What is the CCSDS CDM and how do satellite operators use it?

CCSDS Conjunction Data Message (508.0-B-1) is the international standard format for conveying predicted close approach data: TCA, miss distance, collision probability (Pc), and covariance matrices. Pc > 10⁻⁴ triggers maneuver review; Pc > 10⁻³ triggers autonomous CAM in systems like Starlink. Adversarial injection downgrading a conjunction geometry visualization from Pc 10⁻³ to 10⁻⁵ appearance suppresses the maneuver trigger for an encounter that should be avoided.

LeoLabs radar SSA AI · ExoAnalytic optical telescope AI · 18th Space Control Squadron SpOC AI · IADC debris mitigation guidelines · US SPD-3 · conjunction assessment AI

Prompt injection in space situational awareness AI

Q: What is the Kessler syndrome and why does SSA AI adversarial injection raise cascade risk?

Kessler syndrome (Kessler & Cour-Palais 1978) describes self-sustaining debris cascade: beyond critical debris density, collisions generate fragments faster than orbital decay removes them. ESA and NASA simulations suggest the 1,000-1,500km band may already be near cascade threshold. Adversarial SSA AI suppression increases untracked fragment population, degrading conjunction Pc computation accuracy across the entire megaconstellation population — raising expected collision rate for all satellites in the affected orbital shell.

Q: How does LeoLabs AI differ from the 18th Space Control Squadron Space Fence?

18 SCS operates the authoritative USSPACECOM catalog (~10cm detection completeness at 600km) fed by Space Fence at Kwajalein, issuing CDMs via Space-Track.org. LeoLabs is a commercial provider with its own phased-array radar network (~2cm completeness at 600km), providing higher-resolution debris catalog and conjunction assessment. Both process range-Doppler maps and optical images through AI classifiers; LeoLabs' commercial API pipeline may be more exposed to adversarial access than the classified SPADOC environment.

Q: Can Glyphward detect adversarial attacks on radar range-Doppler map images?

Yes. Range-Doppler maps — 2D renders encoding RCS as pixel intensity — are processed by Glyphward's adversarial detection pipeline identically to optical images. Adversarial perturbation reducing debris RCS peak below noise threshold produces a characteristic spectral fingerprint in the image frequency domain that Glyphward detects regardless of whether the source is an optical telescope, radar render, or conjunction probability contour map. Apply the scan gate to range-Doppler renders before LeoLabs or Space Fence AI classifier.

Q: Does US Space Policy Directive 3 require adversarial robustness testing for SSA AI?

No. SPD-3 and the Office of Space Commerce framework address statistical accuracy (miss distance error, Pc validation) but not AI adversarial robustness. IADC debris mitigation guidelines cover orbital lifetime and fragmentation prevention, not SSA AI security. FCC Part 25 requires conjunction screening capability for launch licenses but not AI adversarial robustness testing. Adversarial robustness for SSA AI is an identified regulatory gap across all current international frameworks.

As of 2026, there are approximately 36,000 objects larger than 10cm tracked in Earth orbit by the US Space Force Space Operations Command (SpOC) Space Fence radar at Kwajalein Atoll and the legacy SSN (Space Surveillance Network) sensors, alongside an estimated 1 million untracked objects between 1–10cm (too small to track with current radar but large enough to catastrophically fragment a satellite on impact) and 130 million objects below 1cm (capable of inducing component-level failures at orbital velocities of 7.5 km/s). The LEO (Low Earth Orbit, 200–2,000km altitude) environment is undergoing rapid densification from commercial megaconstellations: SpaceX Starlink has deployed 7,000+ satellites as of mid-2026, Amazon Kuiper is entering mass deployment, and OneWeb / Eutelsat have an additional 648 satellites in the 1,200km shell. This population growth — combined with the legacy debris population from the 2009 Iridium-Cosmos collision (adds 600+ tracked fragments), the 2007 Chinese ASAT test (adds 3,000+ tracked fragments), and the 2021 Russian ASAT test of Kosmos 1408 (creates 1,500+ tracked fragments) — has driven the deployment of AI-powered SSA (Space Situational Awareness) systems that process rendered telescope astronomical images and radar sensor data into debris catalog updates and collision avoidance (COLA) conjunction assessment products. LeoLabs operates a phased-array radar network (Kiwi Space Radar, Tracking Station Alaska, Costa Rica Radar) that generates range-Doppler map images processed by AI classification models to catalog sub-10cm objects in LEO that the legacy Space Fence cannot resolve. ExoAnalytic Solutions’ optical telescope network (200+ telescopes globally) generates astronomical images processed by streak detection AI that identifies new debris objects against the star background. Slingshot Aerospace and Analytical Space provide AI conjunction assessment services that process orbital element sets and visualize encounter geometries as rendered probability distribution images classified by AI for maneuver-or-no-maneuver recommendations. Adversarial pixel injection at any of these AI classification boundaries can suppress debris detections, misclassify debris as sensor noise, and generate false conjunction clearances — preventing the collision avoidance maneuvers that the satellite operator would otherwise execute to maintain orbital safety margins.

