Download .docx

KavAI Platform (KAP)

Real-Time Integrity Intelligence System™
Investigate & Escalate

Version: 3.7

Date: 2026-06-22

Author: KavAI Development Team

Kav AI Platform (KAP) — Product Requirements Document

Real-Time Integrity Intelligence System™ — Active Physical Intelligence at Industrial Scale

Kav AI Development Team

2026-06-22

Document Status This document presents Kav AI’s product vision, completed milestones, and roadmap through Q4 2026. It is intended for enterprise procurement stakeholders, customers, executive decision-makers, and partner integrity-engineering firms. Technical implementation details are contained in the Technical Appendix. The document is procurement-readiness oriented: it states the pilot asset-class scope, a shared capability-status vocabulary (Delivered / In Progress / Q3 / Q4 / H1 2027), a single canonical human-in-the-loop verification rule, explicit read-only SCADA framing, and a consolidated security technical reference. Q2 2026 commitments are engineering-backed. Q3 and Q4 items are directional and subject to revision.
Platform status Current focus Next milestone
Live — App MVP deployed AI Q2 Delivery — Jun 2026 Persistent Sensing — Q3 2026

1 Executive Summary

1.1 Kav AI — Real-Time Integrity Intelligence System™ · Active Physical Intelligence™

Kav AI is a Real-Time Integrity Intelligence System for refinery and petrochemical operators. It closes the loop between what sensors see, what process data says, and what engineering codes require — delivering continuously updated risk assessments that an integrity team can act on in hours, not weeks.

The platform operates as a continuous Active Physical Intelligence™ layer over the facility: it ingests visual inspection data (RGB, thermal, OGI), reads operational data from SCADA and process historians, and reasons across both inside a persistent 3D model of the plant. The loop extends through autonomous robot patrols, fixed plant infrastructure, and CAD / engineering context. The operating posture is continuous coverage from commodity fleets, cross-source confirmation as the noise filter, and a partner-integrated delivery model that puts qualified integrity engineers in the human-in-the-loop seat. The result is a single system that connects physical condition to process context to damage mechanism to risk score to recommended action — the full integrity chain, automated and auditable.

Kav AI is not a hardware manufacturer, not a SCADA replacement, not a robotics company, and not a general-purpose industrial AI platform. It is the integrity intelligence layer that sits above existing systems — purpose-built for the closed-loop analytical chain from Integrity Operating Windows (IOWs) through Damage Mechanism Reviews (DMRs) to prioritized inspection plans. Kav AI reads from operational systems; it never writes to SCADA or control systems, never actuates valves, and never commands field equipment.

1.1.1 Why refinery and petrochemical first

Kav AI’s beachhead market is downstream oil and gas — refineries and petrochemical plants — where the convergence of regulatory pressure (API 580/581/584), high unplanned downtime cost, and fragmented inspection workflows creates the strongest initial pull. The platform’s architecture is industry-agnostic, but the domain model, validation data, and go-to-market are focused here until traction is established. Expansion to adjacent asset-intensive industries (power generation, LNG, chemicals) follows.

Figure 1. Kav AI Platform — System Overview. Inputs (evidence and engineering context) enter read-only at the bottom and flow upward into the platform’s internal capabilities — World Model, Evidence Confidence, Integrity Analytical Chain, Application Surface, and Operator Handoff — over a vendor-neutral runtime; decisions, reports, and operator-confirmed handoff surface at the top. Dashed arrows indicate recommendation outputs requiring operator confirmation, preserving Kav AI’s observe-reason-recommend posture. Technologies are named generically as they may change.

Observe-reason-recommend only — read-only by design Kav AI ingests SCADA data read-only via OPC UA. It does not write to control systems, actuate valves, or dispatch field actions autonomously. The platform observes, reasons, and recommends; every action that touches the plant is taken by a qualified operator. This boundary is enforced technically (read/subscribe-only access rights, DMZ write-rejection, firewall port restriction) and is detailed in the Deployment Architecture section.
Business consequence Kav AI response
Unplanned shutdowns at mid-sized refineries cost $500K–$2M per day¹ Continuous anomaly detection surfaces emerging failures before shutdown is required
Fewer than 10% of captured inspection imagery is reviewed by a qualified engineer under current workflows² AI-assisted triage is designed to surface all captured imagery for engineer-confirmed review, flagging anomalies automatically
Facilities take 5–10 days to move from inspection capture to actionable integrity decision² Kav AI targets a triage-to-work-order cycle of < 4 hours (pilot objective, benchmarked against M3 deployment) versus a typical 5–10 days
Solomon Associates benchmarking shows a 4–8 percentage-point availability gap between top- and bottom-quartile facilities, worth tens of millions annually per site³ Kav AI’s Solomon-benchmarked outputs provide directly comparable, defensible performance metrics
Robot inspection coverage capped by ~90-minute battery endurance and manual charging Fixed plant infrastructure (docking, beacons, 5G) plus high-endurance platforms target ≥ 20 h/day continuous coverage at a fully equipped site (Q4 / H1 2027 roadmap)

¹ Solomon Associates, Downstream Industry Report, 2023. ² Kav AI customer discovery interviews, 8 facilities, 2025. ³ Solomon Associates, RAM Study benchmarking data, 2023.

1.2 What Kav AI is — and is not

To anchor procurement and partner conversations on the same operating identity, the platform’s boundaries are stated explicitly:

Kav AI is Kav AI is not
A continuous integrity intelligence layer that observes, reasons, and recommends A control system. It never actuates valves or writes commands to plant control systems.
A vertical platform for asset integrity and predictive maintenance in asset-intensive industries A general-purpose industrial AI platform
Hardware-agnostic across drones, robots, fixed sensors, and SCADA A robotics company. Locomotion is delegated to commodity legged, wheeled, and flying platforms.
A decision-support tool for qualified integrity engineers A replacement for operators or engineers. Human oversight is a design requirement.

1.3 Competitive Moat

Kav AI’s durable advantage rests on five reinforcing pillars that no single incumbent or combination of point solutions replicates:

Pillar What it means Why it’s hard to replicate
Closed-loop integrity intelligence Purpose-built to connect visual inspection + SCADA context + damage mechanism reasoning + risk quantification + recommended action in a single automated chain (IOW → DMR → API 581 risk → inspection plan) — a combination no incumbent currently offers in one platform. Requires the integrity domain model (API 571/581/584), the multimodal AI pipeline, and the 3D spatial model — all tightly integrated. No incumbent owns all three.
Cross-source correlation engine Findings from drone campaigns, robot patrols, and SCADA are tagged, matched within a 2 m spatial radius, and rescored across independent sources. Multi-source confirmed findings target TPR > 98% / FPR < 2%. Requires both the multimodal sensing layer and the spatial+temporal correlation primitive. Single-source competitors are structurally exposed to environmental noise.
Data flywheel Every inspection campaign and recurring patrol ingested improves facility-specific detection models. A customer who has run 10 campaigns and 90 days of repeat patrols has a progressively harder-to-replicate model tuned to their equipment, corrosion patterns, route history, and operating conditions. Model performance compounds with use. A competitor entering at campaign 1 faces the same cold-start problem Kav AI has already solved for that facility. This advantage widens with each campaign, patrol, and operator-confirmed outcome, and is reflected in the subscription model.
Deployment speed 90-day pilot framework with measurable success criteria, focused on visual inspection data — distinct from the multi-quarter data-modeling effort typical of full enterprise data-fusion or RBI platform implementations. Purpose-built for inspection data operators already capture (drone imagery). No LiDAR, no engineering CAD, no multi-quarter data model mapping required.
End-to-end, hardware-agnostic, partner-integrated solution Ingests data from any visual sensor (DJI, Skydio, Flyability, FLIR), autonomous robot patrols via the Kav AI Robot Sensor Interface (KRSI), any SCADA vendor (Emerson, Siemens, AVEVA, Ignition via OPC UA), and any historian (PI, InfluxDB, TimescaleDB), while accepting multiple engineering-model formats. The Active Physical Intelligence loop is delivered jointly with qualified mechanical-integrity partners (e.g., OI.Expert) who own the human-in-the-loop validation seat. No vendor lock-in at any layer. Operators keep their existing capture hardware, fleet vendors, control systems, and engineering systems. Kav AI adds the intelligence layer, partners add the engineering judgment, without requiring infrastructure replacement.

The moat deepens with every deployment: each facility’s data trains better models, each integration validates the connector ecosystem, each partner DMR sharpens the integrity domain model, and each successful pilot becomes a reference customer. This is not a feature advantage — it is a compounding system advantage.

2 The Opportunity

2.1 Market context

Kav AI’s beachhead market is downstream oil and gas — refineries and petrochemical plants. These facilities face the sharpest version of a universal industrial challenge: inspection and operational data live in separate silos, and the people responsible for facility safety spend significant time manually correlating data across all of them. The regulatory framework (API 580/581/584), the cost of unplanned downtime ($500K–$2M/day), and the maturity of RBI adoption make downstream the market where Kav AI’s closed-loop integrity intelligence delivers the fastest, most measurable value.

Market segment 2024/2025 size Projected 2030
Drone inspection & monitoring⁴ $16.4B (2024) $38B at 15% CAGR
Industrial AI⁵ $47B (2024) >14% CAGR
Global SCADA⁶ $12.9B (2025) $20B

⁴ MarketsandMarkets, Drone Inspection and Monitoring Market Report, 2024. ⁵ Grand View Research, Industrial AI Market Analysis, 2024. ⁶ MarketsandMarkets, SCADA Market Global Forecast to 2030, 2025.

2.1.1 Expansion roadmap

Once Kav AI establishes reference customers and repeatable deployment in refinery/petrochemical, the platform expands to adjacent asset-intensive industries where similar inspection and integrity challenges exist:

Phase Target industry Entry trigger
Phase 1 (current) Refinery & petrochemical Active — inspection campaigns with U.S. Tier-1 refineries (California and Texas)
Phase 2 LNG terminals & gas processing First refinery reference customer at production scale; autonomous robot coverage validated in large outdoor areas
Phase 3 Power generation (gas/steam turbine) Proven SCADA connector ecosystem; 5+ facility deployments; CAD / engineering context reusable outside downstream
Phase 4 Chemicals & specialty processing Domain model extension validated by Phase 2–3 learnings
Phase 5 High-hazard decommissioning & high-regulation sites Dose-aware robot workflow, lifetime retention model, and compliance package validated with a design partner

2.2 Why now

Four enabling technologies reached production readiness between 2023 and 2024 and only now make the Kav AI platform feasible at scale:

2.3 Competitive landscape

Kav AI’s most important competitor is the combination of tools the integrity team already pays for: an RBI platform (orKsoft, GE Vernova APM, or equivalent), a process historian (OSIsoft PI or AVEVA), and a CMMS (SAP PM or Maximo). Kav AI must demonstrate that it delivers more value than the integration budget that would otherwise connect these three systems.

Platform What they do well What they lack Kav AI position
orKsoft (Améthyste) 21 years of deployment maturity; API 581, 584, and 579 fully embedded; on-premise live; enterprise-certified. The incumbent RBI platform at European downstream operators. No visual inspection layer. No photorealistic 3D model. Cannot cross-reference an IOW exceedance with a physical image of the equipment. Remaining life is single-point; no P90 CI. Kav AI is the physical-world visibility layer orKsoft lacks. The two platforms are complementary: orKsoft owns the engineering record; Kav AI closes the loop between process data and physical condition.
Cognite Data Fusion Data aggregation across IT (Information Technology), OT (Operational Technology), and ET (Engineering Technology) silos, knowledge graphs, automated workflows. Strong partnership with NVIDIA (Omniverse) for industrial digital twins. Primary focus is enterprise-wide data fusion; visual inspection layer and photorealistic 3D facility mapping sit outside the platform’s core scope. Full enterprise deployments involve substantial data-modeling effort. Kav AI is complementary at the visual-inspection layer: a 3D model built from drone imagery operators already capture, with a 90-day pilot scope focused on integrity findings. Findings can flow into a Cognite data-fusion environment where one is in place.
Meridium (GE Vernova APM) Live IOW with 12 damage mechanisms, proven API 581 engine, 300+ customers. Highest score (3.0/3.0) in Verdantix APM Green Quadrant 2024. No visual inspection layer. No AI-linked cross-reference between IOW exceedance and physical imagery. No photorealistic 3D model from drone imagery. Kav AI is designed to complement Meridium’s RBI workflow by adding the physical inspection evidence layer — Stage 4 physical validation closure — that its workflow-driven platform requires but does not natively capture.
Percepto Autonomous capture, emissions compliance, real-time anomaly detection from flight data Narrow AI layer. No cross-modal reasoning with operational data. No SCADA integration. Limited CAD / RBI context. Kav AI adds the SCADA context, CAD-backed asset identity, and multi-modal reasoning that Percepto does not provide; Percepto-captured data can be ingested as a source.
Flyability Confined-space inspection, strong NDT hardware integrations for close-contact inspection No AI reasoning layer. No persistent 3D model. No operational data context. Hardware-agnostic; Kav AI ingests Flyability data as a compatible source.
AVEVA / OSIsoft (PI) Industry-standard process historian (PI System), real-time control, and extensive OT integration ecosystem. Ecosystem is fragmented across legacy local clients. AI capabilities (Atlas AI) are emerging but lack 3D spatial context for physical assets. Not competitive — foundational. PI provides the ‘When’ (time-series). Kav AI adds the ‘Where’ (3D space) and the ‘What’ (damage mechanism reasoning). Kav AI reads from PI via OPC UA/Web API and is designed to feed findings back into PI-connected workflows.
Emerson Plantweb Optics + AMS Deep historian integration, AMS Device Manager for rotating equipment health, Plantweb analytics suite — large installed base at downstream operators Rotating equipment focus. No native IOW / API 584 module. No visual inspection layer. No photorealistic 3D model from drone imagery. Different scope — Emerson owns rotating equipment condition monitoring; Kav AI owns fixed equipment / visual inspection. Coexistence, not displacement.
Hexagon Asset Lifecycle Intelligence (ALI) Comprehensive asset lifecycle management, P&ID integration, inspection data management — strong at engineering documentation and compliance workflows. Being spun off as “Octave” with proposed US listing in 2026. Workflow and documentation-centric. No real-time AI anomaly detection. No photorealistic 3D model from drone imagery. High implementation cost and timeline. Kav AI deploys faster, provides AI-native anomaly detection, and can feed findings into Hexagon’s compliance workflows. Kav AI PRD lists Hexagon ALI as a planned output connector.
Aucerna / Quorum Business Solutions Upstream production operations, decline curve analytics, and field data capture — strong in upstream E&P financial and operational planning Upstream-focused. No visual inspection capability. No integrity reasoning or damage mechanism analysis. Different buyer; Kav AI targets inspection and integrity teams, not production planning.
Kav AI Visual inspection + operational data context + 3D spatial model + conversational AI + cross-source correlation engine — all unified in one platform, hardware-agnostic and system-agnostic. The platform is purpose-built to close the full loop: sensor data → damage mechanism → risk score → inspection plan → physical validation — continuously, as Active Physical Intelligence. Multi-source confirmed findings target TPR > 98% / FPR < 2%. Purpose-built to read visual inspection data and SCADA context in the same spatial model, run cross-source confirmation across drone, robot, and SCADA in one engine, and provide physical validation closure (Stage 4) — a combination no incumbent currently offers.

