Satellite imagery AI · SAR analysis AI · Ground station monitoring AI · Spacecraft inspection AI

Prompt injection in space and satellite AI

Space and satellite AI has become the geospatial intelligence, defence analytics, communications infrastructure management, and spacecraft safety assessment backbone of both government intelligence agencies and commercial space operators at a scale that concentrates mission-critical and national security decision-making in AI systems that process adversarially manipulable image inputs: Planet Labs AI processes satellite imagery from its constellation of more than 200 Dove CubeSats and SkySat spacecraft — capturing daily imagery of the entire Earth’s landmass — through AI-assisted change detection, object classification, and geospatial intelligence analytics tools used by US government agencies (Department of Defense, National Geospatial-Intelligence Agency), allied government intelligence services, commercial agricultural, financial, and infrastructure intelligence customers, and humanitarian monitoring organisations; Maxar Technologies AI processes WorldView-1, WorldView-2, WorldView-3, and WorldView-4 very-high-resolution satellite imagery (resolution to 30 cm) through AI-assisted object recognition, target characterisation, and geospatial intelligence analytics tools under defence and intelligence community contracts including National System for Geospatial-Intelligence (NSG) contracts and commercially available satellite imagery analytics services used by government, academic, and commercial customers; ICEYE SAR (Synthetic Aperture Radar) AI processes synthetic aperture radar satellite image products from ICEYE’s constellation of X-band SAR spacecraft through AI-assisted maritime vessel detection, ground movement indication, flood extent mapping, and change detection tools used by government intelligence agencies, defence contractors, and commercial customers; Capella Space AI processes X-band SAR imagery from its satellite constellation through AI-assisted object detection and change detection tools used by government and commercial customers; SpaceX Starlink ground station AI and SES AI process ground station antenna condition monitoring images through AI-assisted infrastructure performance management tools; NASA, ESA, and commercial launch vehicle AI platforms process spacecraft component inspection images through AI-assisted manufacturing quality and launch readiness assessment tools. These space and satellite AI platforms share a structural vulnerability that creates adversarial image injection exposure with intelligence analysis, national security, ITAR compliance, and spacecraft safety consequences: each depends on satellite imagery, SAR images, ground station photographs, and spacecraft inspection images that pass through AI processing layers before their output governs intelligence target classification decisions, maritime threat assessment determinations, ground station maintenance scheduling, and launch readiness certifications — and each operates under regulatory frameworks where AI output manipulation creates intelligence assessment integrity failures, ITAR export control violations, ITU frequency coordination compliance failures, and NASA product acceptance non-conformances.

TL;DR

Space and satellite AI platforms — Planet Labs AI, Maxar Technologies AI, ICEYE SAR AI, Capella Space AI, BlackSky AI, SES AI, Intelsat AI, SpaceX Starlink ground station AI — process satellite imagery, synthetic aperture radar images, ground station equipment condition photographs, and spacecraft component inspection images through AI-assisted geospatial intelligence analytics, maritime vessel detection, communications infrastructure management, and spacecraft quality assessment pipelines. Adversarially crafted images submitted through satellite imagery analytics APIs, SAR image processing portals, ground station condition photograph channels, and spacecraft inspection image upload interfaces can cause AI systems to misclassify military or infrastructure targets in intelligence assessments, suppress maritime vessel activity detection in SAR analysis, hide antenna misalignment or damage in ground station condition monitoring, and conceal spacecraft component defects in launch readiness inspection — triggering ITAR 22 CFR §§ 120–130 export control obligations, NGA/DoD DFARS 252.204-7012 contractual compliance requirements, ITU Radio Regulations frequency coordination obligations, FCC Part 25 satellite operation licence conditions, and NASA NPR 8735.2 product acceptance requirements. Glyphward scans each image at the ingestion boundary with a threshold of ≥ 55-60 across all four space and satellite AI contexts. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in space and satellite AI