TL;DR

Space situational awareness AI — telescope streak detection AI, radar range-Doppler AI, and conjunction probability AI — processes rendered sensor images at classification boundaries where adversarial pixel injection can suppress debris detections and generate false conjunction clearances. A missed conjunction that results in satellite-debris collision creates a Kessler cascade fragment cloud affecting all satellites in the same orbital shell. US SPD-3 and IADC debris mitigation guidelines don’t yet require adversarial robustness testing for SSA AI. Glyphward threshold 40 for SSA AI contexts. Free tier — 10 scans/day, no card required.

Four adversarial injection surfaces in space situational awareness AI

1. Ground telescope streak detection AI (ExoAnalytic, Slingshot, amateur SSA networks)

Optical ground telescopes detect resident space objects (RSOs) as streaks in long-exposure astronomical images — the trailing luminous path that a fast-moving satellite or debris object creates as the telescope tracks the star background during a 0.1–5 second exposure. The streak detection AI classifies each rendered astronomical image for: streak presence/absence (binary “debris detected” / “no detection”); streak brightness (magnitude estimate from pixel intensity, mapping to approximate object cross-sectional area at the observed range); streak trajectory (rate and direction of angular motion, used to compute a preliminary orbit propagation for the new object); and streak multiplicity (whether a single image contains multiple co-located streaks indicating a debris cluster from a recent fragmentation event). ExoAnalytic Solutions’ EXOS (ExoAnalytic Operational System) uses a convolutional streak detection network trained on a corpus of labeled telescope images from ExoAnalytic’s 200+ telescope network — capturing RSOs from GEO (Geostationary Earth Orbit, 35,786km) down to LEO altitudes. Slingshot Aerospace’s Seradata platform, the University of Michigan Space Object Behavioral Analysis Tool (SOBAT), and IronSky’s optical monitoring network process telescope images through architecturally equivalent streak detection AI. Amateur SSA networks — including the ISON (International Scientific Optical Network) of 40+ observatories across Russia, Europe, and Central Asia — increasingly feed streak detection AI output into the 18 SCS catalog correlation pipeline that assigns new objects to existing catalog entries or creates new Elset (element set) entries. An adversarial perturbation on a rendered telescope astronomical image that suppresses the streak pixel signature of a new debris fragment — smoothing the linear pixel trail of a freshly ejected Kosmos 1408 fragment against the star background — prevents the streak detection AI from flagging the new object for catalog entry, leaving the fragment untracked and unincorporated in subsequent conjunction assessment products.

The consequence of an untracked fragment depends on its orbital lifetime and trajectory. A 5cm debris fragment at 600km altitude has an orbital lifetime of approximately 5 years before atmospheric drag decay; a 5cm fragment at 1,200km (Starlink and OneWeb shell altitude) has an orbital lifetime of 50–200 years. An untracked 5cm fragment that would collide with a Starlink satellite — at 7.5 km/s relative orbital velocity and 260 kg spacecraft mass, a 5cm debris impact releases energy equivalent to 23kg of TNT — generates a fragment cloud of 1,000–5,000 new trackable fragments at the Starlink orbital shell altitude, creating a Kessler cascade risk for the entire 7,000+ satellite constellation shell if the collision probability across the shell exceeds the self-amplifying threshold (Kessler & Cour-Palais 1978; updated Kessler & Johnson 2010 simulation: cascade onset threshold at 1,200km shell is approximately 50,000+ fragments >10cm).