Figure 2.1. System Architecture & Purdue Model Alignment. Kav AI connects to Level 3 Historians or OPC UA middleware, maintaining a strictly read-only relationship with the control network (Level 2). Robot, CAD, and fixed-infrastructure sources strengthen the integrity context while the OT boundary remains unchanged.

2.4 The Data Flywheel — Kav AI’s Compounding Advantage

Kav AI’s competitive moat is not static — it compounds with every inspection campaign a customer runs through the platform.

How it works:

  1. Campaign ingestion — Each inspection campaign (RGB, thermal, OGI) adds labeled examples of facility-specific defect patterns, corrosion signatures, and equipment conditions to the training corpus.
  2. Patrol accumulation — Repeated robot patrols add temporal history on the same assets, turning one-time detections into trendable condition signals.
  3. Model refinement — Detection models are retrained on the expanded dataset after each campaign and patrol cycle. Facility-specific patterns (e.g., CUI signatures on a specific insulation type, thermal profiles unique to a particular heat exchanger configuration) improve detection precision.
  4. OOD detector calibration — The Out-of-Distribution detector is retrained on the expanded input distribution, reducing false OOD flags and improving the signal-to-noise ratio for operators.
  5. Confidence calibration — Empirical accuracy data from operator confirmations, dismissals, and cross-source corroboration refines the confidence scoring model, tightening the calibration curve.

The compounding effect: A customer who has run 10 campaigns and built months of repeat patrol history has a detection model tuned to their specific equipment, corrosion patterns, route coverage, and operating conditions that a new entrant cannot replicate without running the same sequence. This advantage widens with each campaign and patrol — making Kav AI progressively harder to displace at each facility.

Pricing alignment: Campaign volume is reflected in the subscription model (see Appendix H). Higher-tier subscriptions include more campaigns per year, directly linking customer investment to model performance improvement.

Competitive risk acknowledgment — Cognite consolidation scenario A plausible consolidation scenario is Cognite partnering with an autonomous inspection platform (Percepto, Skydio, or a new entrant) and bundling visual inspection into Data Fusion. Such an integration would likely take multiple quarters to mature. Kav AI’s durable differentiators in that scenario: (1) Photorealistic 3D facility model built from drone imagery operators already capture — Cognite’s Omniverse pathway is anchored in engineering CAD, which requires LiDAR or existing CAD data; (2) IOW/DMR closed-loop chain integrating visual evidence with SCADA — this requires the integrity domain model rather than a drone-vendor acquisition; (3) Deployment scope — Kav AI’s 90-day inspection-focused pilot complements rather than competes with Cognite’s broader data-fusion footprint; (4) Data flywheel — each inspection campaign compounds Kav AI’s facility-specific model advantage, creating switching costs that grow with use.

3 The Journey So Far

Kav AI has been in development since May 2025. In less than a year, the platform has moved from a blank canvas to a live alpha with two major milestones fully delivered and a third in active shipment.

Milestone Name What was delivered Status
M0 Platform Foundation — Jul 2025 3D viewer, authentication, image gallery, and operator dashboard — validated with a first real-world inspection dataset (RGB imagery) Delivered
M1 AI Foundation — Dec 2025 Multimodal AI pipeline, natural language interface, automated task coordination, and a machine vision engine prototype — validated with thermal imagery and gas sensor readings Delivered
M2 App MVP — Mar 2026 Production-ready 3D viewer and AI chat unified in a single operator interface Delivered
M3 AI Q2 Delivery — Jun 2026 Contextual data chat, persona workspaces, failure recovery, and agent evaluation tests In Progress (Q2)
M4 Persistent Sensing — Q3 2026 Multi-sensor automated detection, CAD/P&ID ingestion, geo-tagged spatial anchoring, and contextual chat Ph.1 — plus sensor-native analysis, actionable insights, chat with 3D map, interactive overlays, and automated reports rescheduled from Q2 Q3 Target
M5 Engineering Context & Enterprise — Q4 2026 SCADA/OPC UA connectors, 3D CAD overlay, P&ID SQL, SOC 2 Type II, compliance management, and air-gapped deployment Q4 Target

3.1 What M0 and M1 proved

The foundation milestones were validated against real inspection data — not synthetic benchmarks or demos. M0 was tested with a first inspection campaign producing RGB imagery from an industrial facility. M1 raised the bar: a second inspection campaign introduced thermal imagery alongside RGB, plus structured sensor readings — gas concentration, temperature, and humidity. The AI pipeline was tested against this richer, multimodal dataset, reasoning across modalities on real industrial data.

M1 also included a deliberate technical bet: a proof-of-concept machine vision engine, validating that defect detection models can be called on demand by the AI pipeline. The Q2 visual perception features build directly on that validated pattern.

Third inspection campaign A third inspection campaign is planned at an oil refinery, with an expanded sensor suite including OGI imagery, calibrated thermal, additional gas measurements, and a path to repeat patrol comparison. This is the first real-world bridge between the campaign-based inspection workflow and the persistent robot-enabled workflow.

3.2 MVP demonstration sequence

In parallel with the platform milestones, Kav AI runs a public-facing MVP demonstration sequence that turns the engineering work above into outcomes a non-technical buyer can evaluate. Each capability and MVP table below carries an explicit delivery-state Status.

Status key The Status column on the tables that follow uses a single shared vocabulary so a procurement reviewer can tell at a glance what exists today versus what is planned: Delivered — in the live platform now; In Progress (Q2) — actively shipping for the Jun 2026 / M3 milestone; Q3 Target — planned for the M4 (Q3 2026) milestone; Q4 Target — planned for the M5 (Q4 2026) milestone; H1 2027 Roadmap — directional, beyond the committed milestones. These values are consistent with the Quarter column of the FR table in Appendix A.
MVP version Theme What it proves Platform milestone Status
MVP v0.1 Detection Anomaly identification on a single inspection dataset — “we found something interesting” M0 — Platform Foundation Delivered
MVP v0.2 Repeatability + Scale + Decision Context 1,200 assets scanned, 37 thermal anomalies detected, 8 high-priority items, 65% unit coverage in one day, with ranked inspection actions and $750K–$1.5M avoided-cost framing — “here are the 8 places you should inspect next, and why” M1 / M2 Delivered
MVP v0.3 Conversational Access Contextual data chat in persona-tailored workspaces (Data Explorer & Integrity Engineer), with validated agent reliability (evaluation tests and failure recovery) M3 — AI Q2 Delivery In Progress (Q2)
MVP v0.4 Closed-Loop Intelligence Detection → validation → action → feedback measured end-to-end, with cross-source confirmation, CAD-anchored asset identity, quantified inspection prioritization, and RBI/IDMS workflow integration M4 & M5 — Q3–Q4 2026 Q3 / Q4 Target

The Scale & Impact section reports the MVP v0.2 evidence in detail. The Operations and Integrity Analytical Chain sections describe the workflow that MVP v0.3 / v0.4 instrument.

4 Where We Are Going — Q3 and Q4 2026

With the core AI platform closing in Q2, Kav AI’s second half of 2026 focuses on two distinct ambitions: deepening integration across the full industrial data environment in Q3, and advancing the research capabilities that will define the platform’s long-term intelligence in Q4.

4.1 Q3 2026 — Deepening the platform

Capability What it means for operators Status
Anomaly detection AI-powered detection across the expanded sensor suite from the third inspection campaign — thermal, OGI, and gas — surfacing anomalies automatically in the 3D model with severity scoring. Q3 Target
Expanded sensor ingestion Structured ingestion from OGI imagery, calibrated thermal, and expanded gas measurements aligned with the planned third inspection campaign at an oil refinery. Q3 Target
Time series signals & SCADA connectors Read-only ingestion of time series data from SCADA systems, vibration sensors, and process historians via OPC UA (IEC 62541) — the industrial middleware standard that decouples Kav AI from any specific SCADA vendor. Operational data feeds the IOW/DMR closed-loop analytical chain described in the Integrity Analytical Chain section. Moved to Q4 (Jun 2026 revision): connector work begins when pilot operational data access is in place; Q3 secures that access. Q4 Target
Geo-tagged assets & images in 3D Every asset anchored to its precise location in the 3D model. Inspection imagery displayed directly in 3D space. Q3 Target
Contextual data chat — Phase 1 Compound queries across multiple data sources, human-in-the-loop confirmation for high-consequence actions, and a skills registry that learns facility-specific query patterns over time. Q3 Target
CAD (IFC4) & P&ID (DEXPI) open-standard ingestion Open, vendor-neutral ingestion of CAD geometry (IFC4 BIM STEP) and logical P&IDs (DEXPI), with deterministic dual-tagging linking legacy CAD tags to operator tags and the asset record. Demonstrated at 100% coverage on one example process unit. Full P&ID database (SQL) connector and CAD overlay remain Q4. In Progress (Q2)

4.2 Q4 2026 — Completing the platform and advancing the intelligence

Engineering capability What it means for operators Status
3D CAD model overlay Engineering design models overlaid on the photorealistic 3D facility model — operators can compare the as-built facility against the engineering design to identify deviations. Extends into version tracking and as-built vs as-designed comparison. Q4 Target
P&ID SQL connector Direct read access to the plant’s piping and instrumentation database — the 3D model reflects engineering documentation without requiring parallel data entry. Q4 Target
Security certification Enterprise security certification — SOC 2 Type II target, meeting the data governance requirements of major industrial operators and enabling procurement through enterprise security review processes. Q4 Target
Compliance management End-to-end compliance workflows — tracking inspection coverage, flagged anomalies, and corrective actions taken into audit-ready records for regulatory submissions. Q4 Target
On-premise & air-gapped deployment Container-based deployment package for operator-managed cloud tenants (Azure, AWS) or fully air-gapped on-premise environments. See the Deployment Architecture section for full details. Q4 Target
Full spatial navigation 3D walkthrough, asset search in images, manual data entry, and view from any angle including confined spaces. The same spatial layer now supports repeatable robot patrol localization via fixed infrastructure. Q4 Target
Research-dependent capability (Q4*) Research question Status
Physical AI reasoning & remediation advice Grounding LLM-generated remediation advice in the engineering domain model of the specific facility at safety-critical reliability thresholds. Requires Q2 spike to confirm feasibility before engineering commitment. Q4 Target (research-gated)
Facility-specific model training Synthetic training data calibrated to the specific visual and thermal signatures of each facility. Research question: whether synthetic OGI/thermal data can improve rather than degrade detection performance. Q4 Target (research-gated)

Q4* items are research-dependent, contingent on Q2 spike outcomes. Their deferral to 2027 does not affect the engineering workstream above.

4.3 H1 2027 and beyond — Roadmap

The following capabilities are directional and sit beyond the 2026 delivery horizon. They are documented so procurement teams can see the long-term direction, but the current platform focus is downstream refinery and petrochemical.

Roadmap capability What it means for operators Status
Autonomous patrol & navigation Fixed-infrastructure robotics — navigation beacons, communication backbone, coverage orchestration, and fleet analytics — with full spatial navigation, for repeatable robot-patrol continuity decoupled from onboard SLAM. Anchored by FR-ROB-01–05 and FR-NAV-01 in Appendix A.
Dose-aware operations (high-hazard / regulated environments) High-hazard environments package extension for radiation dosimetry and high-dose zone handling, where human-entry avoidance is itself a core value driver. Anchored by FR-NUC-01 in Appendix A.
Regulated-environment deployment profile Mandatory on-premise / air-gapped profile, lifetime data retention, and the compliance package required for highly regulated and other high-regulation sites.

4.4 AI Engine and Machine Vision

Kav AI’s AI engine coordinates specialized defect detection models — each trained for a specific modality (RGB, thermal, OGI) — and calls them on demand as part of the analytical pipeline. The same orchestration layer is the convergence point for robot patrol findings, CAD-linked asset identity, and cross-source confirmation. The cross-source confirmation engine is the user-facing primitive: independent sources are the unit of confidence, and the engine is what converts a noisy single-modality signal into a multi-source confirmed finding.

Figure 3. AI Analytical Pipeline. Kav AI’s engine coordinates specialized machine vision models, calling each as needed for modular defect detection and rapid model iteration. The orchestration pattern supports campaign data, patrol data, and engineering context as a unified reasoning layer, with the cross-source correlation engine acting as the explicit confidence-reweighting step that downstream stages depend on.

5 Expanded Capture & Engineering Context

The platform extends in the two areas that most materially strengthen the integrity loop: autonomous robot coverage and CAD / engineering context. Two structural choices anchor that scope: the architectural shift from onboard SLAM to fixed plant infrastructure, and the cross-source correlation engine as the explicit step that turns single-source detections into multi-source confirmed findings.

These additions do not change what Kav AI is. They increase how often the platform sees the plant, how precisely it localizes findings, and how reliably it ties those findings back to asset identity and engineering intent.

Design principle

5.1 Autonomous robot coverage

Autonomous robots extend Kav AI from campaign-based inspection to persistent facility awareness. The platform preserves a hardware-agnostic position: robot data is an input layer, not a product-category shift.

Capability Addition Why it matters
KRSI adapter extension Supports standard 90-minute platforms and high-endurance 4–6 hour platforms Broadens coverage from congested indoor units to tank farms, large outdoor areas, and long linear routes
Fixed plant infrastructure Navigation beacons, communication backbone, docking integration, and coverage orchestration Improves localization repeatability and enables continuous patrol coverage without per-robot navigation lock-in
Fleet intelligence analytics Coverage analytics, anomaly trend detection, and data-quality trend monitoring Turns repeated patrol history into a learning signal rather than isolated mission logs

High-hazard and regulated-environment deployments — including dose-aware operations (radiation dosimetry and high-dose zone handling) — are on the H1 2027 roadmap; the current platform focus is downstream refinery and petrochemical. See the Q4 / H1 2027 roadmap in the Journey section.

5.1.1 Fixed infrastructure

Fixed plant infrastructure is the enabling layer for reliable, repeatable patrol coverage:

Component Specification
Navigation beacons UWB or LiDAR reflector-based reference points, targeting localization accuracy within 10cm of onboard baseline
Communication backbone Private 5G, industrial Wi-Fi mesh, or hybrid; minimum 50 Mbps uplink per patrol zone; 5–15 ms latency for real-time remote viewing
Docking stations Charging plus wired data offload points at patrol-route endpoints
Coverage orchestration Ranked inspection priorities from Kav AI to the vendor fleet software through API or operator handoff

This architecture deliberately avoids turning Kav AI into a robot OEM stack. Kav AI specifies what needs to be seen next based on staleness and risk. Vendor fleet software or the operator still decides how to execute the patrol.

