Cortex AI is an on-site intelligence platform that brings air-gapped network security and autonomous energy optimization to commercial buildings — at 1/200th the cost of enterprise solutions.
BTM systems expose operational technology directly to the internet. No air-gapped isolation exists between control networks and public-facing infrastructure. DOE CESER (2022) flags this as a critical gap.
Internet-connected Human-Machine Interfaces let attackers manipulate operator displays, masking unauthorized changes to energy systems. The April 2026 Rockwell advisory documented this exact attack vector.
Traditional air-gapped solutions cost hundreds of thousands in hardware alone, putting nuclear-grade network security out of reach for commercial and industrial facilities.
3–5 vendor protocols per site, custom controls engineering at every deployment, $14K–$28K in integration costs. No unified interface, no coordinated dispatch, no consistent security posture.
Cloud DERMS platforms create vendor lock-in with recurring SaaS fees while routing safety-critical dispatch decisions through internet-connected infrastructure.
~5 million U.S. commercial customers face demand charges representing 30–70% of electricity bills. Data centers, electrification, and EV charging are pushing peak demand higher.
Dedicated security gateway enforces unidirectional data flow (egress-only), VLAN-isolated control planes, and a DMZ accepting only pre-defined inputs. Consistent with IEC 62443-3-2 and NIST SP 800-82 Rev. 3. Zero inbound internet exposure.
Translates Modbus TCP, local REST, MQTT, and cloud APIs into a common device model across battery, solar, EV, HVAC, and monitoring systems.
Live building model — per-circuit loads, battery SOC, solar production, EV sessions, HVAC setpoints, and utility tariff structure — updated in real time.
On-site AI proposes dispatch decisions, adapts to unusual conditions, and explains every action in natural language. Replaces static if/then rules with intelligent optimization.
Deterministic safety constraints enforce battery SOC limits, inverter ratings, EV minimums, and HVAC comfort bounds. If AI is unreachable, automatic fallback to rule-based dispatch.
CompactLogix and Micro850 controllers directly accessible from the public internet. No network segmentation.
Authentication bypass in CIP protocol allowed unauthorized Studio 5000 connections to production PLCs.
Attackers downloaded operational logic and configuration data from running controllers.
SCADA/HMI screens altered to mask unauthorized changes — operators couldn't see what was happening.
Facilities experienced service disruptions with no visibility into the root cause.
Dedicated security gateway isolates all control equipment from the internet. Zero internet-routable addresses on the OT network.
Authentication bypass requires network access. With no inbound internet path, the vulnerability exists in firmware but cannot be reached remotely.
Even at the perimeter, data diodes enforce egress-only telemetry. No commands can flow inward. Studio 5000 write operations are architecturally impossible.
Only pre-defined, validated data inputs traverse the DMZ. CIP traffic from an unauthorized engineering workstation is dropped at the boundary.
Edge AI handles dispatch locally. HMI displays show verified local data. No external dependency, no attack surface.
Former U.S. Department of Energy, Morgan Stanley, GE Ventures, Head of US Low Carbon at Bechtel. Harvard Kennedy School MPA, Wharton MBA. NABCEP PV Associate.
Licensed Professional Engineer & Master Electrician. 10+ years at LA Department of Water and Power. Developer of the Cortex AI platform. Wharton MBA, BS Civil Engineering.
Virtual Power Plant and distributed energy specialist. ~$2B prior real estate transaction experience. Wharton MBA, dual BS EECS & Finance from MIT.