← Back
Cybersecurity defense
Jean for Defense · BETHANY

The attack doesn't wait.
Neither should your defense.

Most AI security is passive — detect, alert, log. BETHANY is the first deterministic AI security architecture with zero false positives that enables autonomous response. Because you can't automate a system that's wrong 5% of the time.

Under active development · DLA SBIR Phase I submitted June 24, 2026
The problem with current AI security

Probabilistic AI cannot defend deterministic infrastructure.

The commercial generation of AI-assisted security tools shares three failure modes that make them unsuitable for regulated or OT deployment:

Probabilistic false positives. Cloud-based ML models routinely produce false alarms. In OT environments where downtime cascades into operational failure — fuel distribution, warehouse automation, logistics infrastructure — false-positive-driven automatic response is unacceptable.

Cloud dependency. Most commercial AI security agents require cloud connectivity for model inference. This is incompatible with air-gapped OT segments, classified networks, and any environment where data sovereignty is non-negotiable.

Black-box decisioning. Probabilistic LLM-based detection cannot be audited at per-decision granularity. For environments where every authorization decision must be defensible to oversight — OIG, GAO, DoD — black-box detection is a compliance liability.

"The unsolved problem: an AI-assisted security system that is deterministic, air-gappable, auditable per-decision, and precise enough to enable autonomous response."

5%+
False positive rate for leading commercial ML security tools — operationally unacceptable for autonomous OT response
Cloud
Required for inference by most commercial AI security agents — incompatible with air-gapped and classified network segments
0
Existing commercial tools with per-decision mathematical audit trail — the DoD compliance requirement nobody has solved
BETHANY vs. the field

This is a different category of product.

Not a better version of what exists. A different architecture entirely — deterministic where others are probabilistic, local where others are cloud-dependent, auditable where others are black boxes.

Property Commercial AI Security
(CrowdStrike, SentinelOne, Darktrace)
BETHANY
Detection type Probabilistic ML — can't be audited per-decision Deterministic mathematical cascade — every decision attributable to specific layers, parameters, and threshold values
False positives 5%+ industry baseline — operationally disruptive in OT contexts 0.0% across 1,700+ assessments — the precondition for autonomous response
Cloud dependency Required for inference, signature updates, telemetry aggregation Zero cloud dependency — fully air-gappable on commodity hardware
Audit trail Log-level event records — no per-decision parameter attribution Per-layer, per-parameter SQLite audit trail — every block decision fully attributable and locally stored
Learning model Periodic model retraining — cloud-dependent, delayed Jean learns continuously — every encounter hardens detection for the next one, with no retraining, no cloud update cycle, and no external dependency
OT deployment Limited — cloud dependency and FP rate incompatible with OT operational tolerance Designed for OT — sub-2ms p50 latency, air-gappable, protocol parsers for Modbus, DNP3, OPC UA, BACnet
From passive to active defense

Zero false positives isn't a metric.
It's what makes autonomous response possible.

The reason AI security has remained passive — detect and alert, never autonomously respond — is that no system has been precise enough to trust with automatic action. BETHANY changes that equation.

Where the industry is today

Passive defense

Detect anomalies. Generate alerts. Route to human analyst. The analyst decides. The attacker moves faster than the workflow.

  • Detect — probabilistic ML flags potential threat
  • Alert — event logged, analyst notified
  • Wait — human reviews, decides, acts
  • Respond — minutes to hours after detection
Where BETHANY is going

Active defense

Deterministic detection enables autonomous response. Zero false positives means you can trust the system to act — because it has never acted when it shouldn't have.

  • Detect — deterministic cascade fires at sub-2ms
  • Attribute — per-layer audit trail written locally
  • Respond — autonomous action within the response window
  • Learn — Jean hardens detection for every future encounter automatically
Coming next — Jean learns social engineering

Network-layer defense can't see what Jean can.

A credentialed insider being walked into an exfiltration sequence. An external attacker conducting reconnaissance through authorized interaction channels. These attacks don't cross the network perimeter — they walk through it with a badge.