1. Satellite imagery geospatial intelligence AI injection (Planet Labs AI, Maxar AI, BlackSky AI)

Satellite imagery geospatial intelligence AI processes multispectral, panchromatic, and very-high-resolution optical satellite image products submitted through AI-assisted object recognition, change detection, target characterisation, and geospatial intelligence analytics tools that extract object type classifications, activity level assessments, infrastructure status determinations, and change detection confidence values from satellite imagery inputs, generating intelligence product summaries, target characterisation reports, and change detection alerts used by government intelligence agencies, defence contractors, and commercial geospatial intelligence customers for assessments of military activity, infrastructure status, agricultural conditions, and humanitarian crisis indicators. Planet Labs AI processes daily satellite imagery from its 200+ spacecraft constellation through AI-assisted change detection and analytics tools at US government customers including Department of Defense, US Strategic Command, and National Geospatial-Intelligence Agency under commercial satellite imagery contracts. Maxar Technologies AI processes WorldView-series very-high-resolution satellite imagery through AI-assisted target recognition and geospatial intelligence analytics tools under NGA National System for Geospatial-Intelligence contracts that govern Maxar’s provision of satellite imagery intelligence products to the US government intelligence community. BlackSky AI processes high-revisit satellite imagery from its constellation through AI-assisted real-time geospatial monitoring and analytics tools at US government and commercial customers.

The adversarial injection surface is the satellite image product submission pathway: multispectral and panchromatic satellite imagery products submitted through Planet Labs AI, Maxar AI, or BlackSky AI analytics platforms for AI object classification, change detection, and intelligence product generation. An adversarially crafted satellite imagery product — in which pixel perturbations applied to an object type indicator, vehicle presence region, or infrastructure status feature on a satellite image cause the AI to misclassify a military installation as an agricultural facility, suppress a detected vehicle concentration indicating military activity, or generate a false cleared-status determination for an infrastructure target whose actual satellite image documents operational activity — can compromise the integrity of AI-generated geospatial intelligence products used by government intelligence analysts, causing assessments that understate or overstate military activity, infrastructure operational status, or humanitarian crisis indicators at the target location. In commercial satellite imagery analytics contexts where AI-generated change detection products are delivered to government intelligence customers as finished intelligence reports without intermediate human review of individual image tile classifications, adversarial manipulation of satellite image inputs can propagate false intelligence determinations into delivered products without detection at the customer delivery boundary.

The regulatory and national security consequences of adversarially manipulated satellite imagery AI span ITAR export control, NGA contract compliance, and national intelligence failure dimensions. International Traffic in Arms Regulations (ITAR) 22 CFR §§ 120–130 regulate the export of defence articles and services including satellite imagery products and geospatial intelligence analytics under the United States Munitions List (USML) Category XV (Spacecraft Systems and Related Articles); adversarial manipulation of satellite imagery AI systems operating under ITAR export control creates compliance obligations for identifying and reporting the manipulation event under ITAR voluntary disclosure procedures to the State Department Directorate of Defense Trade Controls. DoD DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) requires defence contractors processing Covered Defense Information (CDI) to implement and maintain adequate security controls and to report cyber incidents affecting CDI within 72 hours; adversarial injection into satellite imagery AI systems operating under Maxar or Planet Labs DoD contracts constitutes a cyber incident affecting CDI with DFARS 252.204-7012 72-hour reporting obligations to the DoD Cyber Crime Center. NGA commercial satellite imagery contract compliance requirements impose data quality, accuracy, and analytic integrity standards on commercial satellite imagery providers; adversarial manipulation of AI-generated intelligence product accuracy creates NGA contract performance obligations and potential contract remedy exposure. Threshold: 60 for satellite imagery geospatial intelligence AI, reflecting national security and ITAR compliance dimensions.

2. Synthetic aperture radar image AI injection (ICEYE SAR AI, Capella Space AI)

Synthetic aperture radar image AI processes X-band, C-band, and L-band SAR image products from satellite SAR sensor systems submitted through AI-assisted maritime vessel detection, automatic identification system (AIS) correlation, ground moving target indication (GMTI), flood extent mapping, and change detection tools that extract vessel presence classifications, vessel type identifications, ground movement activity indicators, and change detection confidence values from SAR image inputs, generating maritime domain awareness products, ground activity monitoring alerts, and change detection reports used by government intelligence agencies, coast guard and naval forces, commercial maritime intelligence customers, and humanitarian monitoring organisations for maritime vessel tracking, illicit maritime activity detection, and military or infrastructure ground activity monitoring. ICEYE SAR AI processes X-band SAR imagery from ICEYE’s constellation of SAR spacecraft through AI-assisted maritime vessel detection, flood extent mapping, and change detection tools at government and commercial customers including national coast guard agencies, commercial commodity traders, and international humanitarian organisations. Capella Space AI processes X-band SAR imagery from its constellation through AI-assisted object detection and change detection tools at US government customers and commercial maritime intelligence providers.

