Can Vaikora enforce rules at the OT/IT boundary?

Yes. The policy engine inspects every cross-boundary call and applies zone-and-conduit rules consistent with IEC 62443.

Does Vaikora require modifying the SCADA or historian systems?

No. The policy engine is deployed at the agent runtime layer, not inside OT systems. Existing OT controls remain unchanged.

What's the latency for agents that read from a historian?

Sub-10ms policy evaluation overhead. The historian call itself is whatever the historian's normal latency is.

Does Vaikora help with ITAR compliance?

Yes. Rules can match on ITAR data tags and enforce export-control rules at every agent action.

Vaikora for Manufacturing

AI Runtime Control for Industrial Operations, OT Integration, and Supply Chain

Book a 14-Day Pilot

When a manufacturing AI agent reads from an OT historian and recommends a setpoint change, what stops it from pushing the change without a human in the loop? When a supplier-onboarding AI processes a contract, what prevents it from binding the company to terms outside its authority? When a quality-control agent inspects production data, what keeps it from exposing trade secrets to external systems?

Vaikora is the deterministic policy layer for AI agents operating in industrial environments where the cost of being wrong runs from unplanned downtime to physical equipment damage to safety incidents.

The manufacturing AI agent problem

AI is showing up in manufacturing through three doors: OT/IT convergence (agents that read OT data to inform IT decisions), supply chain (agents that handle vendor onboarding and contract analysis), and shop-floor copilots (agents that assist operators and engineers). Each door brings risk that traditional IT security tools were not designed for.

Specific challenges:

IT/OT boundary protection when agents read from historians (PI, Aveva, Honeywell)
Setpoint changes initiated by AI agents that should require human approval
Trade secret protection in agents that process production data
Supply chain AI agents binding the company to terms or pricing

Compliance frameworks Vaikora addresses

NIST CSF 2.0: alignment to GOVERN, IDENTIFY, PROTECT functions for AI components
IEC 62443 (industrial cybersecurity): zone-and-conduit-aware policy rules for AI agents crossing OT/IT boundaries
ISO 27001 Annex A: A.8 access control, A.12 operations security
ITAR/EAR (for defense-related manufacturing): export-control rules on AI-processed data

Sample policy rules

- name: ot_setpoint_change_requires_human
  match: { tool: ot.write_setpoint }
  decision: require_approval

- name: historian_read_does_not_propagate_to_internet
  match: { tool: "external_api.*", payload.source: "ot_historian" }
  decision: deny

- name: contract_signing_above_threshold_requires_approval
  match: { tool: contract.execute, arg.value: "> 50000" }
  decision: require_approval

- name: itar_data_no_foreign_agent_access
  match: { tool: "*", payload.itar_controlled: true, caller.geographic_origin: "!= US" }
  decision: deny

Resources

FAQs for Manufacturing

Can Vaikora enforce rules at the OT/IT boundary? Yes. The policy engine inspects every cross-boundary call and applies zone-and-conduit rules consistent with IEC 62443.
Does Vaikora require modifying the SCADA or historian systems? No. The policy engine is deployed at the agent runtime layer, not inside OT systems. Existing OT controls remain unchanged.
What’s the latency for agents that read from a historian? Sub-10ms policy evaluation overhead. The historian call itself is whatever the historian’s normal latency is.
Does Vaikora help with ITAR compliance? Yes. Rules can match on ITAR data tags and enforce export-control rules at every agent action.