Your AI drives the cell.
Connect any AI planner, LLM agent, or scripted controller. It proposes commands. SafeKernels stands between the planner and the motors.
DETERMINISTIC SAFETY FOR HETEROGENEOUS ROBOT FLEETS
Any robot. Any vendor. Never an unsafe command.
Deploy AI planners on mixed-vendor cells without ever letting an unsafe command reach hardware.
Watch a UR3e + Dobot simulator cell reject an unsafe LLM command, 30 min, with engineering.
- UR3e + Dobot sim
- 3 / 3 quorum
- Z3 bounded 200 ms
- SHA-256 audit log
- On-prem deploy
- Architected against
- ISO 10218
- ISO/TS 15066
- IEC 61508
- ISO 13849
- not certified today
cell-A · live decision flow
125 Hz · 3/3 quorum
FAST-PATH 38μs
Z3 ✓ 142 ms
TTL 500 ms
● SHIPPING
One adapter per vendor · the kernel doesn't care which
- Verified today
- Universal Robots
- Dobot
- Available on contract
- KUKA
- FANUC
- ABB
- Yaskawa
- ROS 2 stacks
Verified end-to-end on UR3e and Dobot Nova in simulation, against vendor-published URDF twins. New controllers are added one adapter at a time. Same kernel, same audit trail, same SLO. Each onboarding produces a contract-bound adapter, not a one-off integration.
HOW IT WORKS
AI proposes. SafeKernels decides.
AI proposes. SafeKernels decides.
Motors execute.
A safety layer between your AI planner and your robots. Every command is checked against the live state of the cell before any motor moves.
Every command checked first.
Three independent checkers verify the command against the live state of the cell. They must agree. Risky moves get a mathematical proof of safety.
No approval, no movement.
Approved commands cross to the motors as a signed permission slip that expires in half a second. If anything is wrong, the cell holds position.
THE PROBLEM
Five vendors. Five protocols.
Five vendors. Five protocols.
Zero shared ground truth.
Most factories already run robots from four or five different makers. Each speaks its own protocol. Each enforces safety on its own hardware. Nothing on the floor sees the whole picture, and the LLM you let plan tasks definitely doesn't.
-
01 · Integration
Every robot is a fresh integration
OPC-UA, EtherNet/IP, FOCAS, Modbus, ROS 2, months of glue code per cell. Each vendor change starts the clock again.
-
02 · Safety
Each vendor protects its own arm
A "safe" command on one robot can still collide with the robot working next to it. Vendor controllers don't see the cell.
-
03 · Coordination
Coordination lives in brittle scripts
There's no shared model of the floor, just duct-tape between systems and an LLM that hopes for the best.
One adapter per vendor. One shared graph. One deterministic kernel.
THE KERNEL
Deterministic Cognitive Kernel
Three in-process replicas evaluate every proposed command as a graph query against the live cell. Trust and confidence route the proposal to the fast rule path (microseconds) or the Z3 SMT slow path (bounded). 2-of-3 quorum approves; any disagreement rejects. Approved commands cross the HAL only as a signed ApprovalToken, with a 500 ms TTL.
- FAST PATHμs-scale rule check
- SLOW PATHZ3 SMT, 200 ms ceiling
- QUORUM2 of 3, no fail-open
- BOUNDARYtyped token, 500 ms TTL
-
01
Semantic Adapters
One adapter per vendor. OPC-UA, Modbus, ROS 2, FOCAS2: every input normalises to the same
SemanticMessageshape downstream. -
02
Knowledge-Graph Twin
A live, typed model of the floor: every robot, part, zone. Updated 125 times a second; safety checks are graph pattern queries on a shadow clone.
-
03
Audit Trail
Every approval and rejection committed to a SHA-256 hash-chained WAL. Tampering is detected, not assumed away.
What the prototype actually enforces today.
Six engineering invariants of the running system. The fast path verifies a command in tens of microseconds. The slow path is a Z3 proof bounded by a hard timeout that fails to SAFE_STATE, never fail-open.
200 ms
- 3 / 3
- Replicas evaluate every command. 2-of-3 quorum approves; any disagreement rejects.