The adversarial injection surface is the SAR image product submission pathway: X-band and C-band SAR imagery products submitted through ICEYE AI or Capella Space AI analytics platforms for AI maritime vessel detection, AIS correlation, and change detection analysis. An adversarially crafted SAR image product — in which pixel perturbations applied to vessel backscatter signatures, wake pattern indicators, or ground object reflectivity regions on a SAR image tile cause the AI to suppress a maritime vessel detection or generate a false no-vessel classification for a SAR image that actually documents an unregistered or dark vessel engaged in AIS-dark maritime activity — can cause AI-generated maritime domain awareness products to fail to report the presence of a vessel engaged in AIS-dark operations, sanctions evasion tanker activity, or illicit maritime activity at a location where the adversarially manipulated SAR image tile was the primary detection source for that vessel’s presence. In maritime intelligence contexts where SAR-based detection of AIS-dark vessels is the primary technical capability for monitoring sanctions evasion tanker fleets and illicit maritime activity in areas with limited naval surface surveillance, adversarial suppression of vessel detection in SAR AI can defeat the primary detection layer with national security and sanctions enforcement consequences.

The regulatory consequences of adversarially manipulated SAR intelligence AI span ITAR, DoD DFARS, and government contract compliance dimensions comparable to optical satellite imagery AI injection. ITAR Category XV covers satellite SAR sensor technology and SAR imagery analytics as defence articles subject to export control; adversarial manipulation of SAR AI systems operating under ITAR creates the same voluntary disclosure and DFARS 72-hour cyber incident reporting obligations as optical satellite imagery AI injection. NGA and US Coast Guard commercial SAR data service contract compliance requirements impose maritime surveillance data quality and accuracy standards; adversarial manipulation of AI-generated maritime vessel detection products creates contract performance obligations and potential contract remedy exposure for commercial SAR providers. US Treasury Office of Foreign Assets Control (OFAC) sanctions programmes — particularly Russian, Iranian, North Korean, and Venezuelan sanctions programmes — rely on commercial SAR vessel tracking intelligence to identify sanctions-evading tanker activity; adversarial suppression of SAR-detected vessel presence that interferes with OFAC sanctions enforcement intelligence creates US government contract integrity concerns for commercial SAR providers. Threshold: 60 for SAR image AI, reflecting national security, ITAR, and sanctions intelligence dimensions.

3. Ground station antenna and equipment condition AI injection (SES AI, Intelsat AI, SpaceX Starlink AI)

Ground station antenna and equipment condition AI processes inspection photographs of parabolic dish antenna reflector surfaces, feed assembly condition images, azimuth/elevation drive mechanism condition photographs, high-power amplifier rack visual inspection images, and antenna pointing alignment measurement display screenshots submitted through AI-assisted ground station infrastructure condition monitoring, predictive maintenance, and performance optimisation tools that extract antenna reflector surface condition grades, mechanical component wear classifications, pointing alignment deviation values, and electrical component condition assessments from ground station equipment inspection image inputs, generating maintenance priority assignments, pointing recalibration alerts, and equipment replacement recommendations that determine whether satellite communication ground stations maintain the link budget margin and pointing accuracy required for continuous satellite communication service delivery. SES AI and Intelsat AI process ground station antenna condition inspection photographs through AI-assisted infrastructure management tools at their global satellite communication ground station networks serving telecommunications carriers, broadcast media companies, and government communication users. SpaceX Starlink ground station AI processes gateway earth station antenna condition photographs through AI-assisted infrastructure monitoring tools at Starlink gateway ground station facilities serving Starlink broadband satellite internet customers.

