Building the foundations of Physical AI through Execution Integrity

There is a gap in current autonomous AI - the gap between whether the data the AI operates on can be true, or not. We call this the Execution Integrity Gap. Our PILOT solution fills this gap by providing the integrity layer that means autonomous AI always makes decisions on data that is trustworthy.

Learn more

Modern IT and cyber-physical environments generate enormous amounts of telemetry — yet most security tools can only observe activity, not verify whether the system state they describe can actually be true. As attackers increasingly use valid credentials and approved paths, malicious behaviour blends into normal operations and evades traditional detection.

Physical AI powers autonomous systems with real-world consequences — from robots to power grids and defense systems — where reliability is critical. Netsapien™ PILOT (Parallel Integrity Layer of Truth) is a validation layer that verifies operational states before AI acts, ensuring decisions are based on trustworthy system truth rather than AI assumptions alone.

AI + PILOT is formally and mathematically proven to always be better than AI alone for Execution Integrity in all real-world conditions. The worst-case exposed risk gap is bounded by (100 - A%), where A is the AI provider's own lowest verified accuracy. Proof available on request.

  • Physical AI is artificial intelligence that doesn't just process or analyse - it acts. Autonomously. In the real world. These are the systems where a wrong decision isn't just an error on a screen. It has physical consequences. 

    Physical AI includes: 

    • Autonomous vehicles and self-driving systems

    • Industrial and surgical robots

    • AI-managed power grids and energy infrastructure

    • AI-controlled water treatment and utilities

    • Data centres and AI factories managed by autonomous systems

    • Drones and unmanned aerial vehicles

    • Oil, gas and high-energy industrial systems controlled by AI

    • AI-directed defence systems 

    As Physical AI scales, one question becomes the load-bearing constraint for every system in this list: can the AI be certain that the operational state it is acting on is true?  This is the Execution Integrity question. PILOT answers it.

  • Execution Integrity is the foundational layer that makes sure autonomous AI in Physical AI systems is acting on the truth - not on potentially falsified, degraded, or incorrect data.  Without Execution Integrity, an autonomous system can be working perfectly - and still cause catastrophic harm. Because it trusts the data it receives. And data can be wrong. 

    Execution Integrity seeks to overcome three failure classes:

    • Cyber manipulation and attack: a malicious actor alters the data the AI receives, causing it to act on a false operational state. Traditional security tools detect threats - but they cannot guarantee the integrity of the data the AI is already acting on. 

    • Sensor error or drift: a sensor malfunctions, degrades, or drifts out of calibration. The AI receives readings that are physically impossible or inconsistent. It acts on them anyway, because nothing tells it not to.

    • Degraded data: telemetry is incomplete, delayed, or corrupted in transit. The AI's picture of operational state is partial or wrong. It makes decisions based on that partial picture.

    In all three cases, the cause is different. The consequence is the same: the AI acts on a lie.  PILOT addresses all three. Before the AI acts, PILOT checks whether it is physically and logically possible for the system to be in the state the data describes. If the answer is no - or even uncertain - the AI does not act on that data.  This is not a probabilistic check. It is deterministic. Valid, Violation, or Uncertain. Every time, before every action.

Concept is Proven

Validation Statistics: Independent EU-funded research. Peer-reviewed. Published. November 2025.

74%

Reduction in false alarms

84

Cyber threats validated across 3 independent OT testbeds

83%

Stealth attack detection rate

<3.2ms 

End-to-end validation latency 

Firesapien: Winner, Best Innovation

UK Public Sector Transformation Awards 2024

Causal System Modeling (Truth, Not Logs)

  • PILOT continuously builds a causal representation of the system it observes — digital, physical, or hybrid — encoding how that system must behave over time.

    Instead of trusting individual logs, alerts, or sensor readings, PILOT reasons about whether the overall system state implied by all telemetry can actually be true. This shifts security from observing activity to validating reality.

    Why it matters:
    Attackers can fake signals. They cannot fake causal reality.

Invariant-Based Validation (How Real Systems Behave)

  • Rather than looking for known attacks or anomalies, PILOT evaluates telemetry against a small set of domain-specific invariants — fundamental rules that must hold true if the system is operating normally.

    These invariants describe how systems work, not how attacks look. Examples include:

    • access must lead to plausible use,

    • execution must incur real resource cost,

    • physical processes must obey conservation laws.

    If these rules are violated, the system state is implausible — even if every individual signal appears normal.

    Why it matters:
    This catches stealthy, credential-based, and low-noise attacks that evade correlation and signatures.

Parallel Validation Layer (Works With Your Stack)

  • PILOT runs alongside existing security, IT, and OT tools as a non-intrusive validation layer. It does not sit in the data path, replace detection systems, or act as a new alert engine.

    Instead, PILOT treats all incoming data as signals, not ground truth, and validates whether the story those tools are telling is coherent before decisions, automation, or AI inference occur.

