When an AI robot injures someone, the manufacturer controls the logs — we're the flight data recorder they can't rewrite.
Independent evidence for underwriting, claims, and subrogation.
Talk to us See a recorded runEvery existing record of a robot incident is produced, held, and formatted by the party that built the machine — the party with the most to lose.
Over-the-air model updates can change how a robot moves after its safety certification. The robot won't flag it, and no external record exists that it happened.
January 2026 generative-AI exclusions (Verisk ISO CG 40 47) pull AI injuries out of standard policies. The specialty market is inheriting a risk it cannot price.
Roboblackbox is a read-only listener at the ROS 2 / DDS middleware layer. It records every command and sensor state observed on the bus, hash-chains each record at receipt, and independently derives safety findings from the recorded data — after the fact. No modification to the robot. Nothing written to any actuator. Deploying it cannot cause an incident, by design.
Findings the robot never computed, derived from raw recorded data — and re-derivable by any third party from the record alone.
Architecturally incapable of influencing what it observes. The record can't be dismissed as having touched the incident.
Every record is hash-chained at receipt. Alter one byte and verification fails — the tampering becomes the evidence.
No contact. No injury. No witness. The robot produced no evidence this happened — the sealed record did. That is the difference between an allegation and evidence.
On demand: an independent, tamper-evident record of the hours before an incident — which AI model version was running, and whether the robot stayed within its envelope.
Weekly and retrospective — the loss-run equivalent for robot behaviour. Proximity violations, envelope exceedances, drift since commissioning. Derived from the sealed chain, not self-reported by the robot.
Per AI model deployment: what changed, and whether it pushed the robot outside its envelope — tying behavioural change to the model version that introduced it.
This risk class has been priced on exposure, not behaviour — because behavioural data didn't exist. What the record yields becomes the pricing tool: raw data never leaves the site; derived scorecards and dossiers do.
Courts trust records created before a dispute begins. By the time a claim lands, the record is already sealed — and the dossiers collected before the incident become the recovery case.
The risk doesn't change — how you see it does.
Eleven combined years at Microsoft Defender and Meta: runtime security engineering, device control, update & install infrastructure, performance/reliability, and AI infrastructure. A career spent recording adversary-grade events on machines we didn't control — the founding DNA an evidence company needs.
Working end-to-end proof of concept complete; validating the evidence standard with insurers and operators now.