AI Execution Control · Est. 2024

AI can think whatever it wants. Nothing executes without approval.

MIG is the execution control layer between AI agents and real-world systems — industrial controllers, enterprise software, critical infrastructure. Every action validated before it runs. Fail-closed by default. No LLM in the decision loop.

Deterministic · Same input → same output · Full forensic audit trail
MIG · Decision Feed
SIMULATED FEED
PIPELINE: 8/8 CHECKS
MODE: FAIL-CLOSED
The Problem

Execution is the last unguarded boundary.

We've built guardrails around what AI can say. Almost nothing guards what AI — or anyone else on the network — can actually do.

01

Zero authentication

Modbus TCP — the protocol running much of the world's industrial equipment — dates to 1979 and has no security model. Any device on the network can command any controller.

02

Execution without validation

PLCs execute every command unconditionally. No authentication, no authorization, no content inspection. The controller can't tell an operator from an attacker — or from a confused AI agent.

03

Detection after damage

Today's security tools monitor and alert after execution. By the time the alert fires, the pump has oversped and the valve is open. Detection is not prevention.

Oldsmar, Florida (2021): a single remote command set sodium hydroxide dosing to 100x safe levels at a water treatment plant. The PLC executed it instantly. July 2025: an AI coding agent deleted a company's production database during an active code freeze. Different domains — same missing layer: nothing validated the action before it ran.

What We Build

One governance engine. Two products. One services arm.

MIG is the core. Everything else we build sits on top of it — including our own automation platform.

Core Engine

MIG

The execution control engine. Sits between any command source and any target system, validating every action before it executes.

  • 8-step validation pipeline
  • Graph-based policy matching
  • 0–100 continuous risk scoring
  • ALLOW / DENY / APPROVAL verdicts
  • Full forensic audit trail
Try the Playground
Platform

Nova Launching Soon

A governed automation platform. AI agents plan and execute real tasks — and MIG validates every single action before it runs. Safety built in, not bolted on.

  • Natural-language task automation
  • Skill library, extensible via JSON
  • MIG governance on every action
  • Fail-closed on any error
  • Complete audit log per task
Get Notified — Coming Soon
Services

Galatine Labs

Governed AI automation sprints for businesses. We build your automation on Nova, governed by MIG — the speed of AI agents without handing them the keys.

  • Scoped 2–4 week engagements
  • Policy design for your workflows
  • Audit-ready from day one
Book an Engagement
How MIG Works

Eight independent checks. Three possible verdicts.

Every command passes through the full pipeline. Every step is independent and traceable. Every decision is logged with its complete rationale.

01

PII Scan

Detect sensitive data in the payload

02

Action Classification

Infer intent: read, write, firmware, safety

03

Payload Inspection

Analyze content, sensitivity, destination

04

Policy Matching

Graph traversal with semantic embeddings

05

Mode Check

Validate against operational state

06

Zone Enforcement

IEC 62443 zone-conduit rules

07

Override Logic

Higher-risk checks supersede lower

08

Audit Trail

Full decision trace logged

FAIL-CLOSED BY DESIGN No policy match → DENY · MIG unreachable → DENY · Any pipeline error → DENY · The default is never ALLOW · No LLM in the decision loop: same input, same output, every time.

ALLOW

The command matches policy and carries acceptable risk. It's forwarded to the target system and logged.

APPROVAL

The command is legitimate but sensitive. It's held in a queue until a human operator explicitly confirms it.

DENY

The command violates policy or exceeds risk thresholds. The target system never sees it. Full rationale logged.

Validation

Tested against a real PLC. Reported honestly.

MIG was validated against a live PLC and real Modbus TCP traffic in a simulated oil-processing plant environment (LabShock). Real controller, real protocol, simulated plant — here is exactly what happened.

6
Attack scenarios tested
0
Unsafe executions reached the PLC
9500%
Setpoint deviation blocked (Oldsmar-class)
100%
Fail-closed under induced faults
Read temperature sensor register
ALLOW
risk 08
Write dosing pump setpoint to 9,500% of safe range
DENY
risk 94
Firmware update outside maintenance window
APPROVAL
risk 67
Write to safety-instrumented system register
DENY
risk 98
Agent email containing detected PII payload
APPROVAL
risk 72

These are results from our validation environment, not production deployments — and we say so, because the audit trail is the product. A 35-year OT/ICS veteran is currently setting up an independent cyber range to test MIG further. Independent results will be published here.

Positioning

Detection tools watch. MIG decides.

Claroty / DragosMicrosoft AGTMIG
ApproachMonitor after executionCheck tool permissionsValidate before execution
Content inspectionNoNoFull payload analysis
PII detectionNoNoYes
Risk scoringSeverity levelsBinary allow/deny0–100 continuous
Operator approvalNoNo3-tier decisions
OT protocol supportYes (passive)NoYes (active prevention)

Complementary, not competitive. Detection platforms like Claroty and Dragos are excellent at what they do — visibility and threat detection across OT networks. MIG adds the layer they don't: an enforcement boundary that stops the dangerous command before it executes. You want both.

The Founder

Built by someone who understands the machines.

Indrooneel Panday
Mechanical Engineer · Solo Founder
BEng Mechanical Engineering, Coventry University, UK
Patent pending: USPTO Provisional #63/821,489
Build3 Impact Accelerator
Self-taught: Python, Neo4j, Docker, FastAPI, Modbus TCP
Offensive security training: exploitation, SQLi, privesc

Most security founders come from networking. I come from the machines themselves — pump curves, turbine dynamics, valve failure modes. When I read about the Oldsmar attack, I didn't see a network breach. I saw a dosing pump that should never have accepted that command.

I built the entire MIG stack solo — engine, API, dashboard, OT connector, playground. Two years of building. Zero funding. Family-supported. Still shipping every week.

The audit trail is the product, so honesty is the operating principle. MIG's limitations are documented as openly as its capabilities.

LOOKING FOR → Co-founder (enterprise sales / cybersecurity) · Pre-seed funding · Pilot partners in manufacturing & water treatment

Watch MIG deny an attack in real time.

Private demos available for investors, pilot partners, and OT security teams. Or try the public playground right now — no signup.

neel@houseofgalatine.com