Cyberattacks on industrial systems don't steal data. They destroy equipment, contaminate water supplies, and shut down power grids. Every OT security platform on the market monitors network traffic — but none of them can answer the question that matters:
OT Shield answers that question in under 50 milliseconds.
Live Demo • Product • Demo Videos • Why This Matters • How It Works • Market • Investment
The OT/ICS cybersecurity market is $18 billion today and growing to $35 billion by 2029. Billions of dollars flow into platforms that monitor network packets — and every single one of them has the same blind spot:
They see the command. They don't understand the physics.
When an attacker sends SET pump_speed = 4200 RPM to a centrifugal pump rated at 3,550 RPM:
| Platform | Response |
|---|---|
| Claroty | "Anomalous Modbus write detected" |
| Nozomi Networks | "Unusual traffic pattern flagged" |
| Dragos | "Suspicious OT command observed" |
| OT Shield | "CRITICAL: Bearing failure in < 5 minutes. API 610 Section 6.12.1 violation. Flowserve Mark 3 duplex angular contact bearings (7312B) will experience oil film breakdown at sustained overspeed. BLOCK THIS COMMAND." |
The difference is the difference between a log entry and saving a $2M piece of equipment.
OT Shield evaluating live OT commands against equipment physics limits. Watch as a multi-device attack unfolds: individually normal commands combine to create a deadly pump deadhead condition — detected and blocked in real-time.
Full attack kill chain: attacker compromises an engineering workstation, pivots to a PLC, and orchestrates a coordinated valve-closing + pump-ramping attack. Each command looks normal in isolation. OT Shield's cross-device physics engine catches the lethal combination and blocks the attack before equipment damage occurs.
Video files:
assets/videos/Generated programmatically from real equipment specifications — the same data OT Shield uses in production.
%%{init: {'theme': 'dark', 'themeVariables': {'fontSize': '18px', 'fontFamily': 'monospace'}}}%%
flowchart TD
IN(["OT Command\nModbus · OPC UA"]):::input
subgraph ENGINE[" OT Shield Engine "]
direction TD
EL["Equipment Library\nAPI 610 · NEMA MG1 · ASME BPVC · TEMA · ISA 75.01"]:::det
ML["ML Envelopes\nSWaT dataset · Gaussian/KDE · CUSUM drift"]:::det
CV["CVE Pipeline\nCPE → ECLASS → Attack → Simulation"]:::det
PE(["Physics Evaluation\nSpec limits · Cross-device detection · Time-to-damage"]):::eval
AG["Agentic Investigation\nThreat Intel · Physics Sim · Equipment Expert (RAG + LanceDB)"]:::ai
end
OUT(["Risk Assessment\n< 50ms total"]):::output
IN --> EL & ML & CV
EL & ML & CV --> PE
PE -- "deterministic · < 10ms" --> OUT
PE -- "ambiguous / novel" --> AG
AG --> OUT
classDef input fill:#0d2a2a,stroke:#32c8b4,stroke-width:2px,color:#f5f5f7
classDef det fill:#0d0d12,stroke:#32c8b430,color:#86868b
classDef eval fill:#0d1a2a,stroke:#4e9cf8,stroke-width:2px,color:#f5f5f7
classDef ai fill:#130d1f,stroke:#8857e5,color:#86868b
classDef output fill:#2a0d0d,stroke:#f85049,stroke-width:2px,color:#f5f5f7
Key design principle: Deterministic first, AI fallback. The physics engine runs without any LLM dependency — pure spec-based evaluation at < 10ms. AI agents activate only for ambiguous cases, novel attacks, or when operators need natural-language investigation reports. No single point of failure.
| Capability | OT Shield | Everyone Else |
|---|---|---|
| Real equipment specs | API 610, NEMA MG1, ASME BPVC, TEMA — actual manufacturer datasheets | Heuristics and statistical baselines |
| Cross-device physics | Detects pump deadhead, thermal shock, VFD overflux — attacks invisible to single-device monitors | Single-device anomaly detection |
| Time-to-damage | "Bearing failure in < 5 minutes" | "Alert: anomaly detected" |
| CVE-to-physics mapping | Maps CVEs to specific equipment damage scenarios | CVE severity scores (no equipment context) |
| Standards-native data | ECLASS, OPC UA, NAMUR NE 107, IEC 62443, ISO 14224 | Proprietary schemas |
| Deterministic + AI | Works without LLM, works better with it | Either rules-only or AI-only |
$18B global OT/ICS cybersecurity market (2024) growing to $35B by 2029 (CAGR ~14%)
Go-to-market: OEM API for existing OT security vendors. Not a competitor to Claroty, Nozomi, or Dragos — the physics layer they don't have. Per-evaluation pricing, 80%+ gross margins.
Target customers: OT security platform vendors who need physics-aware command evaluation to differentiate against increasingly commoditized network monitoring.
sentry/
├── ot-shield/ # Core product
│ ├── equipment/ # Equipment model library (5 types, 2 manufacturers)
│ ├── engine/ # Physics evaluation engine + cross-device detection
│ ├── learning/ # ML-learned operating envelopes (SWaT dataset)
│ ├── agent/ # Multi-agent LLM investigation (LangGraph)
│ ├── cve/ # CVE processing & hybrid retrieval (LanceDB)
│ ├── api/ # FastAPI REST interface
│ ├── tests/ # 60+ test scenarios, TDD methodology
│ └── specs/ # 5-phase implementation specifications
├── investor/ # Investment materials
│ ├── one_pager.md # Investor one-pager
│ ├── source_of_truth.md # Full investor brief
│ └── technical_writeup_for_resume.md
├── assets/ # Demo videos & generation scripts
│ └── videos/ # MP4 product demonstrations
└── docs/ # Architecture documentation
See the full product README for technical deep-dive, code examples, and architecture details.
cd ot-shield
# Install
pip install -e ".[all]"
# Run tests (60+ scenarios)
pytest tests/ -v
# Start API server
uvicorn api.server:app --reloadOT security platforms see the network. OT Shield understands the physics.
Because when a $2M pump is about to fail, "anomaly detected" isn't good enough.