The adversarial injection surface is the ground station antenna condition inspection photograph and pointing alignment display screenshot submission pathway: antenna reflector surface condition images and mechanical component inspection photographs submitted through SES AI, Intelsat AI, or SpaceX Starlink ground station AI platforms for AI mechanical condition grade assignment and maintenance priority determination. An adversarially crafted ground station antenna condition photograph — in which pixel perturbations applied to the antenna reflector surface damage region, feed assembly corrosion indicator, or azimuth drive mechanism wear display on an antenna inspection photograph cause the AI to classify the antenna as within service specification when the actual photograph documents a reflector surface deformation or feed assembly condition that creates pointing inaccuracy and link budget degradation — can suppress a maintenance priority assignment that would otherwise schedule antenna reflector resurfacing or feed assembly replacement, allowing a degraded antenna to continue in service with reduced effective isotropic radiated power (EIRP) and gain-to-noise-temperature (G/T) performance that affects satellite communication link quality for the telecommunications carriers and broadcast media companies the ground station serves.

The regulatory and contractual consequences of adversarially manipulated ground station equipment condition AI span ITU Radio Regulations, FCC Part 25 satellite operation licence, and telecommunications service level agreement dimensions. ITU Radio Regulations Article 22 specifies coordination and notification requirements for earth stations including protection of other radio services from harmful interference; a degraded ground station antenna operating with adversarially suppressed maintenance flags may generate off-axis emissions exceeding ITU coordination agreement interference protection thresholds, creating ITU Radio Regulations Article 22 harmful interference obligations for the satellite operator and earth station licensee. FCC Part 25 (Satellite Communications Services) specifies technical operating standards for earth station licences including antenna gain, pointing accuracy, and interference suppression requirements; adversarial suppression of ground station condition AI maintenance flags that causes an earth station to operate below FCC Part 25 technical specification creates licence condition compliance failure with FCC enforcement and licence revocation exposure. Commercial satellite capacity lease agreements between satellite operators and telecommunications carrier customers specify service availability and link performance guarantees; adversarial suppression of ground station maintenance flags that causes link budget degradation creates satellite operator contractual liability for satellite capacity service level failures. Threshold: 55 for ground station equipment condition AI, reflecting telecommunications service and regulatory compliance dimensions.

4. Spacecraft component inspection AI injection (NASA AI, ESA AI, commercial launch vehicle AI)

Spacecraft component inspection AI processes manufacturing quality inspection photographs of spacecraft structural components, propulsion system condition images, solar array deployment mechanism inspection photographs, thermal control surface condition images, and launch vehicle stage component inspection photographs submitted through AI-assisted spacecraft manufacturing quality assurance, acceptance testing, and launch readiness assessment tools that extract manufacturing defect classifications, component condition grades, tolerance conformance determinations, and nonconformance report (NCR) flag values from spacecraft inspection image inputs, generating product acceptance recommendations, NCR initiation triggers, and launch readiness go/no-go assessments that govern whether spacecraft and launch vehicle components proceed through manufacturing, pass customer acceptance testing, and receive launch readiness certification for flight. NASA AI processes spacecraft and space system component inspection photographs through AI-assisted product acceptance and quality assurance tools at NASA field centres including Goddard Space Flight Center, Jet Propulsion Laboratory, Marshall Space Flight Center, and Kennedy Space Center for NASA mission spacecraft and launch vehicle components. ESA and commercial launch vehicle AI platforms including SpaceX, Rocket Lab, and ULA process spacecraft and launch vehicle component inspection photographs through AI-assisted manufacturing quality control and launch readiness assessment tools.