The design target is continuous coverage of ≥ 20 hours per day across the fleet at a fully equipped site — turning the historical “battery-bound 90-minute patrol” model into a continuous sensory web without paying the cost of a bespoke OEM stack.

5.1.2 Architectural shift: onboard SLAM vs. fixed infrastructure

Fixed plant infrastructure is not just an availability story — it is a different navigation and data-registration architecture. The promo-deck shift is captured below for procurement teams comparing Kav AI against onboard-SLAM-only competitors:

Dimension Onboard SLAM (single-vendor stack) Fixed plant infrastructure (Kav AI)
Navigation reliability Degrades in featureless or highly repetitive piping environments UWB / LiDAR reflectors provide absolute ground-truth coordinates regardless of environment
Fleet scaling cost High — each robot carries its own expensive redundant navigation stack Low — beacon and 5G cost amortized across the site, additional commodity robots add marginal cost only
Data registration ~ 5 cm error with cumulative drift ~ 2 cm beacon-anchored accuracy, no drift
Vendor lock-in Effectively single-vendor — the locomotion vendor owns the localization primitive Hardware-agnostic — any fleet that emits compatible telemetry can be ingested via KRSI

Fixed infrastructure is the architectural reason Kav AI can credibly claim fleet-agnostic, mission-specific coverage instead of taking on the cost of a proprietary robot OEM stack.

5.1.3 Robot sensing and mission intelligence

Robot ingestion extends the proven KRSI adapter pattern:

The consequence is strategic, not merely technical: the data flywheel now compounds not only across periodic drone campaigns, but also across recurring ground patrols that revisit the same assets with tighter spatial repeatability.

5.2 CAD and engineering data

The engineering context layer is a central extension to the integrity workflow rather than a standalone visual feature: CAD overlay is integrated directly into how integrity findings are mapped, validated, and explained. It is built on open, vendor-neutral standards — IFC4 (BIM STEP) for physical 3D geometry and DEXPI (XML) for logical P&IDs — rather than proprietary exports.

Capability Addition Why it matters
Additional CAD formats IFC4 (BIM STEP), RVT, and direct DGN alongside the proven Navisworks pathway Reduces dependence on a single engineering-tool chain and improves fit across customer environments
CAD version tracking Import history, file hashing, and diff visualization Makes engineering changes visible to integrity teams instead of remaining buried in document control
As-built vs. as-designed comparison CAD overlay aligned to the photorealistic 3D model and LiDAR-derived geometry Highlights geometric deviation that may create new integrity risk or invalidate inspection assumptions
P&ID linkage (DEXPI) Logical P&IDs ingested via the open DEXPI standard; deterministic dual-tagging ties legacy CAD tags to operator/DEXPI tags and the asset record Improves traceability for operator queries and work-order preparation; a clicked 3D element resolves to its P&ID and integrity findings

5.2.1 Per-format scope

Format Priority Scope
IFC4 High Open-standard (BIM STEP) extraction of geometry plus engineering metadata into the Kav AI schema — demonstrated at 100% coverage on one example process unit
RVT Medium Revit extraction where metadata is sufficient or can be supplemented
DGN (direct) Medium Direct extraction for Bentley / PDS-heavy sites to avoid the Navisworks intermediary
STEP / IGES Low Candidate for later vendor-model ingestion where full-plant context is limited

5.2.2 Logical P&IDs via DEXPI and tag interoperability

Physical geometry (IFC4) is paired with logical process structure through DEXPI (XML), the open P&ID exchange standard, which carries equipment, nozzles, piping runs, and connectivity. A deterministic dual-tagging layer reconciles legacy CAD tag conventions with standard operator / DEXPI tags and resolves both to the same asset record — so a 3D element, its P&ID, and its integrity findings line up automatically. The mapping is rule-based and auditable rather than inferred.

On one example process unit — a 109-asset reference dataset — the IFC4 and DEXPI schemas were both ingested at 100% coverage, confirming traceability from the 3D model through the P&ID to the asset record for that deployment. The figure is a single illustrative example, not a generalized benchmark.

5.2.3 World model and change management

CAD only becomes operationally useful when tied to the live spatial record. The platform therefore combines:

  1. CAD-derived design intent from the engineering model.
  2. As-built geometry from 3DGS and LiDAR-derived scans.
  3. Inspection findings from drone, robot, and fixed/SCADA sources.

This allows the platform to surface engineering changes, geometric deviations, and repeated anomaly patterns as part of the same integrity conversation rather than as separate systems.

5.3 Cross-source confirmation engine

The robot and CAD additions are most valuable when they strengthen the core analytical chain rather than sitting beside it. The cross-source correlation engine is the named primitive that does this work:

Sources agreeing Correlation category Operational treatment
1 source Single-source detection Standard severity-based triage
2 sources Corroborated finding Elevated priority with explicit evidence linking
3+ sources Multi-source confirmed Highest-confidence class for immediate engineer attention. Per the canonical verification rule (see Operations), it may bypass the manual verification queue only for non-Critical severity items; Critical findings and Remaining Life adjustments always require engineer sign-off, and no finding bypasses the deterministic Filter Skill rejection (see AI Safety).

5.3.1 How the engine works

The cross-source correlation engine operates as a deterministic pre-stage to the AI confidence model:

  1. Tag — every detection from a drone campaign, robot patrol, fixed sensor, or SCADA IOW exceedance is timestamped, geo-located inside the 3D model, and tagged with its modality (RGB, thermal, OGI, acoustic, gas, process telemetry).
  2. Match — independent detections within a 2 m spatial radius and an aligned temporal window are grouped as candidate corroborations.
  3. Score — confidence is rescored from the per-source baseline. A representative example: a thermal anomaly at 0.70 confidence corroborated by an acoustic / thermal ground patrol and a SCADA insulation surface-temperature IOW exceedance is rescored to ~ 0.95.
  4. Surface — the rescored finding is presented to the operator with all source records attached. The Filter Skill and Stage 3.5 consistency gate (see Integrity Analytical Chain) still apply; cross-source uplift cannot override a hard rejection.

5.3.2 Why this is the moat

A single-source detection is structurally exposed to environmental noise. A multi-source confirmed detection is the result of independent physical signals agreeing on a precise spatial-temporal coordinate — a much harder thing to fake. The external claim follows directly: multi-source confirmed findings target TPR > 98% / FPR < 2%, while single-source modality-specific targets are documented in Operations.

Cross-source confirmation does not replace engineering validation. It improves prioritization, confidence calibration, and inspection planning by showing when multiple independent signals are converging on the same asset condition.

6 Scale & Impact — From “We Found Something” to “Inspect These Eight Locations Next”

A common failure mode for industrial AI platforms is that they are demonstrated, not deployed: a single anomaly on a single asset, dressed up as a product. This chapter consolidates the MVP v0.2 evidence so the procurement team can see, on one page, that Kav AI operates at facility scale, repeatably, and with a direct line to financial impact.

Why this section exists The numbers, the workflow, and the dollar framing belong on the table where customers, partners, and reference callers can find them without digging into the appendices.

6.1 What MVP v0.2 proves

MVP v0.2 is the second step in Kav AI’s public-facing demonstration sequence (see Journey — MVP demonstration sequence). It answers the three questions an operator will ask at the first procurement meeting:

Operator question MVP v0.2 answer
Can this system scale beyond a demo? The platform processes thousands of assets and dozens of anomalies in a single run, not isolated findings.
Does it help me decide what to do? Every high-priority anomaly includes recommended inspection actions tied to operational workflows.
Is the output meaningful to my business? Findings are connected to risk and economic impact, not just temperature differences.

6.2 Facility-scale evidence

The MVP v0.2 facility scan demonstrates Kav AI operating at a unit-level scale that is procurement-relevant rather than demo-relevant:

Metric MVP v0.2 result
Assets scanned 1,200
Thermal anomalies detected 37
High-priority anomalies 8
Coverage achieved 65% of a process unit in a single deployment
Output format Ranked inspection set with recommended actions, not a flat anomaly list
Recommended timing Targeted at the next scheduled shutdown, not opportunistic

Coverage is repeatable and extendable across the facility. This reframes the platform from an “interesting detection tool” to a practical inspection coverage solution.

6.3 Decision context — detection → diagnosis → action

The platform does not stop at flagging an anomaly. The MVP v0.2 representative finding shows the full chain a buyer expects to see:

Stage Representative output
Asset Insulated process piping
Observed condition Surface temperature ~ 120°F; ambient ~ 35°F; ΔT ~ 85°F
Secondary signal Adjacent structural steel ΔT ~ 49°F
Interpretation Thermal signature consistent with insulation breakdown; elevated likelihood of Corrosion Under Insulation (CUI)
Recommended action Prioritize location for insulation removal and ultrasonic thickness (UT) inspection at next scheduled shutdown
Cross-source posture Single-source thermal detection at the MVP stage; cross-source correlation against robot acoustic / SCADA insulation-surface-temperature data is the planned evolution path for the same finding

The selection basis for high-priority items combines thermal severity, pattern consistency across the dataset, and cross-asset comparison — not raw anomaly count.

6.4 Economic framing

Thermal anomalies are translated into business-relevant risk so that the procurement conversation can move from “interesting” to “fundable”:

Variable Range
Typical failure consequence (if unaddressed) $500K – $2M per event (shutdown, repair, lost production); benchmarked against Solomon Associates RAM Study
MVP v0.2 scenario estimate $750K – $1.5M avoided cost potential for the eight high-priority items

This ties the platform output directly to the same economic levers that Solomon Associates RAM benchmarking uses to compare top- and bottom-quartile facilities (see Executive Summary).

6.5 Role of AI at this scale

A critical positioning shift between MVP v0.1 and MVP v0.2 is making the role of AI explicit:

The drone and thermal camera collect data — Kav AI is what makes that data usable at scale.

At facility scale the AI layer is responsible for:

Without this layer the workflow does not scale beyond manual review — and manual review is the workflow that today reviews fewer than 10% of captured imagery.

6.6 Where Scale & Impact connects in the rest of the PRD

Topic Where it lives
Workflow that consumes the ranked inspection set Operational Workflow — Anomaly-to-Action
Per-modality and cross-source detection / FPR targets Operational Workflow — Performance and Accuracy Targets
Risk quantification and Solomon benchmarking behind the avoided-cost number Integrity Analytical Chain — Stage 5
Continuous coverage that compounds the v0.2 scan into trend data Expanded Capture & Engineering Context — Autonomous robot coverage
Partner-led validation of MVP-style findings before they reach the CMMS Partner-Integrated Delivery Model

7 How to Evaluate Kav AI — The 90-Day Pilot

The fastest way to test whether Kav AI delivers value at your facility is a structured 90-day pilot run against your own data. The full framework — timeline, success-criteria template, responsibilities matrix, and commercial terms — is in Appendix G. The summary below is what a buyer needs to decide whether to start one.

Pilot dimension What to expect
Duration 90 days, from data ingestion to a structured success-evaluation meeting.
Scope One asset class per pilot — recommended: pressure vessels, heat exchangers, or piping circuits (the classes with full API 581 support). Scope expansion is available in Phase 2.
Data Visual inspection imagery (RGB, thermal, or OGI) from at least one completed campaign. SCADA / historian connection is optional and included only if the operator elects to connect.
Success criteria Agreed in writing before the pilot begins — not assessed retrospectively. The standard set covers detection recall, false-positive rate, query quality, time-to-first-finding, and (if connected) SCADA correlation.
Operator commitment A named pilot lead (integrity engineer or operations manager), access to historical inspection reports for cross-validation, and availability for three structured review sessions.
Kav AI commitment A dedicated customer-success engineer for the pilot, weekly written updates, and full data deletion on conclusion if the operator does not proceed.
Scope clarification before you start The pilot covers one asset class with full API 581 automation support (pressure vessels, heat exchangers, piping circuits). Atmospheric storage tanks are screening only under API 653 methodology and require engineer review — they do not generate automated Tier 1 actions. Rotating equipment and pipelines are out of scope for v1. The Equipment Class Boundary table (Integrity Analytical Chain section) is communicated to every operator before pilot onboarding.

This sequence — evidence of what Kav AI has already done (Scale & Impact) → how to run a pilot (this section) → how the workflow operates day to day (Operational Workflow) — is the recommended reading path for a procurement team. The complete pilot framework, including the success-criteria thresholds and MSA positions, is in Appendix G and Appendix H.

8 Operational Workflow — Anomaly-to-Action

To ensure Kav AI reduces cognitive load rather than creating “alarm fatigue,” the platform follows a structured escalation path for every identified anomaly. The human-in-the-loop workflow accounts for robot-sourced findings, cross-source confirmation, and richer engineering context at the point of triage, with a cross-source confirmed performance target alongside the per-modality targets. A single canonical verification rule (below) applies consistently wherever the manual verification queue is referenced.

Canonical verification rule Multi-source confirmed findings can bypass the manual verification queue for non-Critical severity items only. Critical severity findings and all Remaining Life adjustments always require individual engineer sign-off before CMMS handoff, risk adjustment, or final action — regardless of source count. In every case the deterministic Filter Skill and the Stage 3.5 consistency gate apply first; cross-source uplift can never override a hard rejection.

Figure 5. Operator Workflow (Human-in-the-Loop). High-consequence findings require human validation before transition to work order systems, while low-severity items are logged directly to the asset’s world model. This decision structure holds even when findings originate from autonomous patrols or multi-source correlation. Per the canonical verification rule, multi-source confirmed findings may bypass the manual verification queue only for non-Critical items; Critical findings and Remaining Life adjustments always require engineer sign-off, and no finding bypasses the deterministic Filter Skill.