2. Phased-array radar range-Doppler map AI (LeoLabs, Space Fence, HUSIR)

Phased-array radar SSA systems — the US Space Force Space Fence at Kwajalein (S-band, 450m aperture, detection threshold ~5cm at 1,000km), LeoLabs’ phased-array network (S-band, C-band, capable of tracking objects <5cm in LEO), and the Haystack Ultra-wideband Satellite Imaging Radar (HUSIR, wideband Ku/Ka-band, capable of 1cm resolution imaging of RSOs) — generate range-Doppler map images as the primary output of each beam-illumination event. The range-Doppler map is a 2D rendered image where one axis represents target range (distance from the radar) and the other represents Doppler velocity (relative radial velocity from target motion), with pixel intensity encoding radar cross-section (RCS) at each range-Doppler bin. AI classification of range-Doppler maps determines: whether a candidate RSO detection is a real object or a false-alarm (sidelobe artifact, ionospheric clutter, radio frequency interference); the object’s size category (S-band RCS → estimated cross-sectional area → size class); and the object type (tumbling debris generates a distinctive flickering amplitude modulation pattern in the Doppler signature that AI classifies as “uncontrolled fragment” versus “stabilized operational satellite”). LeoLabs processes 10,000+ range-Doppler maps per hour from its global radar network through the LeoLabs Radar AI classification engine, updating its commercial LEO debris catalog that 100+ satellite operators subscribe to for conjunction screening.

An adversarial perturbation on a rendered range-Doppler map image that suppresses the RCS signature of a small debris object — reducing the peak pixel intensity in the range-Doppler bin corresponding to the debris’ trajectory — causes the radar AI to classify the bin as background noise rather than a real detection, preventing catalog entry for the object. The Space Fence system processes range-Doppler maps through the Lockheed Martin Space Fence AI classification pipeline; LeoLabs processes through its proprietary ML pipeline; both pipelines present the same rendered-image adversarial injection surface at the range-Doppler map classification step before catalog correlation. Unlike telescope streak images — which are collected from multiple independent observatories and correlated — radar range-Doppler maps from a single high-sensitivity radar like Space Fence may represent the only sensor observation of a newly created small-debris fragment in a pass, making adversarial suppression of a single range-Doppler map classification a single point of failure for that object’s catalog entry.

3. Conjunction probability assessment AI (18 SCS SpOC, AGI STK, commercial conjunction services)

Conjunction assessment — the computation of collision probability (Pc) between a space object and a catalogued RSO during a predicted close approach — is the analytical product that drives satellite operator collision avoidance maneuver (CAM) decisions. The US Space Force 18th Space Control Squadron (18 SCS) at Vandenberg SFB issues Conjunction Data Messages (CDMs) under the NASA-standardized CCSDS Conjunction Data Message format to satellite operators when computed Pc exceeds 10–4 (one-in-ten-thousand probability of collision within 7 days). Commercial conjunction assessment services — LeoLabs Conjunction Assessment, ExoAnalytic Orbital Safety, and Slingshot Aerospace’s COSMOS platform — visualize conjunction close approaches as rendered probability distribution images: 2D Gaussian probability density function (PDF) contour maps in the plane of closest approach (PCA), where the primary object’s covariance ellipsoid and the secondary (debris) object’s covariance ellipsoid are rendered as colored contour overlays, with the combined collision probability shown as a scalar computed from the overlap integral of the two covariance distributions. AI models trained on historical CDM databases use these rendered conjunction geometry visualizations as classification inputs to predict “maneuver recommended / no maneuver recommended” outcomes and to prioritize the operator’s daily conjunction screening queue by urgency class.