The adversarial injection surface is the spacecraft component inspection photograph and manufacturing quality verification image submission pathway: spacecraft structural, propulsion, and electrical component inspection photographs submitted through NASA AI, ESA AI, or commercial launch vehicle AI quality assurance platforms for AI manufacturing defect detection, tolerance conformance determination, and product acceptance certification. An adversarially crafted spacecraft component inspection photograph — in which pixel perturbations applied to a composite structure delamination indicator, propulsion component surface crack region, or electrical connector condition display on a spacecraft manufacturing inspection photograph cause the AI to classify a deficient component as conforming when the actual photograph documents a manufacturing nonconformance requiring rejection or corrective action under NASA-STD-5009 (Nondestructive Evaluation Requirements for Fracture-Critical Metallic Components) or equivalent commercial space quality standards — can suppress an NCR initiation trigger that would otherwise require engineering review of the nonconforming component, allowing a deficient spacecraft component to proceed through subsequent manufacturing stages or receive product acceptance certification that authorises integration into the flight vehicle. In crewed spaceflight contexts where adversarially suppressed spacecraft component defect detection allows a structurally deficient component to receive launch readiness certification and be integrated into a crewed vehicle, the adversarial image injection creates astronaut life safety risk at a mission-critical hardware integrity level.

The regulatory and contractual consequences of adversarially manipulated spacecraft component inspection AI span NASA NPR requirements, ITAR, and product liability dimensions. NASA NPR 8735.2 (Hardware Quality Assurance for Programs and Projects) specifies product acceptance, nonconformance management, and quality assurance requirements for NASA hardware programmes; adversarial AI manipulation that suppresses a manufacturing nonconformance detection in spacecraft component inspection creates a NPR 8735.2 product acceptance non-conformance with NASA programme management and contract compliance consequences. NASA NPR 8621.1 (NASA Procedural Requirements for Mishap and Close Call Reporting, Investigating, and Recordkeeping) requires reporting of mishaps and close calls including safety-critical hardware acceptance failures; adversarial manipulation of spacecraft inspection AI that creates a safety-critical hardware acceptance integrity failure creates NPR 8621.1 reporting obligations. ITAR Category XV covers spacecraft and launch vehicle components as defence articles subject to export control; adversarial manipulation of spacecraft inspection AI systems operating on ITAR-controlled articles creates ITAR voluntary disclosure obligations to State Department DDTC. Commercial launch vehicle product liability exposure under state tort law creates civil liability for launch vehicle manufacturers when adversarially suppressed manufacturing defect detection causes launch failure with property damage or personal injury consequences. Threshold: 55 for spacecraft component inspection AI, reflecting mission safety and ITAR compliance dimensions.

Integration: space and satellite AI image ingestion with Glyphward pre-scan

Space and satellite AI image ingestion flows from satellite imagery analytics APIs, SAR image processing portals, ground station condition photograph channels, and spacecraft inspection image upload interfaces into geospatial intelligence AI, maritime detection AI, ground station management AI, and spacecraft quality assurance AI pipelines. Insert Glyphward’s pre-scan at the ingestion boundary before AI-generated output is committed to intelligence product deliverables, maritime domain awareness reports, ground station maintenance records, or product acceptance certifications:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Space & satellite AI — ITAR 22 CFR §§120-130, DoD DFARS 252.204-7012,
# NGA/US government intelligence contracts, ITU Radio Regulations,
# FCC Part 25, NASA NPR 8735.2/8621.1, ESA ECSS quality standards.
# False target misclassification, vessel suppression, antenna maintenance
# suppression, and spacecraft defect concealment create national security
# and mission safety consequences.
THRESHOLD_INTELLIGENCE        = 60  # satellite imagery, SAR (ITAR, NGA, national security)
THRESHOLD_INFRASTRUCTURE_SAFE = 55  # ground station, spacecraft (operational safety)


class SatelliteAIContext(str, Enum):
    SATELLITE_IMAGERY    = "satellite_imagery"    # Planet Labs, Maxar, BlackSky
    SAR_ANALYSIS         = "sar_analysis"          # ICEYE, Capella Space
    GROUND_STATION       = "ground_station"         # SES, Intelsat, SpaceX Starlink
    SPACECRAFT_INSPECTION = "spacecraft_inspection" # NASA, ESA, commercial launch


def threshold_for(context: SatelliteAIContext) -> int:
    if context in (SatelliteAIContext.SATELLITE_IMAGERY, SatelliteAIContext.SAR_ANALYSIS):
        return THRESHOLD_INTELLIGENCE
    return THRESHOLD_INFRASTRUCTURE_SAFE


async def scan_satellite_ai_image(
    image_path: str | Path,
    context: SatelliteAIContext,
    operator_id_hash: str,    # SHA-256 of satellite operator / programme identifier
    asset_ref: str,           # e.g. "IMG-PL-2026-44721", "SAR-ICEYE-2026-Q2", "GS-SES-PARIS-03"
    collection_id: str,       # e.g. Planet scene ID, SAR collect ID, inspection batch ID
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan a space or satellite AI image for adversarial injection payloads
    before forwarding to satellite imagery analytics, SAR analysis, ground
    station management, or spacecraft inspection AI systems.

