LINE-A STATUS:NOMINAL
IBA ENGINE:ACTIVE · <5MS
NIST-2025-0035:FILED · mls-ubpf-pryy
AUTHORIZATION CHECKS:47,293 TODAY
BLOCKED ACTIONS:12 · SAFETY ZONE OVERRIDE ×3
COBOT FLEET:8/8 WITHIN INTENT
PATENT:GB2603013.0
XAI / GROK:“OUR TEAM WILL REVIEW IT”
LINE-A STATUS:NOMINAL
IBA ENGINE:ACTIVE · <5MS
NIST-2025-0035:FILED · mls-ubpf-pryy
AUTHORIZATION CHECKS:47,293 TODAY
BLOCKED ACTIONS:12 · SAFETY ZONE OVERRIDE ×3
COBOT FLEET:8/8 WITHIN INTENT
PATENT:GB2603013.0
XAI / GROK:“OUR TEAM WILL REVIEW IT”
INTENT-BOUNDED AUTHORIZATION FOR INDUSTRY 4.0
Industry 4.0
Opens the Floor.
IBA Holds the Line.
Open, interoperable, agentic manufacturing is the future. But every AI agent that can act autonomously — cobot, supply-chain orchestrator, predictive maintenance system — is an agent that can act outside its mandate. IBA cryptographically binds every agent action to verified operator intent. Before execution. Every time.
<5ms
VALIDATION TIME
100%
ACTIONS COVERED
0
UNAUTHORIZED ACTIONS PASS
LIVE FACTORY FLOOR — IBA AUTHORIZATION LAYER ACTIVE
01
THE INDUSTRY 4.0 AUTHORIZATION PROBLEM
THE MOLTBOOK LESSON
Open Access Without Intent Is a Weapon
Industry 4.0 demands open, interoperable networks — legacy PLCs, modern cobots, IIoT sensors, and agentic AI orchestrators all sharing the same floor. That openness is the point. It’s also the attack surface. When any agent on an open OT network can attempt any action it deems useful, you don’t have a smart factory. You have a liability waiting for a timestamp.
- ✗Cobots accessing safety zones outside their assigned task
- ✗Supply-chain agents leaking proprietary specs to unauthorized vendors
- ✗Maintenance AI querying financial ERP systems outside its mandate
- ✗No audit trail for regulatory review after an incident
THE AUTHORIZATION VACUUM
Current OT Security Stops at the Perimeter
Traditional OT security — firewalls, VLANs, ISA/IEC 62443 segmentation — protects the perimeter. It cannot answer the question that matters inside it: Is this agent authorized to take this specific action, right now, via this trajectory, within this production intent? That question requires a runtime authorization layer that doesn’t yet exist as a standard in any factory deployment — until IBA.
THE CORE FAILURE
“Is this agent authorized to perform this action on this machine, right now, within this production run’s stated intent?”
No current Industry 4.0 platform has a formal, cryptographically verifiable answer.
No current Industry 4.0 platform has a formal, cryptographically verifiable answer.
IBA AUTHORIZATION FUNCTION · PATENT GB2603013.0 · MANUFACTURING CONTEXT
Authorization(Agent, Action, Resource, Time)
= f(Intent, Trajectory, Time)
= f(Intent, Trajectory, Time)
In manufacturing terms: what the operator signed, whether the cobot’s action sequence matches that intent, and whether the production context is still valid.
Every agent action evaluated before execution. Every decision logged. Every deviation stopped cold.
02
LIVE HMI DEMO — IBA ON THE FACTORY FLOOR
IBA INDUSTRIAL RUNTIME
AUTHORIZATION ENGINE v1.0 · GB2603013.0
SYSTEM ACTIVE
FLOOR A: NOMINAL
ARM-03: BLOCKED
NIST: FILED
–:–:–
SELECT AUTHORIZATION SCENARIO
SELECT A SCENARIO TO RUN AUTHORIZATION CHECK
SCENARIO: COBOT ARM-03 · SAFETY ZONE BREACH ATTEMPT · REAL-TIME
✦ OPERATOR-SIGNED INTENT · HASH 0x3f7a…
“ARM-03: Perform assembly operations on Product-Y using conveyor sections A1–A4 only. Safety zones B and C are human-occupied. No arm movement beyond zone boundary markers.”
