The December 2025 joint guidance from CISA, the ASD's ACSC, and international partners is explicit: humans remain responsible for functional safety, and AI in operational technology needs enforced human-in-the-loop decision points and clearly documented failure states. Containment.AI is built to enforce that boundary deterministically — pre-execution, no model in the decision path, fail-closed, with a revert-to-safe posture. (Pre-ATO; no production deployments yet.)
Source: CISA & partners, Principles for the Secure Integration of Artificial Intelligence in Operational Technology (December 2025).
IT-and-cloud AI frameworks were not written for deterministic control networks governed by safety standards. The CISA/ACSC guidance calls for oversight mechanisms, human-in-the-loop decision points, and documented failure states — exactly the place a probabilistic model in the control path is the wrong tool.
Necessary. Not sufficient. A framework doesn't intercept a control action.
The decision core has no model in it — it is deterministic by construction.
When an AI assistant proposes a setpoint change that would push a process outside its safe operating bounds, a governance framework on the shelf doesn't stop it.
A deterministic gate is built to deny it and hold safe — before it reaches the controller.
The CISA/ACSC guidance frames AI in OT as fundamentally different from AI in IT: the risk is unsafe control logic and unmonitored autonomous decisions. Containment.AI's enforcement is deterministic and pre-execution — an action that violates the policy or the safe operating envelope is denied (fail-closed) and the system reverts to its deterministic, safe state, with the decision logged tamper-evidently. The model advises; it never decides the control action.
Two adoptable tiers today, plus a flagship gateway for cross-domain and air-gap-capable environments — all one governance discipline.
Chrome extension that inspects employee prompts to ChatGPT, Claude, Gemini, and other web AI services in real time — keeping sensitive operational and BCSI data from leaving the endpoint.
Deterministic guardrails that authorize AI-originated actions before execution — pre-execution evaluation against your policy and safe operating bounds, no probabilistic fallbacks, fail-closed, revert-to-safe.
An AI cross-domain solution designed against NSA cross-domain standards (not NSA-certified). One-way data diodes, protocol breaks, and a parsing path designed for formal verification (in progress, not yet attested) — an edge-ready, air-gap-capable architecture for IT/OT boundaries and isolated control networks.
Containment.AI is pre-ATO and has no production deployments yet. We do not claim FedRAMP authorization, FIPS validation, or that we are presently certified to any control standard — those are roadmap items. Governance frameworks operate at the documentation layer; we operate at the runtime enforcement layer. The two are complementary, and the CISA/ACSC guidance calls for both.
Our underlying cross-domain technology is designed against NSA cross-domain standards, and we are building the parsing path toward formal verification (verification in progress, not yet attested). Our compliance roadmap — SOC 2 Type II, ISO 27001, FedRAMP — is detailed on our compliance page. Containment.AI is also aligned with AARM v1.0 — the Cloud Security Alliance runtime-governance specification for autonomous AI agents (attestation forthcoming).
A 30-minute briefing. We'll walk through how deterministic, pre-execution enforcement and a revert-to-safe posture map to the CISA/ACSC OT principles — and how the gateway fits at IT/OT boundaries and isolated control networks.
We are onboarding a small number of industrial and critical-infrastructure design partners. See the design-partner tier for details.
Or email enterprise@containment.ai directly.