    Raises AdversarialSatelliteAIImageError if score meets threshold:
      - SATELLITE_IMAGERY:     threshold 60; ITAR 22 CFR §§120-130; DoD DFARS
                               252.204-7012; NGA contract compliance
      - SAR_ANALYSIS:          threshold 60; ITAR; OFAC sanctions intelligence;
                               maritime domain awareness integrity
      - GROUND_STATION:        threshold 55; ITU Radio Regulations Article 22;
                               FCC Part 25; satellite capacity SLA
      - SPACECRAFT_INSPECTION: threshold 55; NASA NPR 8735.2/8621.1; ITAR;
                               crewed mission safety
    """
    image_bytes = Path(image_path).read_bytes()
    image_b64   = base64.b64encode(image_bytes).decode()
    image_sha256 = hashlib.sha256(image_bytes).hexdigest()
    client_scan_id = str(uuid.uuid4())
    threshold = threshold_for(context)

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "satellite_context":  context.value,
                "operator_id_hash":   operator_id_hash,
                "asset_ref":          asset_ref,
                "collection_id":      collection_id,
                "client_scan_id":     client_scan_id,
                "image_sha256":       image_sha256,
            },
        },
        timeout=8.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "operator_id_hash":   operator_id_hash,
        "asset_ref":          asset_ref,
        "collection_id":      collection_id,
        "satellite_context":  context.value,
        "scan_id":            result["scan_id"],
        "client_scan_id":     client_scan_id,
        "image_sha256":       image_sha256,
        "score":              result["score"],
        "flagged_region":     result.get("flagged_region"),
        "threshold":          threshold,
        "action":             "blocked" if result["score"] >= threshold else "allowed",
    }
    await write_satellite_audit_record(audit_record)

    if result["score"] >= threshold:
        raise AdversarialSatelliteAIImageError(
            f"Satellite AI image blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"operator={operator_id_hash} asset={asset_ref}"
        )
    return result


async def write_satellite_audit_record(record: dict) -> None:
    """Persist audit record to satellite operator compliance audit store (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialSatelliteAIImageError(Exception):
    """Raised when a space or satellite AI image exceeds the adversarial injection threshold."""
    pass

Call scan_satellite_ai_image() with SatelliteAIContext.SATELLITE_IMAGERY before forwarding Planet Labs AI, Maxar AI, or BlackSky AI satellite image products to geospatial intelligence analytics tools — the highest national security integration point, where adversarial target misclassification propagates into intelligence products delivered to government customers under NGA contracts and DFARS cybersecurity obligations. Call with SatelliteAIContext.SAR_ANALYSIS for ICEYE AI or Capella Space AI SAR image products before maritime vessel detection and GMTI analysis, preserving image_sha256 as the forensic anchor for DFARS 72-hour cyber incident reporting and OFAC sanctions intelligence audit documentation. Call with SatelliteAIContext.GROUND_STATION for SES AI or Intelsat AI ground station antenna condition inspection photographs before AI maintenance priority assignment, using asset_ref encoding the ground station identifier for ITU coordination agreement and FCC Part 25 compliance audit. Call with SatelliteAIContext.SPACECRAFT_INSPECTION for NASA AI spacecraft component inspection photographs before AI product acceptance determination, with collection_id linking to the specific inspection batch for NASA NPR 8735.2 nonconformance management and NPR 8621.1 mishap reporting audit trail purposes. Get early access