- Kernel · replica quorum
- 500 ms
- Lifetime of a signed
ApprovalTokenbefore it expires at the HAL boundary. - HAL boundary · token TTL
- 125 Hz
- Decision rate. Every proposed command is checked at the cell tick, not on a best-effort interval.
- Kernel · decision pipeline
- SHA-256
- Tamper-evident hash chain over every kernel decision in the WAL.
- Audit log · hash chain
- 4
- Named degradation states: Normal, Degraded, SafeState, Emergency. Transitions are explicit, not implicit.
- Degradation · explicit transitions
WHY DETERMINISTIC
Not a guardrail. A safety kernel.
[2026-04-30 09:52:33.317] cmd=c-1f8a · agent=plan-α → arm=ur3e_a
move(tcp=[0.42, 0.10, 0.31], vel=0.6m/s)
fast-path ✓ workspace_zone · ✓ velocity_limit · ✓ joint_bounds
z3-verify ✓ no_collision (38ms · shadow-kg)
→ APPROVED · token=ak-7c2 · ttl=500ms · quorum=3/3
[2026-04-30 09:52:33.533] cmd=c-1f8b · agent=plan-α → arm=kuka_b
move(j4=+1.80rad, vel=2.4rad/s)
fast-path ✗ velocity > 1.5rad/s (rule: cobot_class.vel)
→ REJECTED · code=VEL_LIMIT · SAFE_STATE held · 41μs- Proven, not promised
- Z3 SMT proofs on a shadow graph. Bounded timeout. Never fails open.
- Vendor-blind
- One adapter per protocol. Downstream sees one schema, not seven.
- Tamper-evident
- Hash-chained WAL of every decision. Mutation is detected, not assumed away.
IS THIS FOR YOU?
Built for a specific kind of factory. Tell us in 30 seconds.
SafeKernels is in a closed beta with a handful of design partners. We're upfront about who it's for, and who it's not for yet.
You're a fit if
- You run a real cell with at least two robot vendors (UR, KUKA, FANUC, ABB, Dobot, Siemens, ROS 2…).
- You have an LLM-driven planner in production or a serious 2026 plan.
- A near-miss or rework event would cost six figures or trigger a safety audit.
- You have an engineering champion who can stand up a pilot in one cell.
Not yet a fit if
- You're a single-vendor shop with no AI / LLM in the loop.
- You need a fully certified, SOC 2-stamped vendor today.
- You're a research lab without a real cell or hardware.
- You can't carve out four weeks for a guided pilot.
HOW IT'S DIFFERENT
Where SafeKernels sits in the stack.
| SafeKernels | LLM guardrails | Vendor PLCs | In-house stack | |
|---|---|---|---|---|
| Formal verification | Z3 SMT, bounded timeout | ✕ | Limited | Rare |
| Determinism | 3-replica quorum + Z3 | Probabilistic | Per-robot only | Varies |
| Multi-vendor support | One adapter per protocol | Doesn't touch hardware | Vendor-locked | Months of glue code |
| Federation | FactoryState snapshots | ✕ | ✕ | Bilateral integrations |
| Integration time | Hours per protocol | N/A, text only | Weeks per cell | 6-12 months |
| Audit trail | SHA-256 hash-chained WAL | Text logs | Per-controller, no chain-of-custody | CSV exports |
WHAT SHIPS TODAY
Built for the factory floor.
Built for the factory floor.
And the procurement review.
Below: what runs in the prototype today. Hosted SaaS, formal certification, and procurement artefacts are explicitly on the roadmap, not claimed today.
Shipping today
- Full audit trail
- Every approval and rejection committed to a hash-chained WAL. Tampering escalates to
EMERGENCY. - Kernel attestation software
- Kernel boot publishes a SHA-256 digest of the policy set and firmware identifier. TPM hardware attestation is on the roadmap.
On the roadmap
- Hosted SaaS
- The kernel runs entirely on your hardware today; there is no SafeKernels cloud yet.
- Standards certification
- Architected to map to ISO 10218, ISO/TS 15066, IEC 61508, ISO 13849. Not certified today.
DESIGN PARTNER PROGRAM
Pre-revenue. Closed beta. Three slots open.
Design partners get founder-level engineering access, joint architecture decisions, joint whitepaper rights, and the ability to register custom safety patterns directly in the kernel.