# Integrity Kernel MOC
The **Integrity Kernel** is a deterministic, cross-domain anomaly-detection layer for industrial control systems (ICS / [[The OT Intelligence Layer|OT]]). Instead of scoring how "weird" a reading looks, it answers a harder question — *are we still allowed to act on this system?* — and answers it reproducibly enough to stand as evidence. Built by [[Founder and Origin|Nabiel H]] at Admissibility Systems (Doha, Qatar).
> [!abstract] The one-sentence version
> A fixed, unmodified trust core runs eight rules and six proven invariants to drive a four-state trust machine, producing bit-identical results across four physically distinct water/process domains — turning anomaly detection into a [[Fail-Closed Trust Gate|fail-closed gate]] backed by [[Frozen Evidence Baseline|admissible, frozen evidence]].
> [!quote] Positioning (lead with this)
> *"A deterministic, cross-domain anomaly-detection trust layer for industrial control systems."* The customer is the [[Trust Layer for Operators|plant operator]]; the product is continuous, physics-grounded signal verification. IK does **not** compete with telemetry/monitoring incumbents — it sits **above** them as a governing trust layer ([[Layered Positioning]]). A plain-English handle: *a tamper-detection system for industrial machines that uses physics instead of AI.*
## How it works
- [[Four-State Trust Machine]] — `TRUSTED → DEGRADED → UNTRUSTED → SAFE_STATE`; trust is the output, and it degrades monotonically.
- [[Detection Rules]] — the eight rules (R1–R8) that catch deviation.
- [[Pressure Baseline Drift]] — R5/R5b, the most discriminative check (1,262× SWaT, 1,188× HAI).
- [[Proven Invariants]] — 6 of 15 proven (I1–I6); what must always hold.
- [[Fail-Closed Trust Gate]] — execution validity vs. prediction quality; deny-by-default.
## Architecture & portability
- [[Common Trust Core]] — one unmodified `kernel.py` everywhere (the heart).
- [[Agnostic Engine]] — ACE; per-industry **adapters** sit between telemetry-in and the kernel, normalising signals and injecting domain physics.
- [[Profile-Based Portability]] — new sites/industries are an adapter, not a code fork.
- [[Cross-Domain Validation]] — same core across SWRO, WADI, HAI 21.03, SWaT.
## Why it's defensible
- [[Deterministic Detection]] — the core architectural property; reproducible over 899,838+ rows via SHA-256.
- Physics as the arbiter — physical laws are not probabilistic; the kernel verifies signals against mass-balance and pressure behaviour, not statistical priors.
## Evidence & scope
- [[Frozen Evidence Baseline]] — `IK_MASTER_PROGRAM_FREEZE_V1`, 27 proven claims.
- [[Unvalidated Components]] — ACE, MCC, Command Validation (honestly excluded).
- [[Maturity Levels]] — currently Level 3; pilot drives Level 3 → Level 4.
## Path to deployment
- [[Deployment Path]] — Replay → Advisory → Enforcement (pilot phases 1A/1B/1C). Outputs are **read-only/advisory** today; operators won't allow anything to disturb live control.
## Positioning, market & founder
- [[Trust Layer for Operators]] — the customer is the operator; value = continuous signal verification vs. manual checks every 8 hours; one prevented shutdown justifies the cost.
- [[Layered Positioning]] — complements Dragos / Claroty / Nozomi / Honeywell as a governing layer; also reads as a cyber / anti-spoof play.
- [[Founder and Origin]] — Nabiel's telemetry/RO/vibration-monitoring background; gaps to fill are product packaging, engineering capacity, and a pilot/data partner.
- **Expansion** — beachhead in **water** (desalination is the easiest entry), then vertically into **energy / electrical (incl. T&D)**, and geographically **Qatar → GCC → Saudi, UAE**. Market context: UK water carries **£50M+** fines for these integrity failures.
## Related notes in this vault
> [!info] Connections to existing thinking
> The Integrity Kernel sits at the intersection of industrial AI, evidence-based diligence, and infrastructure defensibility already mapped elsewhere in the vault.
- [[The OT Intelligence Layer]] — the broader OT data/trust opportunity this lives inside.
- [[Industrial AI MOC]] — consultancy-vs-platform and [[Deployment Velocity]] framing apply directly.
- [[Evidence Hierarchy]] — the proven/claimed discipline behind the frozen baseline.
- [[Technical DD Framework]] — how an investor would pressure-test these claims.
- [[Data Moat]] · [[Switching Cost Design]] — why a fixed, embedded trust core compounds.
- [[Sovereign AI Positioning]] — GCC critical-infrastructure go-to-market (Qatar / Kahramaa).
- [[Renacore/Security and Zero Trust]] · [[Renacore/Pilot Structure and KPIs]] — adjacent OT-security and pilot patterns.
- [[IP Strategy for Deep Tech Startups]] — protecting a deterministic core + evidence package.
- [[The Age of Vertical Models]] · [[Selling AI MOC]] — vertical, trust-led enterprise motion.
## Map
```mermaid
graph TD
MOC[Integrity Kernel] --> Core[Common Trust Core]
Core --> Rules[Detection Rules R1-R8]
Core --> Inv[Proven Invariants I1-I6]
Rules --> R5[Pressure Baseline Drift]
Rules --> FSM[Four-State Trust Machine]
Inv --> FSM
FSM --> Gate[Fail-Closed Trust Gate]
Core --> Port[Profile-Based Portability]
Port --> Val[Cross-Domain Validation]
Core --> Det[Deterministic Detection]
Det --> Freeze[Frozen Evidence Baseline]
Freeze --> Unval[Unvalidated Components]
Gate --> Deploy[Deployment Path]
Deploy --> Mat[Maturity Levels]
class Core,Rules,Inv,R5,FSM,Gate,Port,Val,Det,Freeze,Unval,Deploy,Mat internal-link;
```
---
Source: `Nabiel - Integrity Kernal` submission package (Read Me, Overview, Technical Summary, Pilot Proposal, Founder Brief).
Tags: #integrity-kernel #deeptech #systems #kp