8.1 The Triage-to-Escalation Path

The workflow from AI detection to field action is governed by a four-stage process involving distinct operational roles:

  1. Stage A (Automated Triage): AI identifies an anomaly, runs the cross-source correlation engine, and assigns an initial severity score (Critical/Standard/Info). Low-confidence alerts (<0.7) are filtered from the primary ‘Action’ dashboard and moved to a ‘Review’ queue. The triage packet includes source type (drone, robot, SCADA), patrol or campaign identifier, CAD-linked asset identity, and the explicit correlation category (single-source / corroborated / multi-source confirmed).
  2. Stage B (Human Verification): High-severity anomalies are surfaced to the On-call Integrity Engineer’s dashboard (desktop/mobile). The engineer must select: ‘Confirm’ (Escalate to Field), ‘Dismiss’ (False Positive - Model Feedback), or ‘Reclassify’ (Adjust Severity). Cross-source corroboration can raise priority and, for non-Critical multi-source confirmed items, can shorten or skip the queue per the canonical verification rule. It never bypasses deterministic Filter Skill rejection or Stage 3.5 inconsistency flags, and Critical findings and Remaining Life adjustments always require individual engineer sign-off.
  3. Stage C (Escalation & Audit): Confirmed anomalies generate an “Actionable Insight” record. Every ‘Dismiss’ or ‘Confirm’ decision is timestamped and logged in a shift-handover audit report visible to the Operations Supervisor. Coverage context and engineering-change context are attached where available.
  4. Stage D (CMMS Integration): Verified insights provide a structured data packet for the operator’s CMMS (e.g., SAP PM, Maximo) to initiate a work order. Pilot objective: reduce the ‘Triage-to-Work Order’ cycle from a typical 5–10 days to < 4 hours, benchmarked against M3 deployment. SAP PM remains the first certified connector priority because it opens the largest installed-base pathway.

8.1.1 From Finding to Action — A Worked Example

How one finding moves end-to-end Thermal anomaly detected on heat exchanger E-201 → correlation engine matches it with a SCADA surface-temperature IOW exceedance at the same asset → on-call integrity engineer reviews the finding on the mobile dashboard → selects ‘Confirm’ → UT inspection recommended → work-order packet auto-populated with asset ID, anomaly evidence, and recommended inspector guidance → operator approves → work order created in the CMMS. The engineer remains the decision-maker at every step; Kav AI assembles the evidence and the recommendation.

8.2 Performance and Accuracy Targets

To maintain operational trust, Kav AI commits to the following detection and false positive targets for Q3/Q4 2026 (benchmarked against M0/M1 datasets and validated by ground-truth NDT):

Modality / class True Positive Rate (TPR) False Positive Rate (FPR) Target
Visual (RGB) > 85% < 15% Q3 2026
Thermal (Point) > 90% < 10% Q3 2026
Gas Leak (OGI) > 95% < 5% Q4 2026
IOW (SCADA) > 98% < 2% Q4 2026
Cross-source corroborated (2 sources) > 95% < 5% Q4 2026
Multi-source confirmed (3+ sources) > 98% < 2% Q4 2026

All figures are targets for the quarter shown, not yet-delivered results; detection rates are based on the Kav AI M0/M1 validation campaigns and require site-specific calibration during the 90-day pilot phase. The multi-source confirmed line is the externally-quoted “moat” target. Per the canonical verification rule above, it is the only class that may bypass the manual verification queue, and then only for non-Critical severity items — Critical findings and Remaining Life adjustments always require engineer sign-off, and all classes remain subject to the Filter Skill and Stage 3.5 consistency gate.

8.3 Human-in-the-Loop (HITL) Validation

Kav AI is a decision-support tool, not an autonomous inspector. Consistent with the canonical verification rule above: no “Critical” severity output or “Remaining Life” adjustment can be finalized without individual engineer sign-off in the platform, regardless of how many independent sources corroborate the finding. The non-Critical queue-bypass available to multi-source confirmed findings does not extend to these items. Every such action is captured in the version-controlled audit trail.

8.4 Business Readiness & Referenceability

Kav AI recognizes that enterprise procurement requires a clear path to value and financial predictability.

8.4.1 Cost Model & ROI Modeling

Kav AI recognizes that enterprise procurement requires a clear path to value and financial predictability. Indicative pricing components include:

8.4.2 Availability & Payback Commitment

Based on Solomon RAM benchmarking, Kav AI targets a 1.0 percentage point improvement in facility availability within 18 months of full operational deployment. This is achieved through the elimination of data-latency-driven shutdown delays and the early detection of high-consequence failure modes.

For sites that adopt fixed infrastructure and repeat patrol coverage, the business case broadens:

8.5 IDMS and Ecosystem Integration

Kav AI is designed to sit inside existing inspection workflows, not alongside them.

8.5.1 Bidirectional Integration Architecture (FR-INT-03)

Direction What flows Purpose
Read (IDMS → Kav AI) Asset register, Corrosion Monitoring Locations (CMLs) and baseline readings, inspection history per CML, current inspection plan, open anomalies Enables Stage 3–5 to leverage existing RBI data rather than starting from zero. Without the read direction, Kav AI cannot know what has already been inspected, what the baseline UT measurement was, or what the current inspection plan says.
Write (Kav AI → IDMS) Asset ID, anomaly type, severity, confidence score, supporting evidence (image references, UT readings, IOW exceedance logs), recommended action, engineer sign-off timestamp Confirmed anomaly findings generate inspection notifications in the operator’s IDMS/CMMS to trigger work order creation.
Conflict resolution When Kav AI’s corrosion rate disagrees with the IDMS’s existing corrosion rate Kav AI flags the discrepancy and surfaces both values to the engineer — does not silently override the existing record.

8.5.2 Certified Connector Priority (FR-INT-04)

Priority IDMS Rationale Target
1 SAP PM Highest installed base at Tier-1 operators; opens the most procurement conversations Q4 2026
2 Meridium (GE Vernova APM) Strong RBI module that already holds the API 581 model; bidirectional integration is most valuable here H1 2027
3 Hexagon ALI Explicitly referenced in the competitive table as a Kav AI output target; certification closes that loop H1 2027

A certified integration means: a documented data schema, a tested connector, a reference customer who has run it in production, and a support SLA.

8.5.3 orKsoft Coexistence Architecture

orKsoft and Kav AI are complementary, not competitive. The coexistence pattern:

System Owns Data flow
orKsoft RBI model, CML history, API 581 inspection plan, compliance record orKsoft CML baseline → Kav AI Stage 5 corrosion rate input
Kav AI 3D spatial model, visual anomaly detection, SCADA-to-IOW chain, physical validation Kav AI Stage 4/5 outputs → orKsoft inspection plan update → orKsoft compliance record

8.5.4 Reference Customers

Kav AI works primarily with Tier-1 refineries in California and Texas, and is currently executing its third major inspection campaign at a U.S. refinery (Crude/Vacuum unit). Reference calls with the lead Integrity Engineer can be facilitated upon request for qualified enterprise buyers.

8.5.5 Partner-led delivery channel

Where the customer prefers an integrated delivery model — platform plus mechanical-integrity engineering services in a single procurement vehicle — Kav AI engages with qualified partners (e.g., OI.Expert) who provide the human Integrity Engineer panel, DMR / IOW program work, and HITL validation. The Partner-Integrated Delivery Model section describes this channel in full and reflects the framework set out in the April 2026 OI.Expert Letter of Intent.

9 The Integrity Analytical Chain — Architectural Ownership

The IOW/DMR closed-loop analytical chain is the core intelligence differentiator of the Kav AI platform from Q4 onward. This section defines its architecture, its owner, and the data flow from SCADA ingestion to actionable risk output. The chain is strengthened by robot patrol evidence, CAD-linked asset identity, and cross-source confirmation. One clarification of the data flow: the cross-source correlation engine described in Expanded Capture & Engineering Context runs before Stage 3.5 and feeds the evidence-consistency check — it does not replace it.

Figure 2. Kav AI Platform — Internal Architecture. Shows how the AI analytical pipeline connects to operator data sources. SCADA/Historian (teal border, Q4) is a planned integration. Robot telemetry and CAD-derived engineering context are additional input layers into the same read-only intelligence architecture. The cross-source correlation engine is the explicit fan-in step ahead of Stage 3.5.

Architectural owner The IOW/DMR chain is owned by Kav AI’s data retrieval engine. It is invoked automatically when SCADA or historian data is present in the query context. The platform sequences its execution across the six stages below; findings are formatted for the operator interface. |

Figure 4. IOW/DMR 6-Stage Analytical Pipeline. The automated chain flows from raw SCADA telemetry to prioritized corrective action recommendations, with human-in-the-loop validation at Stage 4. Stages 3.5–5 carry expanded evidence, with cross-source correlation feeding the evidence-consistency check at Stage 3.5.

:—- |

9.1 The six-stage analytical chain

The chain runs from raw SCADA telemetry through to prioritized corrective action recommendations, benchmarked against the Solomon Associates database at the risk quantification stage.

# Stage What the agent does Data consumed Output
1 Data ingestion & QC Normalizes multi-source sensor streams via OPC UA. Applies statistical outlier detection and handling for SCADA failure modes: stale values (frozen tags), engineering unit inconsistencies (base vs. scaled), and historian gaps (PI ‘shutdown’ vs. AVEVA ‘null’). Establishes timestamp synchronization within a ±500ms alignment window. SCADA, OPC UA historian, IoT sensors Validated sensor record
2 IOW classification Compares validated readings against Integrity Operating Window limits (API 584). Categorizes exceedances as critical, standard, or informational. Scores by duration × intensity to prevent alarm fatigue. Validated sensor record, IOW limit database Exceedance events with severity score
3 Damage mechanism mapping Maps exceedance events to credible damage mechanisms per API 571. Establishes the ‘Boundary of Automation’: standard mechanisms (CUI, erosion) are auto-flagged, while complex ones (HIC, NH₄Cl underdeposit, Creep) trigger a mandatory Integrity Engineer review. CAD-linked asset identity and material metadata are used where available to tighten mapping quality. Exceedance events, API 571 knowledge base, asset materials database, CAD / engineering metadata Damage mechanism map with predicted rate δ
3.5 Consistency gate Three-way consistency check before physical validation: (1) Material-mechanism consistency — is the predicted mechanism chemically plausible given the asset’s material of construction and process fluid? (2) Rate-mechanism consistency — is the predicted corrosion rate consistent with the predicted damage mechanism? (3) Evidence consistency — if physical validation data is available, does the visual evidence match what the predicted mechanism would produce? Evidence consistency also considers cross-source corroboration across campaign, patrol, and SCADA evidence, with the cross-source correlation engine as the explicit feeder for that input. Failures produce an explicit “INCONSISTENT — ENGINEERING REVIEW REQUIRED” flag with the conflicting evidence surfaced to the engineer. Damage mechanism map, asset materials database, cross-source correlation output, available Stage 4 evidence Consistency-validated damage mechanism map, or INCONSISTENT flag with conflicting evidence
4 Physical validation Cross-references the damage mechanism map against physical inspection evidence: UT thickness measurements, thermal scans, OGI imagery, and robot-sourced patrol evidence. Validates AI findings against ground-truth NDT measurements to calibrate model confidence. Kav AI 3D inspection model, UT data, thermal scans, OGI imagery, robot thermal/acoustic/gas data Validated damage assessment
5 Risk quantification & remaining life Applies the standard remaining life formula: RL = (tₓᴀᴄᴛ − tₘᴵⁿ) / CR. Quantifies risk using API 581 Damage Factors and Consequence categories. Propagates input uncertainty to provide P90 Remaining Life. Extends to API 581 inspection interval calculation: recommended inspection interval = f(current PoF, target risk threshold, damage factor, inspection effectiveness grade). Validated damage assessment, API 581 standards, Solomon Associates financial data Risk score (API 581 aligned), RL estimate with 90% CI, recommended inspection interval
6 Corrective action surfacing Generates prioritized inspection plans and recommended corrective actions (repair, replace, operational adjustment). All outputs are recommendations to a human operator — Kav AI never writes to SCADA or issues work orders autonomously. Risk scores, inspection backlog, operator confirmation Prioritized inspection plan (see schema below)

The IOW/DMR chain becomes available from Q4 2026 when the SCADA/OPC UA connector is delivered. Stages 4 and 5 require physical inspection data from the Kav AI 3D model, which is available from Q2. Those stages also draw on repeat patrol evidence, fixed-infrastructure continuous coverage, and engineering-context enrichment where present.

9.1.1 Inspection Plan Output Schema (FR-RBI-01)

The IOW/DMR chain does not terminate at risk score generation. Stage 6 produces an inspection plan — a prioritized, time-bound schedule. The minimum schema for a Kav AI inspection plan record:

Field Description
Asset ID, asset class Facility asset identifier and equipment type
Current risk score PoF × CoF per API 581
Recommended inspection date Driven by API 581 inspection interval logic
Recommended technique & coverage Grade A/B/C/D per API 581 table
Justification Damage mechanism, IOW exceedance, or UT trend that drove the recommendation
Confidence level Data provenance (Level A/B/C corrosion rate)

This schema is agreed with the reference customer before Q3 delivery and governs the IDMS integration write interface.

9.1.2 Equipment Class Boundary of Automation (FR-RBI-02)

The Tier 1/Tier 2 automation boundary applies across equipment classes as well as damage mechanisms. Scope for v1:

Equipment class Kav AI scope Rationale
Pressure vessels & heat exchangers Full API 581 support Primary M0/M1 asset class; most common IOW-linked equipment
Piping circuits Full API 581 support Covered by OPC UA SCADA connector; CML-tracked
Pressure Relief Devices Flag only — engineer required PRD-specific methodology; different consequence logic
Atmospheric Storage Tanks Flag only — engineer required Tank floor inspection has unique methodology (API 653)
Pipelines Out of scope — v1 Requires inline inspection data (ILI); different data model
Rotating equipment Out of scope — v1 Vibration-based RBI; different physics
Equipment scope communication This boundary must be communicated proactively to customers in the pilot framework (Appendix G). An operator who assumes Kav AI covers their tank farm and discovers it doesn’t during a pilot will not proceed.

9.2 Analytical Rigour — Confidence and Provenance

To satisfy enterprise integrity standards (API 581/510), Kav AI does not treat the analytical chain as a “black box.” Every safety-critical output carries clear provenance and uncertainty bounds.

9.2.1 Corrosion Rate (CR) Provenance

The platform applies a weighted hierarchy to corrosion rate inputs, favouring measured data over theoretical models:

  1. Level A (Measured): Derived from localized Ultrasonic Testing (UT) trend data at specific Corrosion Monitoring Locations (CMLs).
  2. Level B (Modeled): Derived from process-specific corrosion models (e.g., pH, H2S, CO2 concentration), if UT data is stale (>12 months) or unavailable.
  3. Level C (Generic): Derived from the API 571/581 knowledge base for standard materials in nominal service.

9.2.2 Uncertainty Quantification (UQ)

Remaining Life (RL) estimates are never presented as single-point figures. Kav AI propagates uncertainty across the entire analytical chain:

9.2.3 Timestamp Integrity and Windowing

Correlation across heterogeneous sources (SCADA scan vs. Event-driven historians) is governed by a ±500ms synchronization window.

9.2.4 Boundary of Automation — Expert-in-the-Loop

Not all damage mechanisms are equally detectable via process telemetry. Kav AI maintains a strict boundary:

9.2.5 CML and PIL Integration — Lifecycle Management

The 3D facility model serves as the spatial system of record for Piping Inspection Locations (PILs) and Corrosion Monitoring Locations (CMLs).