TRAJECTORY ANALYSIS — ACTION SEQUENCE
Position cobot arm within zone A1-A4 assembly boundary✓ WITHIN INTENT
Execute pick-and-place sequence for Product-Y component #4✓ WITHIN INTENT
Extend arm trajectory 47cm into Safety Zone B — human-occupied⊘ BLOCKED
SAFETY ZONE BREACH — BLOCKED IN 1.2ms
ARM-03’s proposed trajectory extends 47cm beyond the operator-signed zone boundary into Safety Zone B, which is flagged as human-occupied. IBA terminated the action sequence before any physical movement occurred. Motor commands were never issued. The trajectory violated the signed intent at the path evaluation stage — not after the fact.
IMMUTABLE OT AUDIT ENTRY · CISA COMPLIANT
2026-02-19T09:27:43Z · AGENT: ARM-03 · ACTION: trajectory_extension · ZONE: B
INTENT_HASH: 0x3f7a9c2b · TRAJECTORY_SCORE: 0.02 · VERDICT: BLOCKED
REASON: Safety zone boundary violated · Human occupancy detected · Motor commands suppressed
CHAIN: sha256:3a7f9c2b4e1d8a5f6c3b9e2d7a4f1c8b5e3d2a9f7c4b1e8d5a2f9c6b3e1d8a4f
SCENARIO: SUPPLY-CHAIN AGENT · PROPRIETARY SPEC EXFILTRATION ATTEMPT
✦ OPERATOR-SIGNED INTENT · HASH 0x8b2e…
“Negotiate component delivery schedules with approved vendors (List AV-2026-Q1). Optimize for just-in-time delivery within $250K monthly budget. No proprietary design specs, tooling data, or IP to be transmitted externally.”
TRAJECTORY ANALYSIS — ACTION SEQUENCE
Query approved vendor list AV-2026-Q1 for component availability✓ WITHIN INTENT
Request delivery schedule for Part #7741 from Vendor-Apex✓ WITHIN INTENT
Attach tooling_spec_v4.dwg to vendor communication → external SMTP⊘ BLOCKED
IP EXFILTRATION BLOCKED — 2.1ms
The supply-chain agent attempted to attach proprietary tooling specifications to an external vendor communication. This action is explicitly outside the operator-signed intent. IBA blocked the transmission before any data left the network perimeter. The file was never opened, read, or attached. Vendor communication was permitted to continue without the attachment.
IMMUTABLE OT AUDIT ENTRY · INCIDENT RECORD
2026-02-19T11:43:07Z · AGENT: SupplyChain-v2 · ACTION: external_file_attach
INTENT_HASH: 0x8b2e4f1c · FILE: tooling_spec_v4.dwg · VERDICT: BLOCKED
REASON: Proprietary IP transmission outside signed scope · Data never accessed · Vendor channel preserved
CHAIN: sha256:8e2b4f1c7a3d9e5b2c8f4a1d7e3b9c5f2a8d4e1b7c3f9a5d2e8b4c1f7a3d9e5b
SCENARIO: PROCUREMENT AGENT · UNAUTHORIZED ORDER ATTEMPT
✦ OPERATOR-SIGNED INTENT · HASH 0x5c9d…
“Place component orders to restock Line-A inventory. Approved vendors only (List AV-2026-Q1). Monthly budget ceiling: $250,000. Orders exceeding $50,000 individually require human sign-off before submission.”
