_timestamp=frame_timestamp,
        flagged=result["score"] > ICS_AI_THRESHOLD,
    )

    if result["score"] > ICS_AI_THRESHOLD:
        raise AdversarialICSImageError(
            scan_id=result["scan_id"],
            score=result["score"],
            context=context,
            asset_id=asset_id,
            flagged_region=result.get("flagged_region"),
        )
    return result


async def _write_ics_scan_audit(
    *, image_hash: str, scan_id: str, score: int,
    context: ICSAIContext, asset_id: str, facility_id: str,
    frame_timestamp: str, flagged: bool,
) -> None:
    record = {
        "ts": datetime.now(timezone.utc).isoformat(),
        "scan_id": scan_id,
        "image_sha256": image_hash,
        "context": context.value,
        "score": score,
        "threshold": ICS_AI_THRESHOLD,
        "flagged": flagged,
        "asset_id": asset_id,
        "facility_id": facility_id,
        "frame_timestamp": frame_timestamp,
        "regulatory_refs": [
            "IEC 62443-3-3 (Industrial Automation Security Requirements, SL-2)",
            "NIST SP 800-82 Rev.3 (ICS Security Guide)",
            "ISA-62443-3-3 (System Security Requirements)",
            "IEC 62061 (Functional Safety of Machinery, SIL 2/3)",
            "ISO 13849 (Safety-Related Control Systems, PLd/PLe)",
            "ISO/TS 15066 (Collaborative Robot Safety)",
            "OSHA 1910.119 (Process Safety Management)",
        ],
    }
    audit_path = Path("/var/log/glyphward/ics_ai_scan_audit.jsonl")
    audit_path.parent.mkdir(parents=True, exist_ok=True)
    with audit_path.open("a") as fh:
        fh.write(json.dumps(record) + "\n")

Deploy scan_ics_ai_image at each ICS AI image ingestion boundary: before inline vision inspection AI (threshold 40), before SCADA/DCS AI anomaly dashboard processing (threshold 40), before predictive maintenance spectrogram AI (threshold 40), and before cobot safety zone depth AI (threshold 40). On AdversarialICSImageError or any Glyphward API error: fail-closed — quarantine the image and revert to the appropriate safe state for the context (reject the inspected part to manual re-inspection queue; flag the SCADA anomaly dashboard frame for human operator review; suppress the equipment health update and generate a maintenance alert for human assessment; command the cobot controller to protective stop). Log all quarantine events with IEC 62443 and ISA-62443-3-3 references for OT cybersecurity incident reporting. Get early access

Related questions

Why does ICS AI use threshold 40 rather than the lower threshold of 35 used for ATC and surgical robotics AI?

Threshold 40 for ICS AI reflects two structural differences from the ATC and surgical robotics contexts that use threshold 35. First, most ICS AI adversarial injection consequences — a defective semiconductor die passing inspection, a process anomaly going undetected, an equipment failure masked — affect property and production economics rather than immediate human life. The cobot safety vision context is the exception; it directly governs physical safety functions under ISO/TS 15066 and IEC 62061 SIL 2. However, cobot safety zone AI operates in a controlled factory environment where human workers are trained, aware of the collaborative operation zone, and where physical guarding and light curtain backups typically supplement the AI safety function. The combination of indirect safety consequences (most ICS AI) and supplementary physical safety measures (cobot AI) supports threshold 40 rather than 35. Second, ICS environments typically operate with air-gapped or highly segmented OT network architectures under IEC 62443-3-3 that provide a meaningful structural barrier to the adversarial image injection pathways that fully networked environments expose. The threshold reflects both the consequence severity and the structural reduction in injection pathway accessibility that OT network segmentation provides.

How does adversarial pixel injection reach an ICS AI system if the OT network is air-gapped from the IT network?

IEC 62443-compliant OT environments are segmented — the ICS network (Level 2: Control Network; Level 3: Site Business Planning and Logistics Network in the Purdue Enterprise Reference Architecture) is separated from the IT enterprise network (Level 4/5) by a Demilitarized Zone (DMZ) with unidirectional data diodes or application-layer proxies. However, three injection pathways operate within this segmentation model without crossing the IT/OT boundary. First, USB media transfer — IEC 62443-3-3 SR 3.4 requires removable media controls, but field engineering teams routinely transfer inspection model updates, SCADA display configuration files, and vibration analysis database updates via USB at Level 2 assets. A compromised model update package that contains adversarially tuned inspection images as part of the model’s training calibration set is an in-band injection pathway that does not cross the IT/OT network boundary. Second, ERP-to-MES data integration — manufacturing execution systems (MES) at Level 3 receive production orders, quality specifications, and recipe files from ERP systems (SAP, Oracle) at Level 4 through the Purdue DMZ; inspection reference images (golden-sample images used to calibrate inspection AI against known-good standards) traverse this pathway legitimately. Third, vendor remote access — KLA, Cognex, ABB, Siemens, and Honeywell all require remote access to Level 2 equipment for calibration, model update, and diagnostics under ongoing service contracts; adversarial image injection via the vendor remote access pathway is a documented attack vector in ICS threat modeling (MITRE ATT&CK for ICS T0862: Supply Chain Compromise).