9.3 Risk Quantification Methodology — API 581 Alignment

Kav AI’s risk engine is structured for alignment with the API 581 Risk-Based Inspection (RBI) standard to ensure regulatory and insurance defensibility.

9.3.1 Probability of Failure (PoF)

The platform calculates PoF using the API 581 Damage Factor approach. This includes:

9.3.2 Consequence of Failure (CoF)

CoF is categorized into four primary streams:

  1. Flammable/Explosive: Area-based consequence of fire/explosion.
  2. Toxic Release: Dispersion modeling for H₂S, HF, or other hazardous process fluids.
  3. Environmental: Volume-based spill consequence for soil/water.
  4. Financial: Production loss and repair costs, benchmarked against Solomon Associates CPA™ facility profiles.

9.3.3 Ranked-to-Calibrated Transition

During the initial deployment and pilot phase (90 days), risk outputs are presented as Relative Risk Rankings for prioritization. Full Calibrated Probability of Failure (mapping scores to physical failure frequencies) is achieved after the first ground-truth inspection cycle is ingested and the model is site-validated. The transition is triggered by a minimum dataset: a defined number of UT readings at registered CMLs with known inspection history, agreed with the operator during pilot onboarding.

10 AI Safety — Hallucination Mitigation & Grounding

Given the safety-critical nature of asset integrity, the Kav AI analytical chain (IOW/DMR) includes specific safeguards to mitigate AI hallucinations and ensure engineering-grade reliability. The platform handles cross-source correlation, robot patrol evidence, and high-regulation requirements without weakening the core guardrails, and all safeguards follow a clear priority order: Filter Skill > Stage 3.5 consistency gate > cross-source correlation uplift. A multi-source confirmed finding can shorten the operator queue, but it cannot promote a Filter-rejected mechanism or override an INCONSISTENT flag.

10.1 Grounding via Deterministic “Filter Skills”

To eliminate LLM hallucinations in the IOW/DMR chain, every AI output is passed through a deterministic validation layer before it reaches the operator:

10.1.1 Filter Skill Performance Targets (FR-AI-01)

10.2 Confidence Scoring and Calibration

Kav AI provides a 0.0–1.0 confidence score for every AI-generated output (mapping, detection, recommendation):

10.2.1 Confidence Score Calibration Protocol (FR-AI-02)

Confidence scores are calibrated against empirical accuracy before they are used as a dashboard threshold:

  1. For each confidence bucket (0.5–0.6, 0.6–0.7, 0.7–0.8, 0.8–0.9, 0.9–1.0), measure the proportion of outputs in that bucket that are confirmed correct by the operator pilot lead.
  2. Plot the calibration curve. A perfectly calibrated model has a diagonal curve (0.7 confidence = 70% accuracy). Report the calibration error.
  3. Adjust the dashboard surfacing threshold based on the calibration curve, not the raw confidence score. If the 0.7 bucket has 50% empirical accuracy, the surfacing threshold should be raised to the bucket that achieves the target accuracy.
  4. Include the calibration curve as a deliverable in the 90-day pilot success evaluation (Appendix G), updated at Week 9–10.

Cross-source extension: calibration is reported separately for single-source findings, corroborated findings, and multi-source confirmed findings. Cross-source uplift is disabled by default until empirical accuracy demonstrates that the uplift is warranted. The externally-quoted multi-source confirmed TPR > 98% / FPR < 2% target is reported against the same calibration curve and re-evaluated after every campaign and patrol cycle.

The current threshold of 0.7 for Action dashboard surfacing and 0.6 for UNCERTAIN flagging is provisional until calibration data from the third inspection campaign is available.

10.2.2 OOD Detection Update Cadence (FR-AI-04)

The M0/M1 training distribution covers two facilities. The OOD detector trained on this distribution will flag the majority of inputs from a third facility as OOD.

10.3 Safety Fallbacks and HITL

If an AI output fails a Filter Skill or returns a confidence score below 0.6:

  1. The output is automatically marked as “UNCERTAIN - REVIEW REQUIRED.”
  2. The Integrity Engineer is presented with the conflicting evidence (e.g., “AI suggests SCC, but material is Carbon Steel - check required”).
  3. The system prevents the anomaly from propagating to the “Critical Action” dashboard until manually resolved.

10.4 Chain-Level Consistency Gate (FR-AI-03)

The IOW/DMR chain is a 6-stage pipeline. A hallucination in Stage 3 that passes the Filter Skill will propagate through Stages 4, 5, and 6, compounding at each step. The consistency gate (Stage 3.5 in the analytical chain table above) performs three checks to prevent this:

  1. Material-mechanism consistency: Is the predicted damage mechanism chemically plausible given the asset’s material of construction and process fluid? (This is the existing Filter Skill.)
  2. Rate-mechanism consistency: Is the predicted corrosion rate in Stage 5 consistent with the predicted damage mechanism in Stage 3? For example, if Stage 3 predicts CUI (external), the corrosion rate should not be derived from internal process chemistry data.
  3. Evidence consistency: If Stage 4 physical validation data is available, does the visual evidence (thermal anomaly pattern, OGI reading) match what the predicted damage mechanism would produce? A thermal anomaly consistent with insulation damage is consistent with CUI. A uniform wall-loss pattern from UT is not consistent with pitting corrosion from NH₄Cl underdeposit.

Failures produce an explicit “INCONSISTENT — ENGINEERING REVIEW REQUIRED” flag rather than propagating to Stage 5. The inconsistency reason and the conflicting evidence are surfaced to the engineer alongside the flag.

Multi-source confirmation strengthens evidence consistency only when the corroborating sources are genuinely independent. A second source can support a finding; it cannot override a Filter Skill rejection or erase a material-mechanism inconsistency. The priority order is explicit — Filter Skill > Stage 3.5 > cross-source uplift — so that the cross-source correlation engine cannot be misread as a Filter Skill bypass. Highly regulated deployments additionally require mandatory engineer review before any downstream CMMS handoff.

11 Deployment Architecture — On-Premise, Air-Gapped, and Fixed-Infrastructure Options

Enterprise procurement in the oil and gas, chemical, and power sectors requires defined answers to four infrastructure questions: where does the data go, who controls the model, can the system operate without cloud connectivity, and what changes when the site adopts persistent robot coverage and higher-regulation operating constraints. Aligned with the OI.Expert LOI commitments, on-premise / air-gapped deployments require no heartbeat, telemetry, or license callbacks of any kind.

Security posture in brief Kav AI maintains a strictly read-only OT posture: it reads SCADA data via OPC UA and never writes to control systems. Credentials are held in a managed secrets store (HashiCorp Vault or a cloud-native equivalent) rather than in container configuration, and all data is encrypted at rest (AES-256) and in transit (TLS 1.2/1.3). SOC 2 Type II certification is targeted for Q4 2026, and a fully air-gapped on-premise deployment is available with no external callbacks. Full security implementation details — container image signing, SBOM, vulnerability scanning, and credential management — are in Appendix F.7, available to IT/OT security teams on request.
Deployment tier Description Data residency Availability
Cloud SaaS Kav AI-managed cloud infrastructure on Google Cloud. Multi-tenant with row-level security. Fastest to deploy. Suitable for operators with standard IT security postures. Kav AI GCP tenant (configurable region) Delivered (alpha)
Customer cloud tenant Container-based deployment into the operator’s own Azure or AWS environment. Kav AI provides the container package and upgrade process; the operator controls the infrastructure. Satisfies data sovereignty and IT security requirements of major industrial operators. Operator’s own cloud tenant. No data leaves operator environment. Q4 Target
On-premise / air-gapped Fully containerized deployment on operator-managed hardware within the OT/IT DMZ or corporate LAN. Includes self-hosted LLM inference (Llama-3-70B or Mistral-Large-24.07). Hardware Requirements: Min 128GB RAM, 16 vCPU, 2x NVIDIA A100 (80GB) or equivalent. Operator-managed hardware. 100% air-gapped; no heartbeat or license callbacks required. H1 2027 Roadmap

11.1 SCADA Compatibility Matrix (Qualifications)

Deployment complexity for OPC UA varies by vendor and version:

OT/IT boundary by design Kav AI’s SCADA integration is read-only via OPC UA, operating from the IT side of the OT/IT boundary. Read-only is enforced technically via: (1) OPC UA Server user access rights restricted to ‘Read’ and ‘Subscribe’ services only; (2) DMZ proxy/aggregator configured to reject all Write/Call requests; and (3) Firewall TCP/IP port restriction (4840/4843). Kav AI supports outbound connection initiation from the OT side to satisfy strict “no-inbound” firewall policies.

The platform’s secrets management, encryption, container image signing, vulnerability scanning, and SBOM practices are documented in full in Appendix F.7 (Security Technical Reference) for the operator’s IT/OT security team.

11.2 Security and compliance targets

Framework Kav AI position Target date
SOC 2 Type II Security certification audit in planning. Controls mapped; observation period expected to commence Q2 2026. (Target completion: Q4 2026, pending audit window success). Q4 2026
IEC 62443 (OT security) Read-only OPC UA integration, no writes to OT systems, Purdue Model-compatible network segmentation in on-premise tier. H1 2027 (on-premise tier)
Data sovereignty Customer cloud tenant and on-premise tiers provide full data residency within operator’s own environment. No telemetry or imagery leaves the operator security perimeter in these modes. Q4 2026 (customer cloud)
Authentication JWT with short-lived tokens, multi-tenant row-level security (verified via independent pentest), SSO integration via SAML 2.0 / OIDC. Q2 2026 (Delivered)

11.3 Fixed infrastructure deployment

Fixed-infrastructure additions are treated as deployment extensions rather than as a separate product:

Component Specification Responsibility
Navigation beacons UWB or LiDAR-reflector-based references; target within 10cm of onboard baseline Kav AI specifies; operator installs
Communication backbone Private 5G, industrial Wi-Fi mesh, or hybrid; >= 50 Mbps uplink per patrol zone Kav AI specifies; operator provisions
Docking stations Power and wired network drops for charging and bulk data offload Kav AI specifies; operator installs
Coverage orchestration Runs inside Kav AI and publishes ranked inspection priorities to fleet software or operators Kav AI deploys

These components do not alter the OT/IT boundary described above. In air-gapped deployments they operate entirely within the operator’s network perimeter.

11.4 Regulated-environment considerations

Higher-regulation deployments add operating constraints without changing the core architecture:

Requirement Platform treatment
Lifetime retention environments Support storage sizing and retention policies for facilities that require multi-decade data preservation
Dose-aware operations Where radiation dosimetry is in scope, robot mission records and anomaly packets carry dose context for auditability
Mandatory on-premise profile High-regulation deployments default to on-premise / air-gapped operation with no cloud exception path
Connector hardening SAP PM and similar enterprise connectors follow customer authentication and certificate standards rather than introducing proprietary trust models

12 Partner-Integrated Delivery Model

Kav AI’s customers do not buy a platform in isolation. They buy a working integrity program — anomalies that have been surfaced, reviewed by a qualified engineer, embedded in a Risk-Based Inspection (RBI) plan, and pushed into a CMMS work order. The platform supports a delivery model in which the Kav AI Platform (KAP) is the technology layer and a qualified mechanical-integrity engineering partner provides the human Integrity Engineer panel.

Why this model is documented The OI.Expert × Kav AI Letter of Intent (April 2026) commits both parties to a single, unified service delivery model — and that model is a procurement option a customer can ask for by name.

12.1 Why a partner channel exists

The Kav AI position on Human-in-the-Loop (HITL) validation is non-negotiable: no Critical severity output, no Remaining Life adjustment, and no automatic CMMS work order can be finalized without a qualified Integrity Engineer’s sign-off. That requirement creates a recurring engineering workload that some customers prefer to outsource to a specialist firm rather than staff in-house.

Without a partner With a partner
Customer staffs and trains its own Integrity Engineer panel for the HITL seat Partner provides the panel as a managed service
Customer integrates KAP findings into its existing RBI / IDMS program on its own Partner embeds KAP findings into the RBI / IDMS program as part of its core scope
Customer is responsible for DMR / IOW production for in-scope assets Partner produces and maintains DMRs and IOW recommendations
Procurement requires two separate contracts (platform + services) Single integrated procurement vehicle

Both models are supported. The partner channel is an option for customers who want a unified procurement vehicle and faster time-to-RBI-impact.

12.2 Reference partnership — OI.Expert × Kav AI

The reference partnership documented in the April 2026 LOI defines the shape of every partner channel:

12.2.1 What KAP provides

12.2.2 What the partner provides

Service area Scope of work
Reactive engineering Inspection result interpretation, Fitness for Service (FFS), Failure & Root Cause Analysis, day-to-day materials / corrosion / welding consultation, Fire Assessment
Inspection management Facility Inspection Program Management, Inspection Test Plans, Special Emphasis Programs, RBI Programming, AutoCAD Isometrics, IDMS Support, Mechanical Integrity Audits
Advanced NDE & monitoring Online Corrosion Monitoring guidance, Advanced NDE Technology Application, Inspection & Reliability Standards
Corrosion & materials engineering Asset Material Selection, Degradation Mitigation, IOW Recommendations, IOW Deviation Response & Risk Management, Damage Mechanism Reviews (DMRs), Welding Engineering
Engineering projects Project Design Support (materials selection, WPS reviews, mechanical datasheets), Project Field Support, Third-Party Fabrication Inspection, Engineering Specification Development
Training & auditing Mechanical Integrity training programs, audit support, compliance documentation
HITL validation seat Partner engineers serve as the Integrity Engineer panel for Stage 3.5 / Stage 4 confirmation of Critical and Tier-2 damage mechanism findings (e.g., HIC, NH₄Cl underdeposit, Creep)
RBI / IDMS embedding Partner embeds KAP findings into the customer’s existing RBI program, IDMS records, and compliance workflows (API 580/581/584, API 510, API 570)

12.2.3 The integrated workflow

The end-to-end operational workflow follows the IOW / DMR six-stage analytical chain documented in the Integrity Analytical Chain section, with the partner explicitly placed at the Stage 3.5 / Stage 4 review seat:

Stage KAP responsibility Partner responsibility
1–2: Ingestion & QC, IOW classification Multi-source data normalized and QC’d; ±500 ms timestamp alignment; SCADA readings compared against API 584 IOW limits and scored by duration × intensity to prevent alarm fatigue.
3: Damage mechanism mapping Mechanisms mapped per API 571; Filter Skill rejects implausible mechanisms; Boundary of Automation auto-flags standard mechanisms while complex ones (HIC, NH₄Cl underdeposit, Creep) are routed to partner review. Reviews complex / Tier-2 mechanisms; sign-off on auto-flagged outputs at agreed cadence.
3.5: Consistency gate Three-way check: material-mechanism, rate-mechanism, evidence consistency, with cross-source correlation engine output as input. Disposition for any “INCONSISTENT — ENGINEERING REVIEW REQUIRED” flag before chain continues.
4: Physical validation Cross-references AI findings with UT thickness, thermal scans, OGI imagery, robot-sourced thermal / acoustic / gas patrol evidence. Validates AI findings against ground-truth NDT; advises on revised inspection technique if needed.
5: Risk quantification & remaining life API 581 PoF × CoF; P90 Remaining Life with uncertainty bounds; Solomon-benchmarked financial CoF. Engineering review of final risk score and inspection interval before commitment.
6: Corrective action surfacing Prioritized inspection plan and structured CMMS / IDMS write packet. Confirms work-order content, escalation routing, and shutdown alignment.

