The only cyber platform that identifies, interprets, and predicts live OT and IT threats, keeping your team ahead of attackers.

Learn more

Modern IT and cyber-physical environments generate enormous amounts of telemetry — yet most security tools can only observe activity, not verify whether the system state they describe can actually be true. As attackers increasingly use valid credentials and approved paths, malicious behavior blends into normal operations and evades traditional detection.

Netsapien™ PILOT (Parallel Inferred Layer of Trust) introduces a patent-pending system-state validation layer that continuously evaluates causal plausibility across the entire environment. By verifying system truth before inference or action, PILOT exposes stealth threats, suppresses false alarms, and strengthens every security decision — all while operating alongside existing tools.

Causal System Modeling (Truth, Not Logs)

  • PILOT continuously builds a causal representation of the system it observes — digital, physical, or hybrid — encoding how that system must behave over time.

    Instead of trusting individual logs, alerts, or sensor readings, PILOT reasons about whether the overall system state implied by all telemetry can actually be true. This shifts security from observing activity to validating reality.

    Why it matters:
    Attackers can fake signals. They cannot fake causal reality.

Invariant-Based Validation (How Real Systems Behave)

  • Rather than looking for known attacks or anomalies, PILOT evaluates telemetry against a small set of domain-specific invariants — fundamental rules that must hold true if the system is operating normally.

    These invariants describe how systems work, not how attacks look. Examples include:

    • access must lead to plausible use,

    • execution must incur real resource cost,

    • physical processes must obey conservation laws.

    If these rules are violated, the system state is implausible — even if every individual signal appears normal.

    Why it matters:
    This catches stealthy, credential-based, and low-noise attacks that evade correlation and signatures.

Parallel Validation Layer (Works With Your Stack)

  • PILOT runs alongside existing security, IT, and OT tools as a non-intrusive validation layer. It does not sit in the data path, replace detection systems, or act as a new alert engine.

    Instead, PILOT treats all incoming data as signals, not ground truth, and validates whether the story those tools are telling is coherent before decisions, automation, or AI inference occur.

    Why it matters:
    Existing tools become more trustworthy, false alarms drop, and root cause analysis starts where reality first broke — not at downstream symptoms.

Use case:

IT Threat (Cyber-Digital)

  • An attacker compromises valid user credentials and accesses a sensitive media or IP asset through an approved application. The file is opened or copied, but no editing, processing, or downstream workflow follows. The asset is placed into an approved sync or sharing service and later retrieved outside the organisation via a trusted partner or cloud link.

    • Access was authorised.

    • The application used was approved.

    • Data moved through sanctioned services.

    • No signatures, policy violations, or anomalies are triggered.

    Correlation-based tools observe events but do not encode expectations about what should happen next.

  • PILOT enforces the invariant “use follows access.”

    Access to a high-value asset without a credible downstream workflow is causally implausible. The absence of expected use is itself a signal. PILOT detects the global inconsistency between access, execution, and resource usage.

  • Instead of investigating hundreds of benign access events, RCA immediately narrows to who accessed the asset, why no workflow followed, and how it exited the system.

    • Traditional tools: Never (no policy violated)

    • PILOT: Immediate (causal violation detected)

Use case:

OT Threat (Cyber-Physical)

  • An attacker manipulates sensor readings to show normal pressure and flow while physical actuators drive a process outside safe limits.

    • Sensor values remain within expected ranges.

    • Network traffic appears normal.

    • No alarms are triggered at the sensor layer.

  • PILOT enforces physical invariants such as conservation of mass and energy.
    Sensor readings that do not match actuator behaviour and downstream physical effects are causally impossible.

  • RCA immediately identifies which sensor or control loop broke physical coherence, avoiding lengthy fault isolation.

    • Traditional tools: When physical damage occurs

    • PILOT: Before physics violation causes harm

DTS is proud to be an NVIDIA Inception Program Member, and our solutions are designed around their market-leading technology stacks, including but not limited to:

  • Trusted Out-of-Band Cyber Telemetry

  • GPU-accelerated Cybersecurity Framework

  • Digital Twin & Simulation Platform

  • GPU Programming Framework

Shaping the Future of Cyber Defense

We are currently at the Proof-of-Concept stage, the final step before commercial rollout. This stage will validate Netsapien’s capability in live OT environments and unlock our initial sales pipeline.

Get Involved