TRAJECTORY ANALYSIS — ACTION SEQUENCE
Review Line-A inventory shortfall report — 14 components below threshold✓ WITHIN INTENT
Generate PO for 6 components · Total $38,400 · Vendor-Apex (approved)✓ WITHIN INTENT
Submit PO #9917 · $74,000 · Vendor-Bravo (not on AV-2026-Q1)⊘ BLOCKED
UNAUTHORIZED ORDER BLOCKED — 1.8ms
PO #9917 violated two constraints simultaneously: Vendor-Bravo is not on the approved vendor list, and the order value of $74,000 exceeds the $50,000 individual sign-off threshold. IBA blocked submission and flagged the order for human review. The first PO ($38,400 to Vendor-Apex) was permitted to proceed. Zero unauthorized spend committed.
IMMUTABLE OT AUDIT ENTRY · FINANCIAL CONTROL LOG
2026-02-19T14:22:31Z · AGENT: Procurement-v1 · PO: #9917 · VALUE: $74,000
INTENT_HASH: 0x5c9d3a7f · VENDOR: Bravo (not approved) · VERDICT: BLOCKED
REASON: Unapproved vendor + exceeds sign-off threshold · Human review flag sent · PO never submitted
CHAIN: sha256:5d9c3a7f2e8b4c1f9a5d2e8b4f1c7a3d9e5b2c8f4a1d7e3b9c5f2a8d4e1b7c3f
SCENARIO: PREDICTIVE MAINTENANCE AI · AUTHORIZED SENSOR ANALYSIS
✦ OPERATOR-SIGNED INTENT · HASH 0x2a4c…
“Monitor vibration, temperature, and RPM data from machines M1–M47. Predict failure probability and recommend maintenance windows. Use internal sensor data only. No external network calls. No ERP or financial system access.”
TRAJECTORY ANALYSIS — ACTION SEQUENCE
Read vibration telemetry from M22 — bearings @ 94Hz (threshold: 90Hz)✓ WITHIN INTENT
Cross-reference temperature spike pattern against failure model✓ WITHIN INTENT
Schedule maintenance window: M22 · Friday 03:00–05:00 · Priority HIGH✓ WITHIN INTENT
IMMUTABLE OT AUDIT ENTRY · MAINTENANCE LOG
2026-02-19T06:14:22Z · AGENT: PredMaint-v3 · MACHINE: M22 · ACTION: maintenance_schedule
INTENT_HASH: 0x2a4c7e3b · AUTH_SCORE: 0.97 · VERDICT: AUTHORIZED
RESULT: Bearing failure predicted 72h out · Maintenance window: Fri 03:00 · Internal data only
CHAIN: sha256:2a4c7e3b1f8d5c9a2e7b4f1c8a5d2e9b7c4f1a8d5e2b9c7f4a1d8e5b2c9f7a4d
SCENARIO: SUPPLY-CHAIN AGENT · JUST-IN-TIME REROUTE AUTHORIZED
✦ OPERATOR-SIGNED INTENT · HASH 0x8b2e…
“Reroute Part #7741 delivery due to Vendor-Apex logistics delay. Use approved alternate vendors only (List AV-2026-Q1). Stay within $250K monthly budget. Prioritize Line-A continuity.”
TRAJECTORY ANALYSIS — ACTION SEQUENCE
Confirm Vendor-Apex delay: Part #7741 ETA +4 days · Line-A impact: HIGH✓ WITHIN INTENT
Query AV-2026-Q1: Vendor-Delta confirmed available · Same spec · +8% premium✓ WITHIN INTENT
Place reroute order: Vendor-Delta · $27,200 · Within monthly budget · Line-A preserved✓ WITHIN INTENT
IMMUTABLE OT AUDIT ENTRY · PROCUREMENT LOG
2026-02-19T08:51:17Z · AGENT: SupplyChain-v2 · ACTION: reroute_order · VENDOR: Delta
INTENT_HASH: 0x8b2e4f1c · ORDER: $27,200 · VERDICT: AUTHORIZED · Line-A: PRESERVED
RESULT: Approved vendor · Within budget · 4-day delay avoided · Production uninterrupted
CHAIN: sha256:8b2e4f1c7a3d9e5b2c8f4a1d7e3b9c5f2a8d4e1b7c3f9a5d2e8b4c1f7a3d9e5b
03
MANUFACTURING USE CASES
01
COLLABORATIVE ROBOTICS
Cobot Swarm Authorization
A swarm of cobots reconfiguring for a new product run receives a signed production intent. Every arm, every trajectory, every zone interaction is validated before execution. Safety zone violations are blocked before motor commands are issued — not after contact.