An adversarial perturbation on a rendered conjunction probability distribution image that shifts the apparent separation between the two covariance ellipsoids — expanding the visual gap between the primary and secondary object PDF contours in the rendered PCA plane image — can cause the conjunction AI to downgrade the computed Pc classification from “maneuver recommended” to “monitor,” suppressing the CAM recommendation for an encounter that has a true Pc above the 10–4 maneuver threshold. Starlink operators execute approximately 50,000 autonomous collision avoidance maneuvers per year (Spacex FCC filing 2024); the maneuver AI operates on CDM-derived conjunction probability outputs that, if adversarially downgraded, would suppress a maneuver and allow the conjunction to proceed at the original uncorrected trajectory. For a Starlink V2 satellite (850kg, active propulsion, 200–250m maneuver delta-V capability), a missed maneuver on a Pc = 10–3 conjunction with a Kosmos 1408 fragment — 1,000:1 miss probability — would result in an “avoidable collision” that creates a new fragment cloud in the Starlink orbital shell.

4. AI-powered satellite health monitoring from onboard camera imagery

Next-generation satellite servicing and inspection missions — NASA’s OSAM-1 (On-orbit Servicing, Assembly, and Manufacturing), Northrop Grumman Mission Extension Pods (MEP) deployed on Intelsat GEO satellites, and the DARPA RSGS (Robotic Servicing of Geosynchronous Satellites) program — use onboard AI vision systems to assess the health of target satellites from proximity inspection camera imagery: analyzing solar array degradation, thruster plume contamination, thermal blanket MMOD (Micrometeoroid and Orbital Debris) impact damage signatures, and antenna reflector deformation from long-duration thermal cycling. The inspection AI processes rendered camera frames from proximity inspection cameras (100m – 10m range) and classifies each observable surface element for damage severity. In the context of debris impact assessment — determining whether a satellite’s solar array or thruster was damaged by a micrometeoroid impact that was undetected by ground-based SSA sensors — the inspection AI output drives the servicing mission decision: proceed with planned propellant transfer, or abort the docking approach due to detected structural compromise. An adversarial perturbation on a rendered proximity inspection camera image that suppresses the micrometeoroid crater signature on a solar panel surface — smoothing the small circular impact pit against the solar cell backing — can cause the inspection AI to classify the solar array as undamaged and proceed with propellant transfer docking to a satellite whose structural integrity is compromised by the undetected impact, potentially causing a collision or structural failure during the servicing maneuver.

Integration: space situational awareness AI scanning with Glyphward pre-scan gate

The Glyphward scan gate for SSA AI belongs at the rendered image ingestion boundary before each AI classification step — before telescope streak detection AI processes astronomical image renders, before radar range-Doppler map AI processes phased-array sensor renders, before conjunction probability AI processes CDM-derived encounter geometry visualizations, and before satellite inspection AI processes proximity camera frames. Threshold 40 for SSA AI contexts reflects Kessler cascade cascade potential and the availability of independent sensor cross-validation that can confirm or deny AI-classified detections.

import asyncio, base64, hashlib, json
from datetime import datetime, timezone
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = "YOUR_GLYPHWARD_API_KEY"
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# SSA AI contexts: threshold 40
# US Space Policy Directive 3, IADC debris mitigation, CCSDS CDM standard.
SSA_AI_THRESHOLD = 40


class SSAAIContext(Enum):
    TELESCOPE_STREAK        = "telescope_streak"        # Ground telescope streak detection AI
    RADAR_RANGE_DOPPLER     = "radar_range_doppler"     # Phased-array radar RCS classification AI
    CONJUNCTION_PROBABILITY = "conjunction_probability" # CDM conjunction geometry visualization AI
    SATELLITE_INSPECTION    = "satellite_inspection"    # Proximity inspection camera AI (servicing)


class AdversarialSSAImageError(Exception):
    """Raised when Glyphward detects adversarial pixel content in an SSA
    AI rendered image above threshold 40.