All outputs are recommendations to a qualified human operator. KAP never writes to SCADA, never issues work orders autonomously, and never commands field equipment. Read-only enforcement is technical — OPC UA access rights restricted to Read / Subscribe; DMZ proxy rejects all Write / Call requests; firewall TCP/IP port restriction (4840 / 4843).

12.3 Commercial framework for partner-integrated engagements

The pilot framework, MSA framework, and subscription tiers in Appendices G and H apply unchanged in a partner-integrated engagement. The only commercial additions are:

Topic Treatment
Procurement vehicle Single integrated proposal covering KAP subscription and partner engineering services. Customer may still elect to contract separately by request.
Pilot fee Standard 90-day fixed-fee pilot, applied as credit against Year 1 subscription if the customer proceeds. Partner engineering hours scoped separately.
Liability KAP liability cap remains as documented in MSA H.1. Partner liability follows the partner’s own engineering services agreement.
Data ownership All facility data and inspection imagery remains the customer’s property. KAP and partner each hold limited processing licences for their respective scopes.
HITL seat Documented as a partner deliverable in the integrated proposal so that the customer’s procurement and audit teams can see who owns the engineer sign-off.
Path to production If pilot success criteria are met, the customer receives a production proposal — KAP plus partner — within 10 business days of the evaluation meeting.

12.4 Where this connects in the rest of the PRD

Topic Where it lives
Pilot framework — 90-day timeline, success criteria, responsibilities matrix Appendix G
MSA framework — liability cap, decision-support disclaimer, data ownership Appendix H
Subscription tiers Appendix H.2
Operational workflow — Triage-to-Escalation Path that the partner sits inside Operational Workflow — Anomaly-to-Action
Integrity Analytical Chain — six-stage chain that the partner co-owns from Stage 3.5 Integrity Analytical Chain
Boundary of Automation — what partners must review by design Integrity Analytical Chain — FR-RBI-02

13 Appendix A. Feature Summary

FR Feature Area Quarter Type Priority Status
FR-VIS-01 3D CAD model overlay App Q4 Engineering Medium Q4 Target
FR-VIS-02 Geo-tagged assets & images in 3D App Q3 Engineering High Q3 Target
FR-APP-02 Contextual data chat Ph.0 — single-turn NL query (classify → SQL execute → report) over workspace data AI Assistant Q2 Engineering Critical In Progress (Q2)
FR-APP-13 Agent failure recovery — Supabase RLS/timeout, Gemini rate-limit/timeout, JWT expiry, and blob-storage retry handled without pipeline crash AI Assistant Q2 Engineering Critical In Progress (Q2)
FR-APP-14 Contextual chat agent evaluation gate — classifier/executor/reporter accuracy benchmarks required before ship AI Assistant Q2 Engineering High In Progress (Q2)
FR-APP-15 Persona-tailored workspace chat scoping — Data Explorer vs Integrity Engineer chat views App Q2 Engineering High In Progress (Q2)
FR-APP-16 Contextual chat SQL-injection & malicious-input defense — DML/DDL blocking, injection-pattern rejection, workspace-scoped query firewall AI Assistant Q2 Engineering Critical In Progress (Q2)
FR-APP-03 Contextual data chat Ph.1 AI Assistant Q3 Engineering High Q3 Target
FR-APP-04 Chat with 3D map App Q3 Engineering High Q3 Target
FR-APP-05 Interactive overlays App Q3 Engineering Medium Q3 Target
FR-APP-06 Automated reports AI Assistant Q3 Engineering Medium Q3 Target
FR-SCN-01 OGI sensor ingestion AI Assistant Q3 Engineering High Q3 Target
FR-SCN-02 Calibrated thermal ingestion AI Assistant Q3 Engineering High Q3 Target
FR-SCN-03 Gas sensor ingestion AI Assistant Q3 Engineering High Q3 Target
FR-INT-01 OPC UA SCADA connector AI Assistant Q4 Engineering High Q4 Target
FR-INT-02 P&ID database (SQL) connector — direct read (distinct from DEXPI ingestion, FR-CAD-06) App Q4 Engineering Medium Q4 Target
FR-INT-03 IDMS bidirectional integration specification Platform Q3 Product Critical Q3 Target
FR-INT-04 SAP PM certified connector Platform Q4 Engineering High Q4 Target
FR-ANO-01 Cross-modal anomaly detection AI Assistant Q3/Q4 Research High Q3 / Q4 Target (research-gated)
FR-ANO-02 Physical AI reasoning & remediation AI Assistant Q4* Research High Q4 Target (research-gated)
FR-MDA-01 Solomon Associates benchmarking AI Assistant Q3 Engineering High Q3 Target
FR-MDA-02 Synthetic data generation AI Assistant Q4* Research High Q4 Target (research-gated)
FR-SEC-01 SOC 2 Type II certification Platform Q4 Engineering Critical Q4 Target
FR-SEC-02 Customer cloud tenant deployment Platform Q4 Engineering High Q4 Target
FR-SEC-03 Compliance management App Q4 Engineering High Q4 Target
FR-NAV-01 Full spatial navigation App H1 2027 Engineering Medium H1 2027 Roadmap
FR-RBI-01 API 581 inspection interval calculation AI Assistant Q3/Q4 Engineering High Q3 / Q4 Target
FR-RBI-02 Equipment class boundary of automation Platform Q3 Product High Q3 Target
FR-AI-01 Filter Skill calibration & FNR measurement AI Assistant Q3 Engineering Critical Q3 Target
FR-AI-02 Confidence score calibration protocol AI Assistant Q3 Engineering High Q3 Target
FR-AI-03 Chain-level consistency gate (Stage 3.5) AI Assistant Q3 Engineering High Q3 Target
FR-AI-04 OOD detector update cadence AI Assistant Q3 Engineering Medium Q3 Target
FR-ROB-01 KRSI robot ingestion adapter Platform H1 2027 Engineering High H1 2027 Roadmap
FR-ROB-02 Fixed infrastructure: navigation beacons Infrastructure H1 2027 Engineering High H1 2027 Roadmap
FR-ROB-03 Fixed infrastructure: communication backbone Infrastructure H1 2027 Engineering High H1 2027 Roadmap
FR-ROB-04 Coverage orchestration Platform H1 2027 Engineering Medium H1 2027 Roadmap
FR-ROB-05 Fleet intelligence analytics App / AI Assistant H1 2027 Engineering High H1 2027 Roadmap
FR-CAD-01 CAD geometry via open IFC4 (BIM STEP) standard Platform Q2 Engineering High In Progress (Q2)
FR-CAD-02 CAD version tracking and diff visualization App Q4 Engineering High Q4 Target
FR-CAD-03 As-built vs as-designed comparison App Q4 Engineering High Q4 Target
FR-CAD-04 Engineering change notification Platform Q4 Engineering Medium Q4 Target
FR-CAD-05 Cross-source correlation engine AI Assistant Q4 Engineering High Q4 Target
FR-CAD-06 DEXPI open-standard P&ID ingestion (equipment, nozzles, piping, connectivity) Platform Q2 Engineering High In Progress (Q2)
FR-CAD-07 Deterministic dual-tagging (legacy CAD ↔︎ operator / DEXPI tags) with asset cross-reference Platform Q2 Engineering High In Progress (Q2)
FR-CAD-08 Additional CAD formats (RVT / DGN) beyond IFC4 Platform Q4 Engineering Medium Q4 Target
FR-NUC-01 Dose-aware inspection workflow Platform H1 2027 Engineering Medium H1 2027 Roadmap
FR-XSC-01 Cross-source correlation engine — promoted to named primitive (tag / match / score / surface) AI Assistant Q3/Q4 Engineering Critical Q3 / Q4 Target
FR-XSC-02 Multi-source confirmed TPR > 98% / FPR < 2% target reporting AI Assistant Q4 Engineering High Q4 Target
FR-PRT-01 Partner-integrated delivery model — single procurement vehicle, partner-provided HITL seat Platform / Commercial Q3 Product High Q3 Target
FR-PRT-02 Reference partnership — OI.Expert × Kav AI integrated proposal template Commercial Q3 Product High Q3 Target
FR-APP-07 Web-based 3D inspection viewer (Cesium geospatial scene) App Q3 2025 Engineering Critical Delivered
FR-APP-08 Operator dashboard — organization / campaign / anomaly overview App Q3 2025 Engineering High Delivered
FR-APP-09 Visual defect gallery — geo-tagged imagery, annotations & anomaly bounding boxes App Q3 2025 Engineering High Delivered
FR-EVI-01 RGB inspection imagery ingestion — EXIF / GPS provenance & dataset scoping Platform Q3 2025 Engineering High Delivered
FR-SEC-04 Multi-tenant authentication & workspace access control Platform Q3 2025 Engineering Critical Delivered
FR-APP-10 Automated agentic task coordination — multi-agent orchestration (planner / executor, tool routing) AI Assistant Q4 2025 Engineering High Delivered
FR-EVI-02 Multimodal evidence pipeline foundation — thermal / OGI / gas ingest (prototype) AI Assistant Q4 2025 Engineering High Delivered
FR-AI-05 First-generation AI chat assistant — natural-language query over inspection data (early, not-yet-reliable prototype) AI Assistant Q4 2025 Engineering High Delivered
FR-APP-12 Gas measurement visualization — sensor-reading heatmap overlay on the 3D scene App Q4 2025 Engineering Medium Delivered
FR-APP-11 Provenance-cited chat answers — citations & tool-execution timeline App Q2 Engineering Medium Delivered
FR-OPS-01 Work-order / recommendation export — markdown + CSV App Q2 Engineering Medium Delivered

Q4* = research-dependent, contingent on Q2 spike outcomes. The Status column uses the shared delivery-state vocabulary defined in the Journey section (Status key): Delivered / In Progress (Q2) / Q3 Target / Q4 Target / H1 2027 Roadmap; it is consistent with the Quarter column.

14 Appendix B. Research Classification and Spike Objectives

Features classified as “research-dependent” follow a structured validation protocol before engineering commitment.

Feature ID Spike Objective Success Metric Fallback
FR-ANO-01 Test Vision Transformer (ViT) vs. CNN on sparse OGI/Thermal defect data. TPR > 85% at FPR < 15% on M0/M1 benchmark. Defer to Q1 2027; rely on manual triage.
FR-ANO-02 Prototype RAG (Retrieval-Augmented Generation) vs. Structured Output Schemas for API 571 remediation logic. > 90% agreement with human Integrity Engineer panel. Descriptive reporting only; no remediation advice.
FR-MDA-02 Evaluate physics-based gas plume simulation for OGI synthetic data generation. Frechet Inception Distance (FID) < 50 on real vs synthetic. Manual labeling of third-refinery campaign data.

15 Appendix C. Non-Functional Requirements

Category Requirement Target
Performance AI query response time (P95) < 3 seconds
Performance 3D model rendering (GTX 1660+) 60 fps sustained
Scalability Concurrent operators per facility ≥ 50 concurrent sessions
Security Authentication and data isolation Multi-tenant RLS; JWT with short-lived tokens; SOC 2 target
Reliability Platform availability ≥ 99.5% uptime (excluding planned maintenance)
Deployment On-premise / air-gapped operation Full offline operation in on-premise tier (H1 2027)
Infrastructure Navigation accuracy with fixed beacons Within 10cm of onboard baseline
Infrastructure Communication backbone uptime ≥ 99.5% across patrol zones
Performance Cross-source correlation latency < 60 seconds per finding
Scalability High-endurance telemetry session duration ≥ 6 hours continuous
Regulated environments Lifetime data retention profile Supported for facility-lifetime retention deployments