    Why it matters:
    Existing tools become more trustworthy, false alarms drop, and root cause analysis starts where reality first broke — not at downstream symptoms.

Use case:

IT Threat (Cyber-Digital)

  • An attacker compromises valid user credentials and accesses a sensitive media or IP asset through an approved application. The file is opened or copied, but no editing, processing, or downstream workflow follows. The asset is placed into an approved sync or sharing service and later retrieved outside the organisation via a trusted partner or cloud link.

    • Access was authorised.

    • The application used was approved.

    • Data moved through sanctioned services.

    • No signatures, policy violations, or anomalies are triggered.

    Correlation-based tools observe events but do not encode expectations about what should happen next.

  • PILOT enforces the invariant “use follows access.”

    Access to a high-value asset without a credible downstream workflow is causally implausible. The absence of expected use is itself a signal. PILOT detects the global inconsistency between access, execution, and resource usage.

  • Instead of investigating hundreds of benign access events, RCA immediately narrows to who accessed the asset, why no workflow followed, and how it exited the system.

    • Traditional tools: Never (no policy violated)

    • PILOT: Immediate (causal violation detected)

Use case:

OT Threat (Cyber-Physical)

  • An attacker manipulates sensor readings to show normal pressure and flow while physical actuators drive a process outside safe limits.

    • Sensor values remain within expected ranges.

    • Network traffic appears normal.

    • No alarms are triggered at the sensor layer.

  • PILOT enforces physical invariants such as conservation of mass and energy.
    Sensor readings that do not match actuator behaviour and downstream physical effects are causally impossible.

  • RCA immediately identifies which sensor or control loop broke physical coherence, avoiding lengthy fault isolation.

    • Traditional tools: When physical damage occurs

    • PILOT: Before physics violation causes harm

Beyond Cyber

  • Where PILOT validates what is happening now, Firesapien models what could happen next. Firesapien enables faster-than-real-time simulation of cyber-physical systems by encoding the physics of real-world threats - fire, pressure, thermal propagation, and other domain-specific physical processes - and computing their consequences ahead of real time. This capability provides predictive threat modeling, scenario planning, and ‘what if’ analysis for infrastructure resilience. Fire is the universal threat present in every critical infrastructure environment; it is the primary domain for which Firesapien is validated, and the clearest illustration of the broader physics-based simulation capability.

  • The security industry has spent decades asking one question: is this behaviour unusual? DTS asks a different question: is this system state actually possible?

    This distinction defines a new category. DTS calls it Execution Integrity - the continuous, deterministic verification that a cyber-physical system is doing what it is supposed to be doing, traceable to physical and logical ground truth.

    The threats that Execution Integrity addresses are not only malicious. They are malicious, benign and data-led. A sensor spoofed by an attacker, a software update that corrupts a physical process, and a poorly calibrated AI model driving a system outside safe parameters are all Execution Integrity failures. Conventional cybersecurity tools are designed to detect the first. They have no reliable answer to the second or third.

    PILOT and Firesapien together constitute a Unified Cyber-Physical Defence platform. PILOT verifies system state against physical and logical constraints in real time. Firesapien enables faster-than-real-time simulation of those same systems, computing the consequences of threats before they cause harm. The underlying methodology - Parameter Inversion - is the causal verification engine beneath both.

    DTS is not just a cybersecurity company. It is the integrity layer that makes autonomous AI deployment in critical infrastructure trustworthy.

Why Now?

AI is moving from inference into autonomous execution - in power grids, water treatment plants, autonomous vehicles, robotics, data centres and AI factories, oil and gas and high-energy industrial systems, and defence. As it does, one capability becomes the load-bearing constraint: can we be certain that the operational state the AI is acting on is admissible?  No existing tool answers this deterministically - this is the Execution Integrity Gap. PILOT fills this gap.  The Physical AI and autonomous industrial control market is projected to reach $1.7 trillion by 2035 (Kaiso Research, Goldman Sachs). DTS filed the foundational IP for this market a year before the category had a name.

Commercial Momentum

Active engagements across critical national infrastructure (water utilities), physical AI and automotive, systems integration, cybersecurity platforms, power infrastructure, water managed services, defence, and the insurance market.

DTS is proud to be an NVIDIA Inception Program Member, and our solutions are designed around their market-leading technology stacks, including but not limited to:

  • Trusted Out-of-Band Cyber Telemetry

  • GPU-accelerated Cybersecurity Framework

  • Digital Twin & Simulation Platform

  • GPU Programming Framework

Shaping the Future of Cyber Defence

We are at pre-seed stage and in active discussions with investors. The technology risk is already gone - the mathematical proof exists before any PoC is built, proving that PILOT always improves the AI it supports. Independent validation of an architecture matching our designs has been peer reviewed. If you are interested in the investment opportunity, please get in touch.

Get Involved