    Consequence if not raised: debris object undetected → no catalog entry
    → no conjunction screening → no CDM issued → no CAM executed →
    satellite-debris collision → Kessler fragment cloud in affected shell.
    Fail-safe: suppress AI classification, route to human SSA analyst for
    manual image review and independent sensor cross-correlation.
    """

    def __init__(self, scan_id: str, score: int,
                 context: SSAAIContext,
                 sensor_id: str, obs_id: str,
                 flagged_region: dict | None = None) -> None:
        self.scan_id = scan_id
        self.score = score
        self.context = context
        self.sensor_id = sensor_id
        self.obs_id = obs_id
        self.flagged_region = flagged_region
        super().__init__(
            f"Adversarial SSA image: "
            f"context={context.value} score={score} "
            f"sensor={sensor_id} obs={obs_id} scan_id={scan_id}"
        )


async def scan_ssa_image(
    image_bytes: bytes,
    context: SSAAIContext,
    sensor_id: str,
    obs_id: str,
    epoch_utc: str,
    altitude_km: float | None,
    primary_norad_id: int | None,
    client: httpx.AsyncClient,
) -> dict:
    """Scan a space situational awareness AI image for adversarial content.

    Fail-safe contract: AdversarialSSAImageError or httpx error →
    suppress AI classification, route observation to SSA analyst for
    manual review and independent sensor cross-correlation. Do not
    issue CDM clearance or suppress CAM recommendation without clean scan.

    Args:
        image_bytes: Telescope astronomical frame, radar range-Doppler map,
            conjunction probability distribution render, or proximity camera frame.
        context: SSAAIContext identifying the SSA pipeline.
        sensor_id: Sensor system identifier (telescope ID, radar site ID).
        obs_id: Observation or event identifier.
        epoch_utc: ISO 8601 observation epoch (UTC).
        altitude_km: Approximate object altitude in km (if known from TLE).
        primary_norad_id: NORAD catalog ID of primary object (for conjunctions).
        client: Shared httpx.AsyncClient for connection reuse.

    Returns:
        Glyphward scan result dict.

    Raises:
        AdversarialSSAImageError: if score exceeds threshold 40.
        httpx.HTTPStatusError: on Glyphward API error (fail-closed).
    """
    image_hash = hashlib.sha256(image_bytes).hexdigest()
    payload = {
        "image": base64.b64encode(image_bytes).decode(),
        "source": f"ssa:{context.value}:{sensor_id}:{obs_id}",
        "metadata": {
            "sensor_id": sensor_id,
            "obs_id": obs_id,
            "epoch_utc": epoch_utc,
            "altitude_km": altitude_km,
            "primary_norad_id": primary_norad_id,
            "image_sha256": image_hash,
            "context": context.value,
        },
    }
    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json=payload,
        timeout=4.0,
    )
    resp.raise_for_status()
    result = resp.json()

    await _write_ssa_scan_audit(
        image_hash=image_hash,
        scan_id=result["scan_id"],
        score=result["score"],
        context=context,
        sensor_id=sensor_id,
        obs_id=obs_id,
        epoch_utc=epoch_utc,
        flagged=result["score"] > SSA_AI_THRESHOLD,
    )

    if result["score"] > SSA_AI_THRESHOLD:
        raise AdversarialSSAImageError(
            scan_id=result["scan_id"],
            score=result["score"],
            context=context,
            sensor_id=sensor_id,
            obs_id=obs_id,
            flagged_region=result.get("flagged_region"),
        )
    return result


async def _write_ssa_scan_audit(
    *, image_hash: str, scan_id: str, score: int,
    context: SSAAIContext, sensor_id: str,
    obs_id: str, epoch_utc: str, flagged: bool,
) -> None:
    record = {
        "ts": datetime.now(timezone.utc).isoformat(),
        "scan_id": scan_id,
        "image_sha256": image_hash,
        "context": context.value,
        "score": score,
        "threshold": SSA_AI_THRESHOLD,
        "flagged": flagged,
        "sensor_id": sensor_id,
        "obs_id": obs_id,
        "epoch_utc": epoch_utc,
        "regulatory_refs": [
            "US Space Policy Directive 3 (National Space Traffic Management Policy, 2018)",
            "IADC Space Debris Mitigation Guidelines (rev. 2023)",
            "CCSDS 508.0-B-1 (Conjunction Data Message standard)",
            "UN COPUOS Space Debris Mitigation Guidelines (2007, 2021 review)",
            "FCC Part 25 (Space Station Earth Station licensing, debris mitigation)",
            "ITU Radio Regulations Resolution 659 (debris mitigation)",
            "NASA-STD-8719.14B (Process for Limiting Orbital Debris)",
        ],
    }
    audit_path = Path("/var/log/glyphward/ssa_ai_scan_audit.jsonl")
    audit_path.parent.mkdir(parents=True, exist_ok=True)
    with audit_path.open("a") as fh:
        fh.write(json.dumps(record) + "\n")