16 Appendix D. Version History

Version Date Summary
v1.0 Feb 2026 Initial PRD — product overview, personas, and feature list.
v2.0 Feb 2026 Full feature cards for all 17 FRs, 9 sections, priority and phasing.
v2.1 Mar 2026 Added Research vs. Engineering classification, spike recommendations.
v2.2 Mar 2026 Added disclaimer, complexity scoring, sorted summary table, document scope statement.
v2.3 Mar 2026 Full document restructure for executive and investor audience. Industry-agnostic reframing. Added SCADA competitor category. Roadmap extended to Q2–Q4 2026. Engineering detail moved to Technical Appendix.
v2.4 Mar 2026 Added cover taglines. Named OPC UA as the Q3 SCADA integration protocol. Added OPC UA licensing open question. Added OPC UA, Historian, and SCADA to glossary.
v2.5 Mar 2026 Incorporated industry expert integrity review feedback. Added SCADA-to-risk closed-loop analytical chain (IOWs, DMRs, physical validation, risk scoring, remaining-life estimates). Added Solomon Associates benchmarking. Added DMR, IOW, and Solomon Associates to glossary.
v2.6 Mar 2026 Enterprise procurement edition. Added Section 5 (IOW/DMR chain with named architectural owner — the Data Retrieval Agent). Added Section 6 (deployment architecture: cloud SaaS, customer cloud tenant, on-premise/air-gapped tiers with IEC 62443 and OT/IT boundary design). Expanded competitive analysis to include Emerson Plantweb Optics/AMS, Hexagon ALI, and Aucerna. Added primary source citations for all market statistics. Added FR-SEC-02 (customer cloud tenant deployment) and FR-SEC-03 (compliance management) to feature summary.
v2.7 Mar 2026 Expert Review Panel edition. Incorporated feedback from 8 expert personas. Added Section 5.3 (Analytical Rigour & Confidence). Added Section 7 (Operational Workflow). Detailed protocol-level read-only enforcement and SCADA failure modes. Updated competitive landscape with Percepto, Hexagon ALI, and Aucerna refinements. Added AI safety and confidence scoring requirements. Added L1 Context Diagram (Figure 1) inline in Section 1 and L2 Container Diagram (Figure 2) inline in Section 5, both using C4 model convention.
v2.8 Mar 2026 Integrity Chain Completion edition. Addresses four gaps from v2.7 expert review panel: (1) RBI — inspection plan output schema (FR-RBI-01), equipment class boundary of automation (FR-RBI-02), API 581 inspection interval calculation added to Stage 5, consistency gate added as Stage 3.5; (2) IDMS integration — bidirectional integration specification (FR-INT-03), SAP PM certified connector (FR-INT-04), orKsoft coexistence architecture; (3) Competitive positioning — orKsoft added to competitive table, Meridium added, Cognite risk response sharpened with concrete moat strategy, primary competitor benchmark reframed; (4) AI reliability — Filter Skill FPR/FNR targets (FR-AI-01), confidence calibration protocol (FR-AI-02), chain-level consistency gate (FR-AI-03), OOD update cadence (FR-AI-04). Calibrated PoF transition now defined by minimum dataset trigger.
v2.9 Apr 2026 Strategic Positioning edition. Addresses six gaps from v2.9 executive review: (1) Category definition — Kav AI explicitly defined as a Real-Time Integrity Intelligence System, establishing a new product category; (2) Competitive moat — dedicated section in Executive Summary consolidating four pillars: closed-loop intelligence, data flywheel, deployment speed, end-to-end hardware-agnostic solution; (3) Data flywheel — elevated from buried competitive mention to standalone section with compounding model performance narrative and pricing alignment; (4) Differentiation language — closed-loop between process data, physics-based models, risk quantification, and recommended action made unmistakable throughout; (5) Industry focus — narrowed from industry-agnostic to refinery and petrochemical beachhead with phased expansion roadmap; (6) Naming standardization — unified from “Kav AI” / “KAP” variants to “Kav AI” across all sections. Executive Summary rewritten with stronger category-defining positioning. Subtitle updated to “Real-Time Integrity Intelligence System™”.
v3.2 Apr 2026 Strategic integration edition. Uses v2.9 as the narrative and diagrammatic baseline, restores the full visual layer that was reduced in v3.1, and incorporates the most material platform additions from later work: autonomous robot coverage via KRSI and fixed infrastructure, expanded CAD / engineering-data ingestion, world-model-backed as-built comparison, cross-source correlation, and regulated-environment deployment considerations.
v3.3 Apr 2026 Active Physical Intelligence edition. Keeps the v3.2 backbone, integrity architecture, and safety model intact. Consolidates external-facing material that matured between v3.2 and late April 2026: (1) Active Physical Intelligence™ adopted alongside the Real-Time Integrity Intelligence System™ category definition; (2) Scale & Impact promoted to a dedicated section with MVP v0.2 facility-scale evidence (1,200 assets, 65% unit coverage, $750K–$1.5M avoided cost, ranked inspection set, CUI case study); (3) cross-source correlation engine promoted from buried mention to named primitive (tag / match / score / surface) with explicit multi-source confirmed TPR > 98% / FPR < 2% target; (4) Onboard SLAM vs Fixed Infrastructure architectural-shift table added to clarify navigation reliability, scaling cost, and registration accuracy; (5) Partner-Integrated Delivery Model added as a documented procurement option, formalizing the OI.Expert × Kav AI delivery pattern from the April 2026 LOI; (6) MVP demonstration sequence explicitly mapped onto M0–M3 platform milestones; (7) priority order Filter Skill > Stage 3.5 > cross-source uplift restated to prevent misreading the correlation engine as a Filter Skill bypass; (8) terminology — the asset-level spatial record previously referred to as “digital twin” is renamed world model throughout the document (competitor product references, e.g. NVIDIA Omniverse “industrial digital twins”, retain their original wording). New FRs: FR-XSC-01, FR-XSC-02, FR-PRT-01, FR-PRT-02, FR-MVP-01.
v3.4 May 2026 Procurement-readiness revision. Keeps the v3.3 backbone, integrity architecture, and safety model intact; addresses external-review feedback for clarity and procurement risk. (1) Pilot scope correction — Appendix G.1 recommended asset classes changed to pressure vessels, heat exchangers, or piping circuits (the full-API-581 classes), removing rotating equipment and storage tanks; added a tank-request clarification callout consistent with the Equipment Class Boundary table. (2) Capability status labeling — a shared Status vocabulary (Delivered / In Progress (Q2) / Q3 Target / Q4 Target / H1 2027 Roadmap) added to the MVP sequence, the Q3/Q4 roadmap tables, and the Appendix A FR table, with a status key in the Journey section. (3) HITL clarification — a single canonical verification rule (non-Critical multi-source findings may bypass the manual queue; Critical findings and Remaining Life adjustments always require engineer sign-off) replaces the three inconsistent statements in Operations, the Figure 5 caption, and the cross-source engine table. (4) SCADA read-only visibility — a read-only / observe-reason-recommend callout added to the Executive Summary and a security summary added to the top of Deployment. (5) Competitive tone — “only platform” language softened to “purpose-built”; complementary framing strengthened for PI/AVEVA, Meridium, and Percepto. (6) Pilot framework promoted — new How to Evaluate Kav AI section inserted between Scale & Impact and Operations. (7) Buyer workflow example — a plain-language worked example (E-201) added to Operations. (8) High-hazard content repositioned — dose-aware operations moved out of the main robot table into a new H1 2027 roadmap subsection in the Journey section; FR-NUC-01 relabelled H1 2027. (9) Security detail reorganized — SBOM, image signing, vulnerability scanning, and credential management moved from Deployment into a new Appendix F.7 Security Technical Reference, with a summary and pointer retained in Deployment.
v3.5 Jun 2026 Roadmap timing revision (Q3 planning, 2026-06-11). (1) SCADA/IOW moved to Q4 — no pilot SCADA operational data is available yet; building the OPC UA connector and IOW checks against simulated data would gate the Q3 milestone on access outside our control. FR-INT-01, the Journey time-series row, the packaging table (SCADA / OPC UA connector, IOW/DMR analytical chain), the Integrity Analytical Chain availability statements, and the Figure 2 caption relabelled Q3 → Q4. The Q3 deliverable is pilot-partner OPC UA access and data-sharing approval, so Q4 starts warm. (2) CAD (IFC) ingestion + P&ID tag-linkage pulled forward into Q3 — customer drawing sets are obtainable now; the capability grounds the anomaly → tag → asset → standard chain and is committed for Q3 delivery on one real customer drawing set. Full P&ID SQL connector and CAD overlay remain Q4. No requirement content changed — timing only.
v3.6 Jun 2026 Accuracy & open-standards precision revision (based on the v3.5 review). (1) Geographic correction — operations relocated from “European Tier-1 refinery” to U.S. refineries (California and Texas) in the Market expansion table and the Operations reference-customer note. (2) CAD/P&ID open standards named and elevated — the engineering-context layer now explicitly names IFC4 (BIM STEP) for physical geometry and DEXPI (XML) for logical P&IDs, adds the deterministic dual-tagging layer reconciling legacy CAD tags with operator/DEXPI tags, and records 100% validation coverage on one example process unit (109 equipment assets). New FRs FR-CAD-06 (DEXPI ingestion), FR-CAD-07 (dual-tagging), and FR-CAD-08 (RVT/DGN); FR-CAD-01 re-scoped to IFC4 (validated); FR-INT-02 clarified as the P&ID database (SQL) connector, distinct from DEXPI. Added DEXPI and IFC glossary entries and a Q3 ingestion row in the Journey section. No requirement scope or roadmap timing changed beyond naming and status precision. (3) SCADA consistency fix — the Operations performance-target table still listed IOW (SCADA) detection as a Q2 2026 target (a v3.5 oversight when SCADA/IOW moved to Q4); relabelled to Q4 2026 to match FR-INT-01, the Journey time-series row, the Integrity Analytical Chain, and the subscription tiers. (4) Deferred to a later revision (noted in the v3.5 review): product-usage success metrics, an open-questions register, a user-story / acceptance-criteria companion, and reconciliation of the Critical-priority FR set.
v3.7 Jun 2026 Execution-layer & architecture-diagram revision (closes the v3.6 deferred items). (1) Capability architecture wired in — added the canonical capability catalogue (_data/capabilities.yaml: the five deep modules + cross-cutting concerns) and stamped every FR with a capability:, linted for requirement→capability traceability. (2) Architecture diagrams regenerated — replaced the orphaned L1/L2 PNGs with generator-sourced C4 diagrams (System Context, Container) keyed to the capabilities; added the June 2026 architecture review and a capability-progress infographic. (3) Open-questions register added, consolidating previously scattered unknowns (TBDs, provisional values, research-gated fallbacks). (4) FR-ANO-02 re-tiered Critical → High — it was both Critical and research-gated; the Critical set drops from 7 to 6. (5) Execution companions completed — user stories with Given/When/Then acceptance criteria now cover all 48 FRs; the product-metrics plan promoted to Living. No requirement scope or roadmap timing changed.

17 Appendix E. Glossary

3DGS 3D Gaussian Splatting — a photorealistic 3D rendering technique used to create navigable facility models from drone imagery.

ADR Architecture Decision Record — a formal document capturing a technical decision, its rationale, and consequences.

AG-UI Agent-UI protocol used for streaming AI responses and structured events from the backend to the frontend.

CDC Contextual Data Chat — a feature set (F-APP-02) that enables operators to query facility data in natural language.

CMMS Computerized Maintenance Management System — the systems operators use to track work orders and asset maintenance history. Kav AI does not write to CMMS autonomously; all outputs are operator-confirmed recommendations.

CML Corrosion Monitoring Location — a specific point on equipment where wall-thickness measurements (typically by ultrasonic testing) are repeated over time to track corrosion rate. Kav AI registers CMLs in the 3D facility model with sub-centimeter precision.

DEXPI Data Exchange in the Process Industry — an open, vendor-neutral XML schema for exchanging logical P&ID data (equipment, nozzles, piping, and connectivity). Kav AI ingests DEXPI to read P&ID structure without proprietary lock-in.

DMR Damage Mechanism Review — a structured assessment of the degradation modes that can affect specific equipment based on its service conditions, materials, and operating history.

IDMS Inspection Data Management System — the platform that holds CML history, inspection plans, compliance records, and RBI models. Kav AI integrates bidirectionally with IDMS platforms (SAP PM, Meridium, Hexagon ALI, orKsoft).

IEC 62443 The international standard series for industrial cybersecurity. Defines security levels and requirements for OT systems including SCADA and control networks.

IFC / IFC4 Industry Foundation Classes — the open, vendor-neutral standard for Building Information Modeling (BIM) data exchange. Kav AI uses the IFC4 STEP format to represent physical process equipment (tanks, pumps, heat exchangers, compressors) and its geometry, materials, and properties.

IOW Integrity Operating Window — a set of process parameter limits within which equipment is expected to operate safely. Exceedances trigger the damage mechanism analytical chain.

KRSI Kav AI Robot Sensor Interface — the robot-ingestion and normalization layer that accepts patrol telemetry and payload data from supported autonomous platforms.

LLM Large Language Model — the AI model class behind Kav AI’s natural-language interface and reasoning chain. Kav AI supports self-hosted LLMs (e.g., Llama-3-70B, Mistral-Large) in on-premise / air-gapped deployments.

MCP Model Context Protocol — the protocol that enables AI agents to call object detection models and other tools as structured, callable interfaces.

NDT Non-Destructive Testing — inspection techniques (ultrasonic testing, radiography, eddy current, etc.) that measure equipment condition without damaging it. Kav AI’s Stage 4 physical validation uses NDT data as the ground truth for AI findings.

OGI Optical Gas Imaging — a camera technology that visualizes gas emissions invisible to standard cameras.

OOD Out-of-Distribution — inputs that differ materially from the training distribution. Kav AI’s OOD detector flags these and routes them to a Review queue rather than surfacing them as production alerts.

OPC UA OPC Unified Architecture (IEC 62541) — the universal industrial middleware standard providing secure, platform-independent read access to SCADA systems, historians, and PLCs. Kav AI’s Q4 SCADA integration uses OPC UA.

P&ID Piping and Instrumentation Diagram — the engineering drawing that documents process equipment, piping, and instrumentation.

PIL Piping Inspection Location — a registered point on a piping circuit where inspection measurements are repeated. Analogous to CML but for piping rather than fixed equipment. Kav AI tracks PILs in the 3D facility model alongside CMLs.

Purdue Model A hierarchical reference model for industrial control system network architecture, defining five levels from field devices to enterprise systems. Kav AI operates at Level 3.5 (IT/OT DMZ) and above.

RBI Risk-Based Inspection — the methodology (API 580/581) for prioritizing inspection effort based on the probability and consequence of equipment failure. Kav AI’s IOW/DMR chain produces API 581-aligned risk scores and inspection plans.

RLS Row-Level Security — database access control ensuring each operator can only access their organization’s data.

SCADA Supervisory Control and Data Acquisition — the operational backbone of industrial facilities, collecting real-time sensor data from field devices. Kav AI reads from SCADA via OPC UA; it never writes to or replaces SCADA.

Solomon Associates An industry benchmarking organization maintaining comparative databases of refinery and petrochemical plant performance. Kav AI uses Solomon benchmarks as the validation baseline for corrosion rates, equipment life estimates, and damage-mechanism statistics.

SOC 2 Service Organization Control 2 — a security certification audit framework widely required by enterprise customers.

18 Appendix F. Technical Integration Specification

This appendix defines the technical requirements and validated configurations for integrating Kav AI with an operator’s existing OT and IT infrastructure. It is intended for the operator’s OT engineering team and IT security department during procurement technical review.

18.1 F.1 OPC UA connector — supported configurations

Kav AI’s SCADA integration uses OPC UA (IEC 62541) in read-only subscription mode. The connector has been tested against the following OPC UA server implementations:

OPC UA server Vendor Tested version Status
Kepware KEPServerEX PTC / Rockwell 6.14+ Validated
Matrikon OPC Server Honeywell / Matrikon 4.x Validated
Ignition OPC UA module Inductive Automation 8.1+ Validated
Prosys OPC UA Simulation Server Prosys OMS 5.x Validated (dev/test)
Emerson DeltaV OPC UA Emerson 14.x+ In qualification
OSIsoft PI OPC UA AVEVA / OSIsoft PI Server 2018+ In qualification
Siemens S7 OPC UA Siemens TIA Portal V16+ Roadmap

18.2 F.2 Data ingestion parameters

Parameter Specification
Connection mode OPC UA subscription (preferred) or polling. Subscription mode reduces network load and delivers change-of-value events in near real-time.
Polling frequency (polling mode) Configurable: 1 second minimum, 60 seconds default. Sub-second polling is not supported in v1 of the connector.
Subscription update rate 100ms minimum update rate supported by the OPC UA standard; Kav AI default is 1 second. Configurable per tag group.
Authentication Username/password or X.509 certificate authentication. Anonymous connections not permitted in production deployments.
Encryption OPC UA Security Mode: SignAndEncrypt required. Minimum policy: Basic256Sha256.
Network requirement Kav AI connector operates from IT side of OT/IT boundary. Operator must provision a read-only OPC UA endpoint accessible from the IT DMZ. Kav AI never initiates connections from OT side.
Tag capacity Up to 10,000 monitored tags per facility in initial release. Higher capacity available on request.
Historian backfill On initial connection, Kav AI requests up to 90 days of historical data where the historian supports OPC UA Historical Data Access (HDA). Configurable.

