roboblackbox.
contact@roboblackbox.com
Runtime data recorder · ROS 2 / DDS · Passive · Tamper-evident

Roboblackbox

When an AI robot injures someone, the manufacturer controls the logs — we're the flight data recorder they can't rewrite.

Independent evidence for underwriting, claims, and subrogation.

Talk to us See a recorded run
0.20 m safety policy = tracked person (point marker) base collaborative robot arm (illustrative) 0.31 m
recording · seq 0071 · chain intact
Illustrative animation. In our recorded proof-of-concept run, the derived minimum was 9.97 cm against this 0.20 m policy (seq 76).
The runtime evidence gap

When an AI robot injures someone, who saw it happen?

The manufacturer controls the logs

Every existing record of a robot incident is produced, held, and formatted by the party that built the machine — the party with the most to lose.

AI updates drift behaviour silently

Over-the-air model updates can change how a robot moves after its safety certification. The robot won't flag it, and no external record exists that it happened.

The market has responded

January 2026 generative-AI exclusions (Verisk ISO CG 40 47) pull AI injuries out of standard policies. The specialty market is inheriting a risk it cannot price.

What Roboblackbox is

A passive recorder. Never in the control path.

Roboblackbox is a read-only listener at the ROS 2 / DDS middleware layer. It records every command and sensor state observed on the bus, hash-chains each record at receipt, and independently derives safety findings from the recorded data — after the fact. No modification to the robot. Nothing written to any actuator. Deploying it cannot cause an incident, by design.

Independent derivation

Findings the robot never computed, derived from raw recorded data — and re-derivable by any third party from the record alone.

Passive non-interference

Architecturally incapable of influencing what it observes. The record can't be dismissed as having touched the incident.

Tamper-evident proof

Every record is hash-chained at receipt. Alter one byte and verification fails — the tampering becomes the evidence.

One recorded run — from our proof of concept

Robot says no fault. The record says otherwise.

policy: operator_separation_v1 · threshold: 0.20 m — declared by the operator, configurable per site
The robot's own log
No fault.
Produced no evidence anything happened.
Roboblackbox — derived from the sealed record
9.97 cm — violation
Closest approach to a person, against the operator's 0.20 m policy. Derived post-hoc at seq 76. Re-derivable by any verifier.
$ verify_chain observation.chain
→ altered one byte in entry 76 …
CHAIN_INVALID at seq 76 — record rejected, tampering proven

No contact. No injury. No witness. The robot produced no evidence this happened — the sealed record did. That is the difference between an allegation and evidence.

Three outputs, mapped to insurance workflows

Evidence in the formats the market uses

For claims handlers & counsel

Incident Report

On demand: an independent, tamper-evident record of the hours before an incident — which AI model version was running, and whether the robot stayed within its envelope.

For underwriters

Fleet Safety Scorecard

Weekly and retrospective — the loss-run equivalent for robot behaviour. Proximity violations, envelope exceedances, drift since commissioning. Derived from the sealed chain, not self-reported by the robot.

For subrogation

Model-Update Dossier

Per AI model deployment: what changed, and whether it pushed the robot outside its envelope — tying behavioural change to the model version that introduced it.

One record, two moments

The same record works before and after

Before the incident

The risk becomes priceable

This risk class has been priced on exposure, not behaviour — because behavioural data didn't exist. What the record yields becomes the pricing tool: raw data never leaves the site; derived scorecards and dossiers do.

After the incident

Claims answered, recovery enabled

Courts trust records created before a dispute begins. By the time a claim lands, the record is already sealed — and the dossiers collected before the incident become the recovery case.

The risk doesn't change — how you see it does.

Who we are

Security infrastructure engineers

Two security infrastructure engineers

Founders — full-time

Eleven combined years at Microsoft Defender and Meta: runtime security engineering, device control, update & install infrastructure, performance/reliability, and AI infrastructure. A career spent recording adversary-grade events on machines we didn't control — the founding DNA an evidence company needs.

Working end-to-end proof of concept complete; validating the evidence standard with insurers and operators now.