Independent AI validation. Hardware safety layer.
SASM (Standardized Autonomous Safety Module) is an independent validation engine and hardware-enforced actuator-cut layer for any system where AI controls motion. Robots are the obvious case. They are not the only case.
Industrial cobots. Autonomous vehicles. Medical robotics. Warehouse automation. Drones. Field equipment. Anywhere an AI decision translates into physical motion, the same architecture applies. Validate the command before it reaches the actuator. Cut power to the actuator in under ten milliseconds when validation fails. Keep the AI alive on a separate rail so you can replay what it was thinking when the cut happened.
The Problem
Every AI system that drives physical motion today marks its own homework. The same model that decides to execute a command is the one asked to decide whether that command was safe. There is no independent second opinion in the loop. When something goes wrong, the manufacturer has neither a clean forensic chain showing what the AI was reasoning about at the moment of failure, nor an actuator-level record showing whether the system tried to intervene before the damage occurred.
Every manufacturer also builds their own stack from scratch. Custom boards, custom AI runtime, custom safety-layer code (when safety exists as code at all, which is often not the case). Nothing is interchangeable. Nothing is independently verified. Insurance carriers cannot meaningfully underwrite a population of one, and liability attaches wherever the deepest pocket is.
In 1995 Intel published the ATX specification and every PC component became interchangeable within eighteen months. We are doing the same thing for the safety layer underneath AI-controlled motion, except this time the standard begins with independent validation and hardware enforcement, not with an afterthought bolted on later.
What SASM actually is (and is not)
SASM is not a kill switch. This matters. A kill switch cuts power to everything, including the AI compute. The instant you kill the AI, you lose your forensic record. You lose the ability to detect alignment faking (where a model behaves differently when it believes it is being evaluated). You lose the reasoning trace that tells an insurer, a regulator, or a court what the system was doing at the moment of failure.
SASM cuts power to the actuators. The motors stop, the robot freezes, the vehicle brakes, the surgical arm holds position. The AI compute stays alive on a separate, isolated power rail. It can still receive sensor data. It can still reason. It cannot move the machine. This is the standard Safe Torque Off pattern that industrial safety PLCs have used for thirty years, adapted to the age of AI-driven control.
The validation layer sits in front of the actuator-cut trigger. Multiple independent AI models evaluate every command. Disagreement between models does not get silently averaged. It gets surfaced, logged, and escalated. The single-model-marks-its-own-homework failure mode is replaced by a consensus gate no one model can bypass.
Architecture
SASM Safety Subsystem
Dedicated safety processor on its own power rail. Independent of AI compute. Can disconnect actuators in under 10ms. The AI stays alive for observation and forensic logging. This is Safe Torque Off, not a kill switch.
AI Consensus Engine
Multi-vendor AI consensus (9x9). Multiple independent models evaluate every command before execution. No single model gets unilateral control. Disagreement triggers escalation, not action.
MIM Connector
Manufacturer Interface Module. Pluggable adapter between the standardized brain and any manufacturer's robot body. Crypto authentication, protocol translation, configuration memory.
Cortex Memory
Priority-organized persistent memory. The system learns from experience, strengthens important memories, lets irrelevant ones decay. Patent-pending (22 claims).
Beyond robots
The page lives at /safety/robot-brain for historical reasons. The architecture is not robot-specific. Anywhere an AI decision translates into physical action, the same independent-validation plus hardware-enforced-cut pattern applies.
Industrial cobots
Shared human-robot workcells where the consequence of a miscommand is a crushed hand.
Autonomous vehicles
Drive-by-wire platforms where a single-model override without human oversight is a headline.
Medical robotics
Surgical arms, rehabilitation devices, patient handling. FDA-grade forensic record is the price of admission.
Warehouse automation
AMRs, picker arms, conveyor-integrated manipulators sharing aisle space with workers.
Drones and UAS
Autonomous flight platforms where actuator-cut means a controlled descent, not a falling brick.
Field equipment
Agricultural, construction, mining autonomy in environments humans also occupy.
Three Form Factors
Small robots, drones, mobile platforms. Minimal compute, full safety.
Humanoid robots, industrial cobots. Full AI compute + safety + memory.
Heavy industrial, fleet coordinators. Maximum compute, redundant safety.
Why insurance is the forcing function
Product liability law in the United States applies today. Not when a future AI regulation passes. Not when the EU AI Act deadlines arrive. Today. A manufacturer that ships an AI-controlled machine assumes strict liability for a foreseeable category of harm. Insurance carriers price that exposure, and the carrier that cannot price the exposure declines to underwrite or prices prohibitively.
An independent validation layer plus hardware-enforced Safe Torque Off plus a forensic log that survives the incident changes what can be underwritten. It lets an insurer model the failure-to-harm pathway, estimate mitigated-loss curves, and write a policy whose premium reflects actual risk rather than the worst-case assumption carriers fall back on when they have no data. This is the commercial case for the architecture, and it is the reason the United States market adopts first regardless of regulatory timelines.
Patent Coverage
Hardware (4 PPAs, 33 claims)
- Standardized form factor and mechanical dimensions
- MIM connector with crypto authentication
- Safety-first power gating with autonomous revocation
- Integrated modular brain system architecture
Software (10 PPAs, 94 claims)
- Multi-vendor AI consensus engine
- Transparent reasoning verification
- Cortex memory engine (priority-organized persistent memory)
- Safety micro-agent architecture
- Fleet coordination protocol
16 PPAs filed. 156 claims. Seeking hardware manufacturing partners.
Related: SASM product page for the full safety module spec. Investors for the commercial case. About for the founder story behind the architecture.