Coverage matrix

Control	Satellite imagery AI injection (Planet Labs, Maxar, BlackSky)	SAR analysis AI injection (ICEYE, Capella Space)	Ground station AI injection (SES, Intelsat, SpaceX Starlink)	Spacecraft inspection AI injection (NASA, ESA, commercial)
Text-only PI scanners (Lakera, LLM Guard)	No — adversarial pixel perturbations in satellite imagery products are invisible to text-based analysis	No — SAR image pixel manipulation is not detected by text-only scanning	No — ground station antenna condition photograph pixel manipulation is not caught by text analysis	No — spacecraft component inspection photograph pixel perturbations are not visible to text scanners
Intelligence analyst review	Government intelligence analysts review AI-generated change detection and object classification products for analytical plausibility; do not inspect individual satellite image tile pixels for adversarial manipulation before intelligence product acceptance	Maritime intelligence analysts review AI SAR vessel detection outputs for operational reasonableness; do not inspect SAR image pixels for adversarial manipulation before maritime domain awareness product acceptance	Ground station operations engineers review AI maintenance priority outputs and performance monitoring alerts; do not inspect antenna condition photograph pixels for adversarial manipulation before maintenance scheduling decisions	Spacecraft quality assurance engineers and programme managers review AI product acceptance recommendations; do not inspect spacecraft component inspection photograph pixels for adversarial manipulation before product acceptance certification
DFARS cybersecurity controls	DFARS 252.204-7012 security controls protect Covered Defense Information integrity; do not detect adversarial pixel manipulation of satellite imagery products submitted to AI analytics systems at the image ingestion boundary	DFARS 252.204-7012 controls protect SAR product data integrity; do not detect adversarial pixel manipulation of SAR imagery inputs to AI maritime detection tools	Ground station cybersecurity controls protect operations management system integrity; do not detect adversarial pixel manipulation of antenna condition photographs submitted to AI monitoring systems	NASA IV&V and quality assurance review processes verify product acceptance engineering; do not detect adversarial pixel manipulation of spacecraft inspection images submitted to AI quality assurance tools
Glyphward	Yes — threshold 60; operator_id_hash and collection_id audit trail; blocks adversarially crafted satellite imagery before Planet Labs/Maxar AI classification, with image_sha256 for DFARS 72-hour reporting	Yes — threshold 60; blocks adversarially crafted SAR imagery before ICEYE/Capella AI vessel detection, with image_sha256 for DFARS incident reporting and OFAC sanctions audit	Yes — threshold 55; blocks adversarially crafted antenna condition images before SES/Intelsat AI maintenance classification, with asset_ref for ITU/FCC compliance audit trail	Yes — threshold 55; blocks adversarially crafted spacecraft inspection images before NASA/ESA AI acceptance determination, with collection_id for NPR 8735.2 nonconformance audit trail

Frequently asked questions

How does adversarial injection into satellite imagery AI differ from ordinary satellite image quality issues such as cloud cover, atmospheric distortion, and sensor noise, and why do standard image quality assessment controls not address the adversarial threat?

Ordinary satellite imagery quality issues — cloud cover occluding surface features, atmospheric haze reducing spatial resolution, sun angle variation affecting surface reflectance, sensor noise from cosmic ray hits on CCD arrays, and JPEG compression artefacts in commercial imagery products — are addressed by satellite imagery AI systems through cloud cover masking, atmospheric correction algorithms, sun angle normalisation, noise filtering, and image quality metadata that enable analytics tools to identify and appropriately handle imagery with degraded quality. Planet Labs AI and Maxar AI analytics platforms include image quality metadata parameters — cloud cover fraction, sun elevation angle, off-nadir angle, ground sample distance — that analytics tools use to assess the reliability of AI classification outputs for specific image tiles before committing analytics results to delivered intelligence products.

Adversarial injection into satellite imagery AI operates at the opposite end of the quality spectrum: adversarially crafted satellite imagery products are high-quality images that pass all image quality metadata thresholds, because the adversarial perturbations are optimised to be imperceptible to quality assessment algorithms while specifically targeting the AI classifier’s decision boundary for the target object or activity classification. An adversarially crafted Maxar WorldView-3 image that suppresses an AI-generated military installation activity classification is a high-resolution, low-cloud-cover, well-calibrated image that passes all quality filters — the adversarial manipulation operates at the level of subtle spectral and spatial feature perturbations that exploit the AI classifier’s sensitivity without being detectable as image quality degradation. Standard image quality assessment controls that filter low-quality imagery do not detect adversarial manipulation of high-quality imagery at the pixel feature perturbation level, because they are designed to identify physical degradation, not adversarial optimisation. Pre-scan verification at the individual image product submission boundary is the only control that operates at the pixel-feature perturbation level before AI classification.