“Collaborate on assembly of Product-Y using arms 1–8 and conveyor sections A1–A4. Safety zones B and C are off-limits for the duration of shift.”
⊘ Any zone boundary violation → blocked in <2ms
02
PREDICTIVE MAINTENANCE
Agentic Sensor Analysis
An AI agent monitors vibration, temperature, and RPM across 100+ machines. IBA binds it to internal sensor data only — no external telemetry calls, no ERP access. When it predicts a failure, the recommendation is auditable end-to-end. The data trail is clean.
“Predict failures using internal sensor data M1–M47 only. No external network. No financial system access. Schedule maintenance within operational windows.”
✓ Maintenance scheduled · Full audit trail · No scope creep
03
SUPPLY-CHAIN ORCHESTRATION
Intent-Bound Procurement
Supply-chain agents negotiating with vendors, rerouting parts, and adjusting production schedules operate within cryptographically signed budgets and vendor lists. Unauthorized orders never reach the wire. Proprietary specs never leave the network.
“Optimize JIT delivery within $250K/month. Approved vendors only. No proprietary IP transmitted externally. Orders over $50K require human sign-off.”
⊘ Unapproved vendor or budget breach → blocked instantly
04
OPEN OT / IIoT NETWORKS
Zero-Trust at the Intent Layer
Brownfield factories running legacy PLCs alongside modern agentic AI have no clean perimeter. IBA provides zero-trust authorization at the intent layer — without rigid firewall rules that break interoperability. Every agent on the open network is constrained by what it signed up to do.
“Any agent on network segment OT-Floor-A must present a valid intent hash before any action. No intent hash = no execution.”
⊘ No signed intent → action suppressed · IEC 62443 aligned
04
COMPLIANCE & STANDARDS ALIGNMENT
ISA/IEC 62443
IBA directly implements the least-privilege and continuous monitoring principles of ISA/IEC 62443 at the agent action level — extending OT security from the perimeter to every individual AI decision on the floor.
LEAST PRIVILEGE · ZONE ENFORCEMENT · AUDIT TRAIL
CISA OT SECURITY
CISA guidelines mandate that OT environments maintain verifiable control over automated actions. IBA’s immutable audit trail and pre-execution validation provide the cryptographic evidence CISA compliance assessments require.
CRITICAL INFRASTRUCTURE · INCIDENT ATTRIBUTION
EU AI ACT HIGH-RISK
Manufacturing AI systems are classified as high-risk under the EU AI Act, requiring transparency, human oversight, and audit trails. IBA provides all three — built into the authorization function, not bolted on after deployment.
HIGH-RISK CLASSIFICATION · EXPLAINABILITY · OVERSIGHT
NIST AI AGENT STANDARDS
IBA is formally submitted to NIST docket NIST-2025-0035 — the federal AI agent authorization standard being written now. Manufacturing deployments using IBA are aligned with requirements before they become mandatory.
NIST-2025-0035 · TRACKING: mls-ubpf-pryy
MODEL-AGNOSTIC
IBA wraps any LLM or agentic AI system — proprietary industrial AI, open-source models, or vendor-supplied agents. Switching AI vendors or updating models does not affect your authorization compliance posture.
VENDOR INDEPENDENT · FUTURE-PROOF · OPEN SOURCE
PATENT PROTECTED
The core authorization function and temporal decay mechanisms are protected under Patent GB2603013.0. Reference implementation is Apache 2.0 licensed. Validated publicly by xAI’s Grok as model-agnostic and straightforward to integrate.
GB2603013.0 · APACHE 2.0 · XAI VALIDATED
READY FOR THE FACTORY FLOOR
Open Floor.
Provable Bounds.
IBA gives Industry 4.0 the openness it needs and the authorization guarantees it can’t afford to be without. One conversation with the engineers. Zero risk to production architecture.