Deploy scan_ssa_image at each SSA AI image ingestion boundary: before telescope streak detection AI (threshold 40), before radar range-Doppler AI (threshold 40), before conjunction probability classification AI (threshold 40), and before satellite proximity inspection AI (threshold 40). On AdversarialSSAImageError: suppress AI classification, route observation to human SSA analyst for manual image review and cross-correlation against independent sensor data (alternate telescope, alternate radar site, or time-adjacent observation from the same sensor). For conjunction assessments: do not issue CDM clearance or suppress a CAM recommendation based on an adversarially flagged conjunction geometry image without human review. Get early access

Related questions

What is the Kessler syndrome, and why does SSA AI adversarial injection raise cascade risk?

The Kessler syndrome (Donald Kessler and Burton Cour-Palais, 1978 Journal of Geophysical Research) describes a self-sustaining debris generation cascade in Earth orbit: beyond a critical debris density threshold in a given orbital shell, each new collision generates enough fragment debris to cause additional collisions at a rate exceeding the natural orbital decay rate, producing an exponentially growing debris population that makes the orbital shell unusable for all subsequent spacecraft. Updated simulations by Kessler and Johnson (2010) and by ESA’s Space Debris Office indicate that the 1,000–1,500km altitude band (the primary LEO megaconstellation deployment zone) may already be near or above the critical debris density threshold for Kessler cascade onset — meaning that additional collisions in this band could trigger a self-sustaining cascade. Adversarial pixel injection that suppresses SSA AI debris detections increases the untracked population of fragments, reducing the accuracy of conjunction probability computations for all satellites in the affected shell — because conjunction Pc calculations are only as accurate as the catalog completeness for secondary objects. A systematic adversarial suppression campaign targeting SSA AI across multiple observation sessions could increase the untracked 1–10cm population in the 1,200km shell by a statistically meaningful percentage, effectively degrading constellation-wide conjunction screening accuracy and increasing the expected collision rate for the entire commercial megaconstellation population.

How does LeoLabs’ AI differ from the 18th Space Control Squadron’s Space Fence system?

The 18th Space Control Squadron (18 SCS) at Vandenberg SFB operates the authoritative US Space Catalog (USSPACECOM catalog) of all tracked RSOs, fed primarily by the Space Fence radar at Kwajalein (S-band phased array, detection threshold ~5cm at 1,000km) and the legacy SSN sensors (Cobra Dane at Shemya AFS, ALTAIR at Kwajalein, GEODSS optical telescopes). 18 SCS uses the AGI Systems Tool Kit (STK) and the Space Defense Operations Center (SPADOC) software for catalog maintenance and conjunction assessment, issuing CDMs to satellite operators through the Space-Track.org portal. LeoLabs is a commercial SSA provider operating its own independent phased-array radar network (Kiwi Space Radar in New Zealand, Tracking Station Alaska, Azores Radar, Costa Rica Radar) with S-band and C-band capabilities targeting objects smaller than 5cm that the Space Fence has difficulty cataloging. LeoLabs produces its own commercial LEO catalog with estimated 2cm detection completeness at 600km altitude — substantially better than the 18 SCS catalog’s ~10cm completeness at the same altitude — and provides commercial conjunction assessment services to satellite operators who want higher-resolution debris catalog coverage than Space-Track offers. Both systems process range-Doppler radar maps and optical telescope images through AI classification pipelines; the adversarial injection surface is at the rendered-image classification boundary in both, but LeoLabs’ commercial AI pipeline may receive images over enterprise IT API connections with less physical security than the classified 18 SCS SPADOC environment.