Jean is being extended to detect social engineering at the interaction level — before it becomes a network event. Jean observes behavioral signals in real time, distinguishes adversarial probing from legitimate queries, and hardens its recognition with every encounter. Early validation: 60% per-turn social engineering detection from a 0% baseline, at sub-millisecond latency. This is Phase II scope — named here because the threat is real now.

The attack that bypasses your firewall starts with a conversation.
The receipts

Five validation runs. All results published.

We don't report the runs that went well and ignore the ones that didn't. Every run is documented — block rates, false positive rates, latency, and honest boundary conditions named explicitly.

Five SIL validation runs — May 2–20, 2026

Run Requests Block Rate False Positives Latency p50
Stress 1 510 65.0% 0 (0.0%) 92ms
Stress 2 510 64.6% 0 (0.0%) 130ms
Stress 3 510 63.3% 0 (0.0%) 149ms
SIL 4 (APT) 178 92.3% APT-class 0 (0.0%) ~2ms
SIL 5 (SE Layer) 32 60% SE/turn 1/17 (5.9%)* ~1ms

*Run 5 tests Jean's social engineering detection layer (Phase II scope) — not included in Runs 1–4 zero-FP baseline

View full methodology →
92.3%
APT-class block rate — APT28, APT29, FIN7 patterns — SIL Run 4
0.0%
False positive rate across Runs 1–4 — 1,700+ assessments
<2ms
p50 latency on commodity hardware — ample headroom for OT real-time constraints
18
Cascade layers — each decision fully attributable, per-layer, per-parameter

Two DLA SBIR Phase I proposals submitted June 24, 2026. NV005 — BETHANY adapted for OT and IT/cloud network and endpoint defense. NV006 — CARVER-RMF: AI-assisted Risk Management Framework pre-adjudication, compressing ATO timelines from months to hours. One engine. Two federal bets. Contact Barry Humphrey, Ph.D. at DLA for topic verification.

Full briefing →
How BETHANY works

Deterministic. Auditable. Per-decision.

The cascade reads structural threat parameters, applies domain-invariant mathematical detection, and emits auditable per-layer decisions — on your hardware, with nothing leaving the device.

01

Traffic enters the cascade

Network packets, endpoint events, or conversational traffic — BETHANY's substrate-agnostic architecture reads structural threat parameters from any input class. The cascade logic doesn't change substrate to substrate. Only the traffic adapter changes.

02

18 layers fire deterministically

Each layer evaluates specific threat parameters against calibrated mathematical thresholds. Every layer firing, every parameter value, every decision is written to a local SQLite audit trail. Nothing is probabilistic. Nothing leaves the device.

03

Jean learns from every encounter

Every threat Jean encounters hardens its recognition for future encounters — automatically, locally, without retraining or cloud dependency. The more Jean operates, the better it gets. All of that learning stays on your hardware.

Who this is for

Built for environments where failure isn't an option.

CISOs & Security Teams

Auditable at every decision

Every block decision is attributable to specific cascade layers and parameter values. When the board asks why something was blocked, the answer is a printout, not a probability score.

Defense Contractors

CMMC-ready architecture

Zero external transmission, local SQLite audit trail, air-gappable on commodity hardware. BETHANY's privacy architecture was designed for environments where data sovereignty is non-negotiable.

Federal Program Managers

OT and IT/cloud — one system

The same cascade architecture covers IT enterprise, hybrid cloud, and OT networks. One codebase, one audit pattern, one deployment team — across DLA's full network spectrum.

Investors

$500M+ DoD addressable market

DLA, Army Materiel Command, Navy/Air Force logistics components, and defense industrial base contractors. The same Rust binary deploys across DoD, civilian federal, and commercial critical infrastructure.

Start a conversation

This product is under active development.
The right partners are welcome now.

We're not taking purchase orders. We're talking to the organizations and investors who understand what deterministic, air-gappable AI defense means — and want to be part of building it.

Write to us directly

Tell us your environment, your current stack, and what problem you're trying to solve. We respond personally — no sales process, no auto-responder. If there's a fit, we'll know quickly.

Write to us →

contactus@myasolutions.org · we respond to every serious inquiry personally

Evaluating the defense vertical as an investment opportunity? The full BETHANY methodology, five-run validation data, and architecture briefing are on the investor page.

Investor briefing →