Kynara/Manufacturing
🏭 Manufacturing

Govern industrial AI agents before they touch production

Kynara enforces policy-based access control for AI agents operating on the factory floor, supply chain systems, and industrial IoT — requiring human approval before any action that could halt a production line or affect product quality.

Book a demo Try the policy sandbox
ISO 9001 audit trail IEC 62443 (OT/ICS security) Change management gates Geo-restricted plant access Maintenance window enforcement
The risk

Industrial AI agents with unchecked authority

Without Kynara
  • AI agent adjusts production parameters without engineer sign-off — line stops
  • Supply chain agent reroutes a critical shipment based on stale sensor data
  • Maintenance agent sends commands to live equipment outside the change window
  • No record of which AI system changed which PLC setting before the quality failure
  • OT network agent accessed from an IP outside the plant network
With Kynara
  • Production parameter changes require shift supervisor approval with ticket number
  • Supply chain rerouting gated by confidence threshold and human approval
  • Maintenance agents blocked outside defined change windows by time policy
  • Every PLC command logged in hash-chained audit trail with agent identity
  • OT access restricted to plant IP ranges by ABAC condition
Use cases

Common manufacturing AI agent scenarios

⚙️
Production line control
Gate any PLC or SCADA write command behind engineer approval. Allow monitoring reads freely. Block all changes outside the defined maintenance window.
🔍
Quality control AI
Allow QC agents to flag defects and read sensor data. Require human sign-off before triggering a line halt or escalating a batch rejection to the ERP.
🚚
Supply chain automation
Allow agents to read inventory and logistics data freely. Require approval before rerouting shipments above a value threshold or modifying supplier contracts.
🔧
Predictive maintenance
AI agents can read sensor telemetry and schedule maintenance tickets. Actual equipment commands require a maintenance window condition and technician approval.
🌍
Multi-site geo-fencing
Restrict agents to their assigned plant or region. An agent configured for Plant A cannot issue commands to Plant B equipment — enforced by IP and facility conditions.
📦
ERP & MES integration
Control which agents can create work orders, modify BOMs, or update production schedules. Each action class gets its own risk level and approval threshold.
Policy example

Change management in a policy

// Allow reads always
{ "display_name": "Allow sensor reads",
  "effect": "allow", "priority": 100,
  "actions": ["plc.read", "scada.read", "sensor.read"],
  "condition": {} }

// Block writes outside maintenance window (Sat/Sun 00:00-06:00)
{ "display_name": "Block production writes outside change window",
  "effect": "deny", "priority": 200,
  "actions": ["plc.write", "scada.write", "line.configure"],
  "condition": {
    "op": "not",
    "args": [{ "op": "time_between",
               "args": ["ctx.context.time", "00:00", "06:00"] }]
  }}

// Require engineer approval for writes inside window
{ "display_name": "Require approval for production writes",
  "effect": "require_approval", "priority": 300,
  "actions": ["plc.write", "scada.write", "line.configure"],
  "condition": {} }
Compliance

Manufacturing standards requirement mapping

Standard / RequirementKynara FeatureStatus
ISO 9001 — Record of changes to production processesHash-chained audit log of every agent action with actor and contextBuilt-in
IEC 62443 — Access control for OT/ICS systemsRBAC + ABAC with IP-range and facility conditionsBuilt-in
Change management — human approval for critical changesrequire_approval as first-class policy outcomeBuilt-in
Maintenance window enforcementtime_between condition operatorBuilt-in
Incident investigation — full action historyAudit log with event replay and CSV exportBuilt-in
Anomaly detection — agent behavioral driftZ-score deny-rate alerting, auto-revocationBuilt-in
🏭 Manufacturing

Ready to govern your industrial AI agents?

Free plan to get started. Enterprise plans include dedicated deployment and custom SLA.

Book a demo Try the policy sandbox