Product Overview for Pilot Partners
Executive Summary Aegis SafeForge is an AI-assisted engineering platform designed for teams working on functional safety and cybersecurity in regulated engineering environments. It helps engineers generate, review, trace, and manage structured safety and security artifacts such as HARA, TARA, Safety Goals, requirements, and compliance evidence. The product combines AI automation with engineering governance, human review, source-grounded retrieval, traceability, and audit-ready workflows. The goal is not to replace engineers; the goal is to reduce repetitive documentation work, improve consistency, and help teams maintain control over complex engineering artifacts across the product lifecycle. The Problem Functional safety and cybersecurity engineering workflows are often slow, fragmented, and heavily manual. Teams manage information across Excel sheets, Word documents, PDFs, emails, internal standards, customer requirements, and legacy tools. As projects evolve, the same information must be rewritten, reviewed, linked, and updated across multiple work products. Safety and cybersecurity artifacts become disconnected. Traceability is difficult to maintain manually. Review cycles become slow and repetitive. Engineering decisions are hard to audit later. Changes in upstream artifacts may not be reflected downstream. Compliance evidence is difficult to package and explain. Generic AI tools can generate useful drafts but do not provide engineering governance. The Aegis SafeForge Approach Aegis SafeForge provides a structured workspace where AI supports engineers inside a governed artifact lifecycle. Instead of using AI as an uncontrolled chatbot, the platform integrates AI into domain-specific workflows. It uses project-scoped knowledge sources, structured schemas, review states, role-based permissions, and traceability links to keep AI outputs aligned with engineering processes. Core Product Capabilities
Supported and Target Domains
Technical Architecture Summary
AI Governance and Safety Controls AI outputs are suggestions, not final approved artifacts. Engineers remain responsible for review and approval. Project-specific source material is used for grounding. AI-generated artifacts include reasoning and citations where available. Lifecycle states distinguish AI suggestions from approved engineering records. Downstream artifacts can be marked stale when upstream artifacts change. Structured schemas constrain AI outputs. Permissions and project boundaries control access to sensitive data. Why Aegis SafeForge Is Different
Pilot and Design Partner Goals Validate whether artifact workflows match practical engineering needs. Evaluate whether AI-generated drafts are useful as first-pass engineering support. Confirm whether review and approval workflows fit real team processes. Validate traceability links and export formats. Define enterprise security, deployment, and data handling expectations. Identify which workflows provide the strongest short-term value. Example Pilot Scopes
Expected Pilot Outcomes Determine whether the platform reduces repetitive safety or cybersecurity documentation effort. Evaluate usefulness of AI-generated suggestions for first-pass artifact creation. Assess whether review workflows preserve engineering control. Validate whether traceability links are meaningful and audit-relevant. Identify required integrations, export formats, security controls, and deployment options.
Current Platform Update - July 2026
Recent implementation work extends the product scope from safety/security artifact drafting into a broader compliance-evidence workspace.
Implemented or pilot-level capabilities now include:
- Native CRA compliance-engine slice with reviewed product facts, deterministic applicability assessment, evidence expectations, lifecycle cases, and release-package readiness.
- CRA process and gap views that can compare the current process, target compliance process, coverage, missing artifacts, evidence expectations, and closure actions.
- ISO/SAE 21434-oriented cybersecurity artifact chains including assets, threats, vulnerabilities, attack paths, risks, cybersecurity goals, cybersecurity requirements, controls, claims, verification/validation evidence, incident-response plans, and vulnerability-management records.
- SBOM artifact support, including software-component records and source credibility fields, with links into vulnerability and vulnerability-management workflows.
- Partial ISA/IEC 62443 support through process-industry security profiles, security zones, conduits, and zone/conduit risk context. This should be described as partial support, not full IEC 62443 compliance coverage.
- AI Act readiness documentation and pilot package scaffolding for classification, transparency, human oversight, logging, post-release monitoring, incident handling, and AI bill-of-materials evidence.
Positioning boundary: ASF should still be described as a governed engineering and compliance-readiness platform. It should not be described as automatically certifying compliance, replacing qualified engineering review, or providing formal legal advice.