18.3 F.3 Historian compatibility

Historian Interface Notes
OSIsoft PI / AVEVA PI OPC UA HDA or PI Web API PI Web API preferred for richer metadata. OPC UA HDA supported for air-gapped deployments where PI Web API is not exposed.
InfluxDB InfluxDB HTTP API v2 Direct connector. No OPC UA required. Supports time-range queries and continuous subscriptions.
Honeywell Uniformance PHD OPC UA HDA Validated in qualification. PHD OPC UA server configuration required.
Wonderware / AVEVA Historian OPC UA HDA In qualification. AVEVA Historian 2020+ required.
TimescaleDB PostgreSQL wire protocol Direct connector. Suitable for operators using TimescaleDB as a modern historian.
Generic SQL historian JDBC / ODBC Available for historians with SQL read access. Schema mapping required during onboarding.

18.4 F.4 Visual sensor compatibility

Kav AI is hardware-agnostic. The platform ingests data from any visual sensor source that produces output in supported formats.

Sensor type Supported formats Notes
RGB drone imagery JPEG, PNG, RAW, MP4 Compatible with DJI, Skydio, Parrot, Flyability, and any drone producing standard image formats.
Thermal (infrared) RJPEG, TIFF, radiometric JPEG Radiometric data required for calibrated temperature mapping. Compatible with FLIR, Teledyne, DJI Zenmuse XT2/H20T.
Optical Gas Imaging (OGI) MP4, AVI, MPEG Compatible with FLIR GF-series and Rebellion Photonics cameras. OGI video processed frame-by-frame.
LiDAR point cloud LAS, LAZ, E57, PLY Used for spatial reference and CAD overlay alignment. Not required for core platform operation.
Still photography JPEG, PNG, HEIC Compatible with any digital camera. Used for confined-space inspection and close-up defect documentation.

18.5 F.5 Network and firewall requirements

Connection Protocol Port Direction
Kav AI platform → OPC UA server OPC UA (TCP) 4840 (default) IT DMZ → OT DMZ. Operator provisions firewall rule.
Kav AI platform → PI Web API HTTPS 443 IT → IT/OT DMZ. Read-only.
Operator browser → Kav AI platform HTTPS / WSS 443 Internet → Kav AI (cloud SaaS) or internal (on-prem).
Kav AI platform → LLM API HTTPS 443 Cloud SaaS only. Absent in on-premise deployment.
Kav AI platform → Kav AI update service HTTPS 443 Cloud/customer-cloud only. Not required air-gapped.
Air-gapped deployment note In on-premise / air-gapped deployments, the connection to the LLM API is eliminated. Kav AI runs a self-hosted language model within the operator’s environment. The Kav AI update service connection is replaced by a manual container image delivery process. All other connections remain identical.

18.6 F.6 Infrastructure requirements by deployment tier

Component Cloud SaaS Customer cloud tenant On-premise / air-gapped
Compute Kav AI-managed Operator Azure/AWS VM (min 8 vCPU, 32 GB RAM) Operator server (min 8 core, 32 GB RAM, GPU optional)
Storage Kav AI-managed Operator-managed blob storage (Azure Blob / S3) Operator NAS or SAN (min 2 TB per facility)
Database Kav AI-managed Supabase Operator-managed PostgreSQL or Azure Database Operator-managed PostgreSQL (on-site)
LLM inference Kav AI cloud API Operator-provisioned API endpoint or Azure OpenAI Self-hosted model (hardware spec TBD by Q4 2026)
Container runtime Kav AI-managed Docker / Kubernetes (AKS or EKS) Docker or Kubernetes on-prem
Backup & DR Kav AI SLA Operator responsibility Operator responsibility

18.7 F.7 Security technical reference

This subsection consolidates the granular security implementation detail referenced from the Deployment Architecture section. It is intended for the operator’s IT/OT security team during procurement technical review.

18.7.1 Secrets and credential management

Kav AI does not store plain-text credentials in container configurations.

18.7.2 Container supply chain security

To ensure the integrity of on-premise and tenant deployments:

19 Appendix G. Pilot Framework

This appendix defines the standard 90-day proof-of-concept framework Kav AI uses for new enterprise customers. The pilot is designed to deliver a defensible, data-backed success evaluation before any long-term contract commitment is required.

Pilot philosophy The pilot is not a demo. It runs against the operator’s real inspection data, their real facility, and their real operational questions. Success or failure is measured against criteria agreed in writing before the pilot begins — not assessed retrospectively by Kav AI.

19.1 G.1 Standard pilot scope

Parameter Standard definition
Asset class One asset class per pilot. Recommended: pressure vessels, heat exchangers, or piping circuits — the classes with full API 581 automation support. Scope expansion available in Phase 2. Equipment class boundary of automation (see Integrity Analytical Chain section) must be communicated to the operator before pilot onboarding.
Facility One facility or one defined area of a larger facility (e.g. a process unit, a tank farm, or a compressor station).
Data sources Visual inspection imagery (RGB, thermal, or OGI) from at least one completed inspection campaign. SCADA / historian data is optional in pilot phase; included if operator elects to connect.
Duration 90 days from data ingestion to success evaluation meeting.
Operator commitment Named pilot lead (integrity engineer or operations manager). Access to historical inspection reports for cross-validation. Availability for three structured review sessions.
Kav AI commitment Dedicated customer success engineer for the pilot duration. Weekly progress updates. Full data deletion on pilot conclusion if operator does not proceed.
New facility onboarding The first campaign at a new facility is treated as baseline data collection. OOD flags are expected in Weeks 1–4 and are used to calibrate the detector, not to surface UNCERTAIN alerts. Detection performance in Weeks 5–12 represents steady-state.
Tank requests — clarify upfront If an operator requests tanks in the pilot, clarify upfront: atmospheric storage tanks are screening only under API 653 methodology and require engineer review — they do not generate automated Tier 1 actions. Rotating equipment and pipelines are out of scope for v1 (see the Equipment Class Boundary of Automation table in the Integrity Analytical Chain section). Recommending these classes as a pilot scope sets an expectation the v1 platform cannot meet.

19.2 G.2 Pilot timeline

Week Phase Activities
1–2 Onboarding Data transfer and ingestion. OPC UA connector configuration (if SCADA elected). 3D facility model generation from inspection imagery. Operator orientation session. OOD baseline calibration begins.
3–4 Baseline Kav AI generates initial anomaly detection results. Operator pilot lead reviews findings against known historical defects. Baseline accuracy established.
5–8 Active use Operator uses Kav AI natural language interface for real integrity queries. AI response quality reviewed. IOW/DMR chain activated if SCADA connected. Mid-pilot review session at Week 6.
9–10 Validation Kav AI findings cross-validated against operator’s existing inspection reports and CMMS records. False positive and false negative rate measured against agreed threshold. Confidence calibration curve generated and reviewed.
11–12 Evaluation Success evaluation meeting. Structured debrief against all success criteria. Calibration curve included as deliverable. Operator decision: proceed, extend, or conclude. Data deletion executed if not proceeding.

19.3 G.3 Success criteria

Success criteria are agreed in writing between Kav AI and the operator before data ingestion begins. The standard criteria set is defined below. Operators may substitute or add criteria by agreement.

# Criterion Standard threshold Measurement method
SC-1 Anomaly detection recall ≥80% of known defects from historical inspection reports identified by Kav AI without operator prompt Cross-validation against operator’s existing inspection records
SC-2 False positive rate ≤20% of Kav AI-flagged anomalies assessed as false positives by the operator pilot lead Pilot lead review of all flagged items
SC-3 Query response quality ≥70% of natural language queries rated ‘useful’ or better by pilot lead on a 5-point scale Structured query log reviewed at Week 6 and Week 12
SC-4 Time to first finding Kav AI surfaces first anomaly finding within 48 hours of completed data ingestion Timestamp of first flagged anomaly vs. ingestion completion
SC-5 AI response latency (P95) ≤5 seconds for natural language query response (P95) Automated latency logging during pilot period
SC-6 SCADA correlation (if connected) ≥1 confirmed correlation between a SCADA IOW exceedance and a visual inspection anomaly at the same asset Operator pilot lead validation of correlated finding

19.4 G.4 Responsibilities matrix

Activity Kav AI Operator
Data transfer and ingestion setup Provides ingestion pipeline and documentation Provides inspection data in supported format
OPC UA connector configuration Provides connector software and configuration guide Provisions read-only OPC UA endpoint; configures firewall
3D facility model generation Processes imagery and generates 3D model Provides imagery from completed inspection campaign
Historical defect cross-validation Provides tooling for structured comparison Provides historical inspection reports and CMMS records
Success criteria agreement Proposes standard criteria set; negotiates amendments Reviews and approves criteria in writing before ingestion
Weekly progress updates Delivers written update every Friday Reviews and responds within 2 business days
Data security during pilot Encrypts data in transit and at rest; access logging Responsible for data transfer security on operator side
Data deletion on pilot conclusion (no-proceed) Executes deletion within 5 business days; provides certificate Confirms deletion certificate received
Commercial decision N/A Named decision-maker attends evaluation meeting

19.5 G.5 Pilot commercial terms

Term Standard position
Pilot fee Fixed fee agreed prior to commencement. Applied as credit against Year 1 subscription if operator proceeds.
Data ownership All inspection data remains the property of the operator throughout the pilot and after its conclusion.
Intellectual property Kav AI retains all rights to platform software. Operator retains all rights to their facility data and inspection imagery.
Confidentiality Mutual NDA in place prior to data transfer. Kav AI does not use pilot data for model training without explicit written consent.
Exit rights Operator may terminate pilot at any time with 5 business days’ notice. Kav AI executes data deletion and issues deletion certificate.
Liability cap during pilot Kav AI liability capped at pilot fee paid. Kav AI outputs are recommendations only; operator retains all responsibility for operational decisions.
Path to production If success criteria are met, operator receives a production contract proposal within 10 business days of evaluation meeting.

20 Appendix H. Master Services Agreement Framework

This appendix describes the key commercial and legal positions Kav AI takes in its Master Services Agreement (MSA). It is intended to accelerate legal review by identifying Kav AI’s standard positions and areas where negotiation is anticipated. The full MSA template is provided separately by Kav AI’s legal counsel upon request.

This appendix is a summary of Kav AI’s standard MSA positions for discussion purposes. It does not constitute legal advice and does not supersede the executed MSA. Operators should engage their own legal counsel to review the full agreement.

Core legal position Kav AI is a decision support platform, not a control system. All outputs — anomaly findings, risk scores, remaining life estimates, and corrective action recommendations — are provided to a qualified human operator for their review and judgment. The operator retains full responsibility for all operational decisions. This position is reflected throughout the MSA and is not negotiable.

20.1 H.1 Key MSA provisions

Provision Kav AI standard position Negotiation status
Liability cap Kav AI’s total aggregate liability is capped at fees paid in the 12 months preceding the claim. Excludes gross negligence and willful misconduct. Standard. Not negotiable below 12-month fee cap.
Consequential damages exclusion Kav AI excludes liability for indirect, consequential, and incidental damages including lost production, business interruption, and third-party claims. Standard. Mutual exclusion negotiable.
Decision support disclaimer Kav AI outputs are recommendations to qualified operators. Operator retains full responsibility for all operational decisions made in reliance on Kav AI outputs. Non-negotiable. Core to product liability position.
Data ownership All facility data and inspection imagery remains the property of the operator. Kav AI holds a limited license to process the data for the purpose of providing the service. Standard. Operator IP protections negotiable.
Model training consent Kav AI does not use operator data for model training without explicit written consent. Anonymized, aggregated performance metrics excluded. Standard. Explicit opt-in required for training use.
Data security Kav AI complies with SOC 2 Type II (target Q4 2026). Encryption at rest and in transit. Breach notification within 72 hours. Standard. Additional security schedules negotiable.
Data deletion On contract termination, Kav AI deletes all operator data within 30 days and provides a deletion certificate. Backups purged within 90 days. Standard.
Uptime SLA 99.5% monthly uptime for cloud SaaS tier. Excludes planned maintenance windows (notified 48 hours in advance) and force majeure. SLA credits negotiable. Cap at one month’s fees.
Audit rights Operator may audit Kav AI’s data handling practices annually with 30 days’ notice, or following a security incident. Standard.
Governing law Ontario, Canada (Kav AI standard). Negotiable to operator’s jurisdiction for enterprise contracts. Negotiable.
Dispute resolution Good-faith negotiation (30 days), then binding arbitration under ICC Rules. Litigation waived by both parties. Negotiable to operator preference.
Term and renewal Initial term 12 months. Auto-renews for 12-month terms unless either party gives 60 days’ notice. Standard. Multi-year terms available at discount.

20.2 H.2 Subscription tiers

Feature Starter Professional Enterprise
Deployment tier Cloud SaaS only Cloud SaaS or customer cloud tenant All tiers including on-premise
Facilities covered 1 facility Up to 5 facilities Unlimited
Concurrent operators Up to 10 Up to 50 Unlimited
Inspection campaigns / year Up to 4 Up to 12 Unlimited
SCADA / OPC UA connector Not included Included (Q4 2026) Included (Q4 2026)
IOW/DMR analytical chain Not included Included (Q4 2026) Included (Q4 2026)
Cross-source correlation engine Not included Included (Q4 2026) Included (Q4 2026)
Autonomous robot patrol ingestion (KRSI) Not included Included (Q4 2026) Included (Q4 2026)
Partner-integrated delivery (e.g., OI.Expert) Not available Available on request Available on request
Solomon benchmarking Not included Included Included
SSO / SAML integration Not included Included Included
Dedicated CSM Not included Not included Included
SLA uptime guarantee 99.5% 99.5% 99.9%
Security review / pen test support Not included Annual report shared Dedicated engagement
On-premise / air-gapped Not available Not available Available (H1 2027)
Pricing basis Per facility / per year Per facility bundle / per year Enterprise license / custom

Pricing is indicative. Final pricing provided in a separate commercial proposal. Volume discounts available for multi-facility and multi-year commitments.

Based on Kav AI’s experience with enterprise procurement in the oil and gas sector, the following provisions typically require negotiation or additional schedules during legal review. Kav AI’s legal counsel is prepared to engage on all of these.

Next steps for legal review To initiate legal review, the operator’s legal counsel should contact Kav AI to request the full MSA template and any applicable security schedules. Kav AI targets a 10-business-day turnaround on redline responses. For enterprise contracts, Kav AI’s legal counsel is available for a direct call to discuss substantive issues before formal redline exchange.