What IEC 62443 security requirements currently address AI adversarial robustness in OT environments?

IEC 62443-3-3:2013 (System Security Requirements and Security Levels) and its 2024 update (Edition 2.0 under active development by ISA99 Working Group 2 as of 2026) do not address AI adversarial robustness as a specific security requirement category. The current IEC 62443-3-3 Security Requirements (SR) structure covers authentication (SR 1.1–1.13), use control (SR 2.1–2.12), data integrity (SR 3.1–3.9), data confidentiality (SR 4.1–4.2), restricted data flow (SR 5.1–5.4), timely response to events (SR 6.1–6.2), and resource availability (SR 7.1–7.8). None of these SR categories addresses the adversarial ML robustness of AI components that process rendered images as their primary input modality. The ISA99 Working Group 4 (Policies and Procedures) is developing guidance on AI security within IEC 62443 through the ISA-TR62443-1-1 technical report series, but as of 2026 no normative adversarial ML requirement exists in the IEC 62443 family. The IIC (Industrial Internet Consortium) AI Security Framework (IICSF) 2.0 and the ENISA AI Security Guidelines for OT (2024) both address adversarial ML conceptually but provide no implementation-level requirements analogous to a scan gate threshold. A Glyphward pre-scan gate at ICS AI image ingestion boundaries provides the runtime adversarial detection that fills this normative gap.

How does adversarial injection in predictive maintenance AI differ from conventional sensor spoofing attacks on ICS?

Conventional ICS sensor spoofing attacks — the attack class documented in the 2017 Triton/TRISIS malware incident (targeting Schneider Electric Triconex Safety Instrumented System at a Saudi Arabian petrochemical facility) and in academic ICS attack research (Shoukry et al., “Non-Invasive Spoofing Attacks for Anti-Lock Braking Systems,” CCS 2013) — target the raw sensor signal at the transducer, field wiring, or serial communication protocol layer. A sensor spoofing attack substitutes a false sensor value for the true measured value in the process data stream before it reaches the SCADA historian or DCS controller. Adversarial injection in predictive maintenance AI operates at a different layer: it targets the rendered visualization of correct sensor data, not the underlying sensor signal. The vibration measurement from an accelerometer mounted on a compressor bearing housing is correct — the raw time-domain vibration signal contains the true bearing fault frequency signature — but the rendered FFT spectrogram image of that correct signal is adversarially perturbed before the AI classifier receives it. The underlying sensor reading remains accurate; the adversarial attack operates entirely within the AI processing pipeline, between the data visualization render step and the AI classification step. This is a new attack layer that conventional ICS intrusion detection systems (Dragos, Claroty, Nozomi Networks) do not monitor, because they focus on process data bus integrity and network traffic anomaly detection, not on the rendered image integrity at AI classification boundaries.

Does a Glyphward scan gate introduce latency that makes it impractical for real-time cobot safety vision?

The Glyphward API target response time for image scan requests is 150–250ms at p95 latency for the standard image scan endpoint. ISO/TS 15066 Annex A safety calculations for speed-and-separation-monitoring (SSM) cobot operation use a reaction time budget that includes robot stopping time (T_s), camera system latency (T_c), and the “intrusion detection time” (T_d) — the time from human intrusion into the collaborative workspace to detection by the safety vision system. The minimum protective separation (MPS) formula in ISO/TS 15066 is MPS = (v_r + v_h) × (T_s + T_d) + C, where C is the zero-speed stopping distance. A T_d of 150–250ms adds approximately 37.5–62.5mm to the MPS at typical cobot arm speeds of 250mm/s — an increase that is accommodated by increasing the collaborative workspace safety zone boundary by this margin rather than by deploying the scan gate asynchronously in the cobot control loop. The practical deployment model for cobot safety vision is to scan incoming depth camera frames at the vision system output — which already has a 30–60ms processing delay from the depth camera pipeline — and to use a cached clean-frame classification for the intermediate frames between scan gate assessments, with the cobot operating at the SSM reduced velocity throughout. This approach adds a configurable scan sampling rate (1 scan per 5 frames at 30fps = 6 scans/second) that keeps the Glyphward API call volume within the Pro tier 100k scans/month limit for a standard cobot cell operating 6,000 hours/year.