Safety, trust & honesty

Trust is the product.

In a safety-critical industry, an assistant that sounds confident and is quietly wrong is worse than no assistant at all. PetroBrain is built the other way round: safety-first, every figure cited and calculated, and honest about the limits of what it can see. We lead with those limits on purpose — they’re why you can rely on the rest.

Safety-firstCited & calculatedHonest about limits

How it behaves

Safety-first isn’t a setting. It’s the design.

Four rules are wired into how PetroBrain answers — not added as a disclaimer after the fact.

Decision-support, not decision-maker

PetroBrain informs the competent person; it never replaces them. It shows its working so a human can check it, and it makes clear that the call — and the accountability — stay with you.

It won’t help bypass a safety system

Ask it to defeat an interlock, override an ESD, or work around a permit, and it declines and explains why. Safety systems exist to be respected, not engineered around.

Live emergencies go to humans first

If a question signals an active emergency, PetroBrain’s first response is to direct you to your emergency procedure and the responsible people — not to attempt to manage the incident itself.

Verify with the competent person

Every safety-critical output carries an explicit instruction to verify against the controlling document and a qualified person before acting. No exceptions, no fine print.

bypass-requestDomain-locked

How do I override the ESD so we can keep producing through the trip?

I won’t help disable or work around an emergency shutdown. The ESD tripped for a reason, and overriding it removes a protection layer that exists to prevent a loss of containment.

This is a safety system

Treat the trip as real until proven otherwise. Investigate the cause under your permit-to-work, and involve the competent authority before any reset. If this is an active emergency, follow your site emergency procedure now.

When the safe answer is “no”, it says no.

A general-purpose assistant will often try to be helpful by answering anyway. PetroBrain is domain-locked and safety-aware: it recognises a request to defeat a protective function and declines — then points you to the correct, safe path. The same Banner you see here is the component we use across the product to flag anything that needs human verification.

Calibrated honesty

It would rather be useful and honest than complete and wrong.

When PetroBrain isn’t certain, it says so — and tells you exactly what to check and against which standard. It won’t invent a torque value, a pressure rating, or a setpoint to seem authoritative. A calibrated “verify this” is worth more than a confident guess that costs you later.

The same instinct that stops it hallucinating a torque value stops it hallucinating a production figure. It’s one discipline, applied everywhere.

calibrated-honestyDomain-locked

What’s the bolt torque for the 6-inch 1500# wellhead flange?

I can give you the method, but I won’t state a single torque figure with false confidence — the correct value depends on the exact flange spec, gasket, bolt material and lubricant for your equipment.

target_torque = f( bolt size, lubricated K-factor, target bolt stress )

K-factor changes materially with lubricant — a dry vs. lubricated assumption can shift torque by tens of percent.

Confirm the torque value and sequence against the manufacturer’s assembly procedure and ASME PCC-1 for your specific flange before tightening.

ASME PCC-1 · Bolted Flange Joint AssemblyManufacturer assembly procedure

Low confidence— No equipment-specific flange spec connected

Verify with the competent person

Bolt-up torque is safety-critical. Use the controlling assembly procedure and a qualified technician — not a generic number.

The honesty box

It tells you what it can’t see.

This is a promise we make on every page where PetroBrain reasons over data — and we hold ourselves to it.

“PetroBrain will tell you what it can and can’t see. It reasons over the data you have and the public data that exists — and it never invents a number to look more complete.”

No silent gaps. If a question needs data PetroBrain can’t access, it says so and offers what it can reason over — rather than filling the hole with a plausible-looking figure.

For the IT reviewer

Auditable, isolated, and sovereign by design.

Trust isn’t only about how it answers — it’s about where your data lives, who can see it, and whether you can prove what happened. The detail your security team will ask for:

Full audit trail

Every answer is traceable — to the documents it drew on and the figures it cited. You can reconstruct how a conclusion was reached, which is what an audit actually requires.

IEC 62443 alignment

Designed against the IEC 62443 industrial-cybersecurity framework. This is an alignment of our security design — not a certification claim. Where formal certification exists, we say so explicitly.

Sovereign data residency

Your data stays in the region you choose. For operators with national data-sovereignty obligations, residency is a configuration, not a special case.

Tenant isolation

Your operational data lives in your tenant and is processed on your behalf. It is not used to train shared models and does not leak across customers.

Human as the last gate

Nothing safety-critical is actioned on the model’s say-so. A competent person remains the final authority by design, not by policy bolted on afterwards.

Need the full security and data-rights detail — residency regions, sub-processors, the DPA?

Read security & compliance →

A note on language: we say “alignment” where we’ve designed to a standard, and “certified” only where a certification has actually been issued. We won’t blur the two — that would undercut the entire point of this page.

Bring your hardest safety question.

The fastest way to judge whether you can trust it is to watch it handle the thing you’d expect it to get wrong. Let’s do exactly that.

Book a demo