What are a commercial satellite imagery provider’s DFARS 252.204-7012 cyber incident reporting obligations when adversarial injection into its satellite AI analytics platform compromises a delivered intelligence product under a DoD contract?

A commercial satellite imagery provider operating under a DoD contract — such as a Maxar Technologies NGA NSG contract or a Planet Labs DoD commercial satellite imagery contract — faces two-track DFARS 252.204-7012 obligations when adversarial injection into its satellite AI analytics platform compromises a delivered intelligence product. First, under DFARS 252.204-7012(c), the contractor must report the cyber incident to the DoD Cyber Crime Center (DC3) within 72 hours of discovering the incident, providing the required cyber incident report content including description of the technical details of the incident, compromised systems, and affected Covered Defense Information. Second, under DFARS 252.204-7012(d), the contractor must preserve and protect images of all known or suspected compromised information systems for 90 days from the incident report submission to support DoD forensic analysis — for satellite AI analytics systems, this means preserving the adversarially manipulated satellite image products, AI processing logs, and Glyphward pre-scan audit records (or their absence) for the compromised analytics processing session.

The practical DFARS compliance preparation for commercial satellite imagery providers is to implement Glyphward pre-scan at the satellite imagery analytics ingestion boundary and preserve scan audit records — including image_sha256, scan_id, and action log — as part of the cyber incident forensic evidence package. When a delivered intelligence product is later identified as potentially adversarially compromised, the Glyphward pre-scan audit trail provides forensic documentation of whether the specific satellite image products that generated the compromised analytics output were scanned at the ingestion boundary and whether a pre-scan adversarial flag was generated. This documentation is significant for DFARS 72-hour reporting timeline calculation (the 72-hour clock runs from discovery, and pre-scan records establish when the contractor first had technical evidence of a potential adversarial manipulation event) and for the DoD forensic analysis of the incident scope and affected intelligence products.

How should NASA programmes implement Glyphward pre-scan for spacecraft component inspection AI without disrupting NPR 8735.2 product acceptance workflow schedules or creating additional documentation burden for quality engineering personnel?

NASA programme offices deploying AI-assisted spacecraft component inspection tools at Goddard Space Flight Center, Jet Propulsion Laboratory, or Marshall Space Flight Center face a specific integration workflow constraint: NPR 8735.2 product acceptance workflows are governed by programme-specific Product Acceptance Plans (PAPs) that specify inspection methods, documentation requirements, and Discrepancy Reports (DRs) or Nonconformance Reports (NCRs) initiation criteria for each flight hardware component category, with inspection completion timelines tied to manufacturing schedule milestone obligations that cannot be extended without mission schedule impact.

The recommended Glyphward integration model for NASA programme contexts is automatic pre-scan at the inspection image upload endpoint of the programme’s inspection management system — whether hosted on NASA IT infrastructure or a contractor quality management system (QMS) platform — configured to execute Glyphward pre-scan synchronously for each inspection photograph submitted by quality engineers during the product acceptance inspection event. The Glyphward scan_id and adversarial score are written to the inspection event record in the QMS alongside the inspection photograph metadata, creating an automatic audit trail entry for each inspection image without requiring quality engineering personnel to take any additional action. For inspection images returning adversarial scores at or above the ≥ 55 threshold, the QMS integration generates an automatic quality engineering review flag that suspends the product acceptance determination for the affected component pending quality engineer evaluation of the Glyphward flagged region and re-submission of the inspection photograph with documented chain-of-custody verification — ensuring that NPR 8735.2 nonconformance management procedures are triggered before adversarially manipulated inspection images generate false product acceptance certifications. Contact Glyphward about the Team tier’s NASA programme integration configuration, which includes pre-configured collection_id parameters aligned to NPR 8735.2 Work Package / Work Order identification standards for programme product acceptance audit trail purposes.