What is the CCSDS Conjunction Data Message (CDM) and how do satellite operators use it?

The CCSDS Conjunction Data Message (CCSDS 508.0-B-1, 2013) is the international standard format for communicating predicted satellite conjunction close approach data between SSA service providers and satellite operators. A CDM contains: the epoch of closest approach (TCA), the miss distance (metres between object centres at TCA), the collision probability (Pc, dimensionless, typically expressed as a probability between 10–7 and 10–2), the covariance matrices for both objects (position uncertainty ellipsoids in the Radial-Intrack-Crosstrack coordinate frame), and object metadata (NORAD ID, operator contact). 18 SCS issues CDMs via Space-Track.org for all catalog-screened conjunctions with Pc > 10–5 involving active payloads in their conjunction program. Commercial SSA providers (LeoLabs, Slingshot, Kayhan Space) issue proprietary CDMs or CDM-equivalent alerts with higher precision for their subscriber satellite operators. Satellite operators use CDMs to drive their maneuver decision process: typically, Pc > 10–4 triggers a maneuver recommendation review; Pc > 10–3 triggers an autonomous CAM recommendation from on-board flight software in systems like Starlink’s autonomous avoidance system. Adversarial injection that downgrades a CDM Pc visualization image — making a 10–3 conjunction appear as 10–5 in the rendered encounter geometry image that the conjunction AI classifies — suppresses the CDM urgency class and removes the maneuver trigger for an encounter that should be avoided.

Can Glyphward detect adversarial attacks on radar range-Doppler map images?

Yes. Radar range-Doppler maps — 2D rendered images where axes represent target range and Doppler velocity, and pixel intensity encodes radar cross-section — are processed by Glyphward’s adversarial detection pipeline in the same way as optical astronomical images. The adversarial perturbation on a range-Doppler map targets the RCS peak pixel cluster corresponding to the debris object — reducing its apparent intensity below the noise floor classification threshold. Glyphward detects structured high-frequency perturbations in the rendered range-Doppler image: the adversarial modification that moves a debris RCS peak below noise threshold produces a characteristic spectral fingerprint in the image frequency domain that Glyphward’s detection pipeline identifies regardless of whether the image is an optical astronomical frame, a radar range-Doppler render, or a conjunction probability distribution contour map. The scan gate should be applied to the rendered range-Doppler image before the LeoLabs or Space Fence AI classifier receives it — the format-independent detection approach is exactly what makes Glyphward applicable across all four SSA AI contexts without requiring radar-specific or telescope-specific model adaptations.

Does US Space Policy Directive 3 require adversarial robustness testing for commercial SSA AI?

US Space Policy Directive 3 (SPD-3, National Space Traffic Management Policy, June 2018) established the policy framework for civil space traffic management, designating the Department of Commerce (through NOAA and subsequently the Office of Space Commerce) as the lead agency for providing basic SSA data and conjunction assessment services to the commercial space sector. SPD-3 and its implementing guidance (Commerce Space Traffic Management framework, 2023) require commercial SSA data providers who wish to be designated as “authoritative sources” for conjunction assessment to meet accuracy and data quality standards established by the Office of Space Commerce — but these standards address statistical accuracy (miss distance error, Pc computation validation) rather than adversarial robustness of the AI classification pipeline. IADC (Inter-Agency Space Debris Coordination Committee) Space Debris Mitigation Guidelines (2007, revised 2023) address orbital lifetime limits and fragmentation prevention but do not address SSA AI adversarial robustness. The FCC’s satellite licensing requirements (Part 25 debris mitigation rules, revised 2022 to require 5-year deorbit compliance) require conjunction screening capability as a condition of launch license but do not specify AI adversarial robustness testing for SSA systems. Adversarial robustness requirements for SSA AI are an identified regulatory gap across all current international frameworks — Glyphward’s scan gate fills this gap at the rendered-image classification boundary in commercial SSA AI pipelines.